HomeRegional GeopoliticsIndia has become a major source of cybersecurity threats in China: Security...

India has become a major source of cybersecurity threats in China: Security Expert

Source : South China Morning Post (SCMP)

India has become a major source of cybersecurity threats in China: Security Expert

Beijing: A series of cyberattacks originating from India have been highlighted in recent reports by Chinese cybersecurity firms, with the attacks targeting China and Pakistan, among others.

So far, the foreign ministries of China and India have not issued any responses.

One cyberattack on the Chinese military, which was intercepted by a cybersecurity organisation in China in December, was believed to be orchestrated by a group of hackers from India. The attack bore striking similarities to previous ones in terms of targets and methodologies, suggesting the involvement of the same group.

This group, identified as an advanced persistent threat (APT) and active since at least November 2013, was first discovered and named “Bitter” by American security firm Forcepoint and “Manlinghua” by Chinese company Qihoo 360 in 2016.

Over that time, the increasing exposure of Bitter’s activities has shed light on its political motives, as it primarily targets Pakistan and China, and focuses on government agencies, military and nuclear sectors.

d4c560de d1cc 4035 97b3 772fe3ad102f 0a6bbca1
Codes of one of Bitter’s Trojan Horse programs that steals host name and computer name. Photo: Tencent

Cybersecurity analysts suspect the group’s origins trace back to India, potentially with state support, based on IP address locations and linguistic patterns observed in the attacks. Moreover, Bitter is believed to be connected with several other groups that are suspected to be Indian, including Patchwork, SideWinder and Donot, among others.

“Contrary to popular belief that China’s cyber threats mainly come from the United States, professionals in the field point out that a significant number of attacks originate from South Asian countries,” said a Beijing-based security expert involved in the investigation of the attacks, who requested not to be named due to the sensitivity of the issue.

China and India, the world’s two most populous nations, have a complex relationship. It is marked by border disputes and ongoing conflicts on the one hand, but also rising bilateral trade on the other.

Amid the cyber offensives, China’s foreign ministry has consistently refrained from public condemnation.

Similarly, the foreign ministry in India has not commented, though Indian media has occasionally criticised Chinese cyber intrusions, such as a December 2022 report by Outlook India alleging Chinese hackers targeted Indian medical research institutes and power grid infrastructure.

Bitter employs two primary attack strategies: spear phishing and watering hole attacks.

Spear phishing involves sending targeted individuals bait documents or links via email, which, when opened, deploy Trojans to download malicious modules, steal data and allow further instructions from the attackers.

Watering hole attacks compromise legitimate websites to host malicious files or create fake websites to trap victims, usually centred on content of interest to the target person, such as shared forum software tools.

“Despite not being the most sophisticated in technique, Bitter’s customised and varied approaches to different targets have proven effective. Just like telecommunications fraud, although many methods are simple, people are still fooled every year,” said the anonymous expert.

Bitter’s operations, primarily focused on intelligence gathering, may not appear destructive on the surface, but can lead to significant information breaches with immeasurable consequences.

According to disclosures by cybersecurity firms including Anheng, QiAnXin, Intezer, and Secuinfra, there were seven attacks in 2022 and eight in 2023 closely linked to Bitter, targeting Pakistan, Bangladesh, Mongolia and China.

These attacks varied from impersonating the Kyrgyzstan embassy to sending emails to the Chinese nuclear industry. Hackers also posed as military contractors offering anti-drone systems to the Bangladeshi Air Force and even exploited compromised email accounts to spread malicious files under the guise of New Year greetings.

“Given the broad net these attacks cast, it’s likely that such incidents are continually occurring in the background,” the expert said.

“When assessing the impact of cyberattacks, the focus is on the targets and consequences. Sometimes, sensitive industry victims cannot disclose breaches, and at other times, only traces of hackers’ activities are detected without direct losses,” he added.

“The actual harm caused by Bitter is difficult to quantify with the reported incidents. In most cases they cause little harm, but under certain circumstances, the incident represents just the tip of the iceberg of potential risks.”



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Aatmanirbhar Bharat


HAL, NAL sign tech transfer pact for Tejas engine day door production

Bengaluru: Defence PSU Hindustan Aeronautics Ltd (HAL) said on Monday it has signed a Transfer of Technology agreement with National Aerospace Laboratories for the...

Military spending: India fourth-largest military spender, overall global spending accelerates: SIPRI report

India was the fourth largest military spender globally in 2023, a leading conflict think-tank said on Monday. At $83.6 billion, the country’s military expenditure...

AMCA 5th Generation Stealth Fighter Updates

AMCA to be integrated with sophisticated indigenous Distributed Aperture System (DAS) that making it a formidable air asset for the Indian Air Force

Source : IgMp Bureau India’s Advanced Medium Combat Aircraft (AMCA) is on the brink of a revolutionary transformation with the integration of a sophisticated Distributed...

AMCA to incorporate the best features of both 5th and 6th Generation fighters: ADA sources

Source : IgMp Bureau India's strides toward indigenous air dominance receive a substantial boost with the green signal for the Advanced Medium Combat Aircraft (AMCA)...

Most Popular

Recent Comments

Archive Months


Finance Minister Nirmala Sitharaman holds back-to-back bilaterals on sidelines of IMF-World Bank meetings

Source : Asian News International (ANI)Finance Minister Nirmala Sitharaman holds back-to-back bilaterals with heads of top economic bodiesWashington: On the sidelines of the International Monetary...

Israel Hamas ceasefire: Israel and Hamas indicate no deal is imminent after Biden signals Gaza cease-fire could be close

Israel and Hamas on Tuesday played down chances of an imminent breakthrough in talks for a cease-fire in Gaza, after U.S. President Joe Biden...

Defence startup’s nano drones shows potential in counter-terror operations

Indian defence start-up IDR has developed three variants of nano drones, including a ‘Kamikaze’ UAV, which can be used in anti-insurgency and counter-terrorism operations....
error: Content is protected !!