Published 19:19 IST, November 5th 2019
Researchers identify Chinese group behind cyberattacks on India
Security researches have identified Chinese hacking group which had stolen confidential data from the government by attacking governments including India.
The Chinese hacking group that had stolen confidential data from the government by attacking its organizations in six countries including India has been identified by security researchers. Governments in India, Brazil, Kazakhstan, Russia, Thailand, and Turkey had suffered damage as an outcome after a cyber group, the Calypso Advanced Persistent Threat group has reportedly been active since 2016. According to the investigations, to receive more access from the internal network of the victim, the group hacks the network perimeter and then injects a special programme.
Attackers moved along the network
The investigation also revealed that the group moves along the network by exploiting Remote Code Execution vulnerability or MS17-010 or by using stolen credentials. The Lead Specialist in Threat Analysis at Positive Technologies, Denis Kuvshinov reportedly made a statement that the attacks by the Chinese group were successful because the majority of utilities used by the attackers are used inside the network and specialists everywhere for the administration of the network. Therefore, the group used the publically available tools and 'exploited' them to infect the computers.
Taking advantage of Iran cyber-espionage
The British and United States officials said in October that Russian hackers took advantage of an Iranian cyber-espionage operation to attack the government along with the industry organizations in dozens of countries while pretending to be attackers from the Islamic State. The Russian group is known as “Turla” which was accused by the Estonian and Czech authorities of operating on behalf of the Russian security services used Iranian tools along with the computer infrastructure to hack into the organizations of nearly 20 different countries over the span of last 18 months. The UK and US intelligence group exposed the Turla group attack and was also published together by UK's National Cyber Security Centre and the US National Security Agency also revealed that the Turla group had attacked the majority of the victims from the middle east and even viewed the documents extracted from various sectors as well as governments.
(With inputs from agencies)
Updated 20:27 IST, November 5th 2019