Top 20 Indian organisations under threat of attack from Chinese hackers to “teach India a lesson” amid border tension

• Jio, Airtel, Cipla, MRF Tires, Sun Pharmaceuticals and other commercial companies have been tagged as targets by Chinese hackers.
• Cybersecurity firm CYFIRMA has determined that two Chinese hacker groups — Ghost Panda and Stone Panda are looking to damage the companies’ reputation and extract trade secrets.
• The motivation behind the attacks is to “teach India a lesson”.

There’s a flurry of activity on the dark web and hackers’ forums as a reaction to the ongoing India-China border dispute in Galwan Valley. The two main hacking groups behind the rhetoric are China-based Gothic Panda and Stone Panda.

Cybersecurity firm CYFIRMA Research reports that notable organisations like Jio, Airtel, Cipla and others are on the radar of Chinese hackers to “teach India a lesson”. Other comments translated from Mandarin included “this is one nation who doesn’t listen to us”.



As per their observations, CYFIRMA has shared three lists — commercial organisations, media companies, and government websites — that are potential targets as per the conversations they observed between the Chinese hacking community.

Commerical organisations on Chinese hackers target list:

1. Jio
2. MRF Tires
3. Sun Pharmaceuticals
4. Airtel
5. Cipla
6. Intex Technologies
7. Micromax
8. BSNL
9. Apollo Tires
10. L&T

According to CYFIRMA, the objective of hacking commercial organisations listed above is to cause reputation damage and extract any sensitive information that could hamper their operations — including trade secrets.

Government sites on Chinese hackers target list:

1. Ministry of Foreign Affairs
2. Ministry of Defence
3. Ministry of Information and Broadcasting

The motivation for hacking government sites is to ‘name and shame’ them as per CYFIRMA’s report. The same applies to media houses on their target list.

Media houses on Chinese hackers target list:

1. Times of India
2. Republic TV
3. NDTV
4. Hindustan Times
5. X-TV
6. Aaj Tak
7. Dainik Jagran

Meet the hackers behind the threat to Indian organisations
Gothic Panda — also known at APT3, UPS and TG-011 — has been directly attributed to the Chinese Ministry of State Security in the past. It has been behind campaigns like Operation Clandestine Fox, Double Tap and Clandestine Wolf in the past.

Gothic Panda’s repertoire of victims include companies in the defence, telecommunications, transportiation, and advanced technology sectors. They have also been known to hack into government departments and bureaus in Hong Kong, the US, and several other countries.

Stone Panda — also known APT10, Red Apollo, CVNX, HOGFISH and most popularly, menuPass — been known to originate in China and been active since 2009. In 2017, Palo Alto detected that the hacker group was targetting Japanese Academics and organisations with malware.

In another investigation, FireEye found that Stone Panda was using a Remote Accessibility Trojan (RAT) — which gives the hackers to control your device from anywhere — to run reconnaissance, extract intelligence, and plant malware.

SEE ALSO:
The 10 most infamous hackers of all time

Chinese hackers crack through India's Industry Department website with "mediation"

SBI warns 2 million users may be at risk of phishing attacks in Delhi, Mumbai and other major cities