You are here: Home » PTI Stories » National » News
Business Standard

Cyber attack on Defence Research Lab thwarted: Quick Heal

Press Trust of India  |  New Delhi 

An attempt to steal sensitive data from Defence Metallurgical Research Laboratory (DMRL), the research lab of DRDO, through cyber attack was detected and blocked in September, security software maker Quick Heal has said in its report.

"We have been closely tracking an attack campaign named as 'Sinon' specifically aimed at the Defence Metallurgical Research Laboratory (DMRL), research laboratory of the Defence Research and Development Organisation (DRDO)," said Quick Heal Chief Technology Officer Sanjay Katkar, sharing contents of the report.

The report said that the attack termed as 'Sinon Campaign' was detected on September 5, 2014 and was carried out through a genuine looking email - spear-phishing email - with an infected attachment designed to exploit an old vulnerability in Windows operating system.

"The threat was immediately found and blocked by our end point security solution active in DRML's computer thus making it completely harmless. We took a couple of weeks' time to understand that the threat blocked was actually an invasive effort to penetrate and steal our defence intelligence," Katkar said.

He did not share the damage that the attack could have done in stealing information from the lab located in Hyderabad but said the thwarted attack was "capable of copying sensitive data and sending it to the attackers server, and the attackers would also have full control over the machine from its Control & Command centre."

The Quick Heal analysis of the attack showed that it was being executed through a server in Vietnam but that the server address and other details could have been a fake registration. The location of original attacker was not shared in the report.

The attack was executed through a genuine looking e-mail and once the spear-phishing email was opened, it opened a fake document.

The fake document downloaded a malicious code.

"While the document would completely misguide the victim, the malware would create another huge avg.Dll file of 28MB size to misguide anti-virus or any other debugging software. This file once installed looks like a genuine antivirus software," the report said.

Earlier this year the Indian Infosec Consortium found that about 3,000 Internet connections in Delhi were compromised probably for snooping from foreign locations.

The list included names of Defence Ministry at South Block and the Chief of Naval Staff in C-Wing at South Block.

Government's cyber security arm Computer Emergency Response Team-India (CERT-In) reported 62,189 cyber security incidents in first five months of the current calendar year.

The attacks have been observed to be originating from the cyber space of a number of countries including the US, Europe, Brazil, Turkey, China, Pakistan, Bangladesh, Algeria and the UAE, but could not be established.

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

First Published: Thu, October 02 2014. 17:20 IST