India features among the worst affected countries by Black Vine, a formidable, highly resourced attack group, which is equipped to conduct cyber espionage against targeted organisations, according to a Symantec whitepaper. The vast majority of Black Vine infections affected companies in the US, followed by China, Canada, Italy, Denmark and India. In fact, Black Vine's targets are spread across several regions, based on the IP address locations of the compromised computers. The paper found that Black Vine used certain zero-day exploits at the same time that other attack groups used them. Black Vine typically conducts watering-hole attacks against websites that are relevant to its targets' interests and uses zero-day exploits to compromise computers. If the exploits succeed, then they drop variants of Black Vine's custom-developed malware: Hurix and Sakurel (both detected as Trojan.Sakurel), and Mivast (detected as Backdoor.Mivast). These threats open a back door on the compromised computers and allow the attackers to steal information.
Black Vine has been conducting cyber espionage campaigns since 2012 and has been targeting several industries, including aerospace, energy, and health care. Symantec says that some actors of Black Vine may be associated with an IT security organisation based in Beijing.