Cyber criminals, suspected to be based in China, are targeting organisations in India with the “key strategic goal of collecting intelligence”, cyber security firm FireEye today said.
“The campaign’s attacks were also detected in April 2015, about one month ahead of Indian Prime Minister Narendra Modi’s first state visit to China,” the firm said.
According to FireEye, the advanced persistent threat (APT) group behind the operation, which is most likely based in China, sent targeted spear phishing emails containing Microsoft Word attachments to its intended victims.
“Collecting intelligence on India remains a key strategic goal for China-based APT groups, and these attacks on India and its neighbouring countries reflect growing interest in its foreign affairs,” FireEye Chief Technology Officer (Asia Pacific) Bryce Boland said.
Organisations should redouble their cyber security efforts and ensure they can prevent, detect and respond to attacks in order to protect themselves, he added.
The cyber security firm further said that organizations based in Nepal, Pakistan and Bangladesh are also under similar threats.
Explaining the attacks, FireEye said the documents sent pertained to regional issues and contained a script called WATERMAIN, which creates backdoors on infected machines. FireEye said WATERMAIN has been active since 2011 and over the past four years, APT has used it to target over 100 victims with approximately 70 per cent of these in India.
“The group launching WATERMAIN attacks has also targeted Tibetan activists and others in Southeast Asia, with a focus on governmental, diplomatic, scientific and educational organisations,” FireEye said.
APT attacks on organisations in India and neighbouring countries are now commonplace, it added.
In April, FireEye had revealed the details of APT30, a decade-long cyber espionage campaign by suspected China-based threat actors that compromised an aerospace and defence company in India among others.