Chinese hackers eye Indian govt, education institutes

Of over 100 targeted phishing attacks, 70% were in India

Chinese hackers are trying to infiltrate and infect computing systems of government agencies and institutions, according to a report from a US-based cyber security expert.

FireEye, a Nasdaq-listed firm, today revealed details of an advanced campaign which appears to target information about ongoing border disputes and other diplomatic matters.

The advanced persistent threat (APT) group behind the operation, which FireEye believes is most likely based in China, sent targeted spear phishing emails containing Microsoft Word attachments to its intended victims.

These documents pertained to regional issues and contained a script called 'Watermain', which creates backdoors on infected machines. 

The attacks were also detected in April 2015, about a month ahead of Indian Prime Minister Narendra Modi's first state visit to China.

"Collecting intelligence on India remains a key strategic goal for China-based APT groups, and these attacks on India and its neighbouring countries reflect growing interest in its foreign affairs," said Bryce Boland, FireEye chief technology officer for Asia Pacific.

"Organisations should redouble their cyber security efforts and ensure they can prevent, detect and respond to attacks in order to protect themselves," he said.

FireEye has observed Watermain activity since 2011. Over the past four years, this threat group has used Watermain to target over 100 victims, approximately 70% of which were in India. The group launching Watermain attacks has also targeted Tibetan activists and others in Southeast Asia, with a focus on governmental, diplomatic, scientific and educational organisations.

APT attacks on organisations in India and neighbouring countries are now commonplace. In April, FireEye revealed the details of APT30, a decade-long cyber espionage campaign by suspected China-based threat actors that compromised an aerospace and defence company in India among others.

In the recent past, India has been increasingly gaining interest of cyber criminals for various attacks. According to Symantec's Internet Security Threat Report (ISTR), India is ranked second on a list of nations that were most targeted for cyber crimes through social media in 2014, following the US. A new research from F-Secure said that India is number one country of Botnet related malware in Asia.

Even Indian Computer Emergency Response Team's (ICERT-in) January report shows that the total number of security incidents including phishing, virus/malicious code, network scanning/probing, spam, spread of malware through website compromise for the month of January 2015 was 8,311, up from 5,987 incidents in November 2014. In addition, a total of 2,224 Indian websites were defaced in January, 2015 compared to 1,256 in November 2015.