- A group of Asian hackers are targeting Indian government organisations with malware and trojans according to an investigation by Positive Technologies.
- The group has been active since 2016 and some of their IP addresses have been tracked back to Chinese internet providers.
- The hackers reportedly stole confidential data off of internal servers after infecting the LAN networks of victims.
India has a very diverse cyber network but it might not be the most secure. Cyber attacks against governments are becoming more common and the country seems to be caught in the crosshairs of a new group of hackers.
A hacker group dubbed Calypso APT has been using stolen credentials and remote code execution vulnerability to break into government networks. More than one-third of their attacks have been aimed at India.
The data obtained by
Positive Technologies indicates that the APT group is of Asian origin and is Chinese-speaking. In some of the attacks that were registered, the perpetrators accidentally revealed their real IP addresses, which belonged to Chinese internet providers.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More According to Positive Technologies, the group first caught their attention in March 2019 but further investigation showed that the attackers have been operational since at least September 2016.
Hacking Indian government organisationsThe hackers dealt damage by breaching the network perimeter and injecting a special program. The program then gave them access to the internet network of the system they were hacking.
"These attacks succeeded largely because most of the utilities the group uses to move inside the network are widely used by the specialists everywhere for network administration,” said
Denis Kuvshinov, lead specialist in threat analysis at Positive Technologies in a statement.
According to Kuvshinov, the hackers used popular tools like SysInternals, Mimikatz, EternalBlue and EternalRomance to infect LAN networks and siphon away confidential data. They did this by installing malware like Calypso RAT, PlugX and the Byeby Trojan — which was also used in the Sony XY malware campaign in 2017.
In older operating systems like Windows XP and Windows Server 2003, the malware could be found in C:\RECYCLER. In newer operating systems, the trojan was installed in C:\ProgramData.
While most of the attacks by this hacker group were against Indian government organisations, its primary targets also included Brazil, Kazakhstan, Russia, Thailand and Turkey.
Next Story
Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
Experts warn of rising temperatures in Bengaluru as Phase 2 of Lok Sabha elections draws near
Axis Bank posts net profit of ₹7,129 cr in March quarter
7 Best tourist places to visit in Rishikesh in 2024
From underdog to Bill Gates-sponsored superfood: Have millets finally managed to make a comeback?
7 Things to do on your next trip to Rishikesh
