An Asian group has been hacking Indian government organisations, says report
- A group of Asian hackers are targeting Indian government organisations with malware and trojans according to an investigation by Positive Technologies.
- The group has been active since 2016 and some of their IP addresses have been tracked back to Chinese internet providers.
- The hackers reportedly stole confidential data off of internal servers after infecting the LAN networks of victims.
India has a very diverse cyber network but it might not be the most secure. Cyber attacks against governments are becoming more common and the country seems to be caught in the crosshairs of a new group of hackers.
View all Offers
View all Offers
OnePlus Nord 2 5G (Gray Sierra, 8GB RAM, 128GB Storage) I Extra upto Rs.1000 off on Exchange₹ 29999Buy On
- 19% OFF
Redmi Note 10 (Aqua Green, 4GB RAM, 64GB Storage) -Amoled Dot Display | 48MP Sony Sensor IMX582 | Snapdragon 678 Processor₹ 12999₹ 15999Buy On
OnePlus Nord 2 5G (Blue Haze, 8GB RAM, 128GB Storage) I Extra upto Rs.1000 off on Exchange₹ 29999Buy On
- 18% OFF
Redmi 9A (Nature Green, 2GB RAM, 32GB Storage) | 2GHz Octa-core Helio G25 Processor | 5000 mAh Battery₹ 6999₹ 8499Buy On
- 18% OFF
Redmi 9 (Carbon Black, 4GB RAM, 64GB Storage) | 2.3GHz Mediatek Helio G35 Octa core Processor₹ 8999₹ 10999Buy On
A hacker group dubbed Calypso APT has been using stolen credentials and remote code execution vulnerability to break into government networks. More than one-third of their attacks have been aimed at India.
TOP VIDEOS FOR YOUThe data obtained by Positive Technologies indicates that the APT group is of Asian origin and is Chinese-speaking. In some of the attacks that were registered, the perpetrators accidentally revealed their real IP addresses, which belonged to Chinese internet providers.
AdvertisementAccording to Positive Technologies, the group first caught their attention in March 2019 but further investigation showed that the attackers have been operational since at least September 2016.
Hacking Indian government organisations
The hackers dealt damage by breaching the network perimeter and injecting a special program. The program then gave them access to the internet network of the system they were hacking.
"These attacks succeeded largely because most of the utilities the group uses to move inside the network are widely used by the specialists everywhere for network administration,” said Denis Kuvshinov, lead specialist in threat analysis at Positive Technologies in a statement.
According to Kuvshinov, the hackers used popular tools like SysInternals, Mimikatz, EternalBlue and EternalRomance to infect LAN networks and siphon away confidential data. They did this by installing malware like Calypso RAT, PlugX and the Byeby Trojan — which was also used in the Sony XY malware campaign in 2017.
In older operating systems like Windows XP and Windows Server 2003, the malware could be found in C:\RECYCLER. In newer operating systems, the trojan was installed in C:\ProgramData.
AdvertisementWhile most of the attacks by this hacker group were against Indian government organisations, its primary targets also included Brazil, Kazakhstan, Russia, Thailand and Turkey.
- Fino Payments Bank files papers for ₹1,300 crore IPO
- OfBusiness, a platform that helps SMEs get raw materials, becomes the newest unicorn from India
- Tokyo Olympics: India's P V Sindhu loses to world number one Tai Tzu Ying of Chinese Taipei in the semis
- Droom founder explains why he is considering a US IPO and where he intends to spend the money
- 21 new COVID-19 cases reported at Tokyo Olympics, no athletes among them