An Asian group has been hacking Indian government organisations, says report
- A group of Asian hackers are targeting Indian government organisations with malware and trojans according to an investigation by Positive Technologies.
- The group has been active since 2016 and some of their IP addresses have been tracked back to Chinese internet providers.
- The hackers reportedly stole confidential data off of internal servers after infecting the LAN networks of victims.
A hacker group dubbed Calypso APT has been using stolen credentials and remote code execution vulnerability to break into government networks. More than one-third of their attacks have been aimed at India.
The data obtained by Positive Technologies indicates that the APT group is of Asian origin and is Chinese-speaking. In some of the attacks that were registered, the perpetrators accidentally revealed their real IP addresses, which belonged to Chinese internet providers.
AdvertisementAccording to Positive Technologies, the group first caught their attention in March 2019 but further investigation showed that the attackers have been operational since at least September 2016.
Hacking Indian government organisations
The hackers dealt damage by breaching the network perimeter and injecting a special program. The program then gave them access to the internet network of the system they were hacking.
"These attacks succeeded largely because most of the utilities the group uses to move inside the network are widely used by the specialists everywhere for network administration,” said Denis Kuvshinov, lead specialist in threat analysis at Positive Technologies in a statement.
According to Kuvshinov, the hackers used popular tools like SysInternals, Mimikatz, EternalBlue and EternalRomance to infect LAN networks and siphon away confidential data. They did this by installing malware like Calypso RAT, PlugX and the Byeby Trojan — which was also used in the Sony XY malware campaign in 2017.
In older operating systems like Windows XP and Windows Server 2003, the malware could be found in C:\RECYCLER. In newer operating systems, the trojan was installed in C:\ProgramData.
AdvertisementWhile most of the attacks by this hacker group were against Indian government organisations, its primary targets also included Brazil, Kazakhstan, Russia, Thailand and Turkey.
Popular on BI
- HUL spent Rs 2,255 crore on advertising between April and September this year
- Aadhaar Hackathon 2021 – how to participate, prize money, rules and more
- Ad fraud rates decrease in desktop and mobile web display in India: Report
- Cryptocurrency miners are taking a toll on power grids worldwide — Russia and Belarus join other countries look to separate them from other power users
- Surcharge on power bills of 30,000 consumers to be waived in Gurugram, say officials