Exclusive: Hacking from India rose in past 2 years, targeted China's medical industry using forged physical examination forms at the beginning of epidemic
Published: Nov 02, 2021 08:13 PM
Cyber theft Photo: Xinhua

Cyber theft Photo: Xinhua

Hackers from India have been caught actively launching cyberattacks targeting China's multiple sectors as well as individuals in the past two years during the epidemic, and their attacks are largely on the rise in the first half of 2021, the Global Times learnt from an exclusive interview with Chinese tech giant 360 Security Technology on Tuesday.

Experts from the company believe that intelligence analysis is likely behind these hacking groups as they are taking advantage of trendy affairs and topics, such as politics and economy related topics, epidemic situation and professional activities from industries, so as to accurately launch their attacks.

In 2020, the company has monitored and captured more than 100 of initial payloads mostly from India and they induce users to execute malicious payloads through harpoon emails in various fields. 

Starting from the beginning of 2021, APT hacking groups from India and other South Asian regions have continued to be very active, targeting China's education institutes, government, aerospace and national defense and military industry fields, the Chinese tech giant said.

Starting from the second half of 2020, hacking groups from South Asia, mainly from India, have been on the rise, especially in the first half of 2021, their attack frequency and subdivision, relating to trendy affairs, have increased significantly compared with previous year, the Global Times learnt from an expert of 360 Security Technology.

Hacking groups from India and South Asian countries can always grasp and use trendy affairs related topics to accurately launch targeted cyberattacks on China's institutes as well as individuals, experts from 360 Security Technology said. They believe that intelligence analysis on current affairs and news in relation to the target country are behind those cyberattack groups.

Those APT organizations not only pay close attention to politics and economy related topics, but also on affairs like the epidemic situation and professional activities from industries, security experts said.

The exposure from 360 Security Technology came after Antiy Labs, China's leading anti-virus company, told the Global Times that they have busted phishing activities from India targeting the country's government, defense and military units, as well as state-owned enterprises in China, Pakistan, and Nepal.

Wang Wenbin, a spokesperson from China's Foreign Ministry, said at the press brief on Tuesday that China's principled position stands at opposing all forms of cyberattacks.

In the early stage of the COVID-19 epidemic, 360 Security Technology busted a hacking group CNC (APT-C-48) which launched attacks on China's medical industries through forged physical examination forms taking the advantage of COVID-19 outbreak in China. 

The company noticed the attacks and warned relevant users in advance, preventing it from causing larger damages. However, in April this year the CNC hacking group was found launching fresh attacks targeting China's key departments and in June it launched new attacks targeting aerospace industries by taking advantage of China's space events. 

In June 2020, an APT organization called Sidewinder was found attacking the recruitment department of a Chinese university by using a word document in relating to epidemic as bait. In November, 2020, an APT organization APT-C-08 launched an attack against a research institute on traditional Chinese medicine research. 

Security experts told the Global Times that technically speaking hacking groups from India and other South Asian regions are good at using social engineering methods such as inducing users to execute malicious payloads through harpoon emails so as to reach their goals.

The APT-C-08 organization, for example, not only carried out spear-mail attacks on the target, 70 percent of its attacks also used phishing attacks against the mailbox system of the target unit. The group is also exploring a new type of supply chain attack that is targeting intermediate service providers, such as bidding agencies, to launch attacks.

blog comments powered by Disqus