A Chinese hacking group targeted Indian government organizations
In a major shocker, a team of security researchers has revealed that India has been targeted by a Chinese hacking group. They have published a report noting that over the last three years these hackers have used sophisticated malware strains to compromise the systems of government organizations and cause chaos. Here's all you need to know about these attacks.
Calypso APT and its activity in India, abroad
Just as WhatsApp continues to draw flak for allowing spyware on its app, researchers at security company Positive Technologies brought another matter to attention - the activities of China's Calypso APT or Advanced Persistent Threat group. They claimed that since 2016 the group has successfully compromised the systems of several state institutions in not just India but also Brazil, Kazakhstan, Russia, Thailand, and Turkey.
How they broke into encrypted government systems?
In the report, the researchers noted that the group employed specially designed tools and malware to break into various government's systems. First, they used to hack the perimeter of the system; then, by using the tool/malware, they used to break into the internal network. After breaching the network, they'd either use Remote Code Execution vulnerabilities or stolen credentials to use/damage the system, its data.
No word on the Indian organizations targeted
While the researchers claimed that the group targeted state organizations in India, they did not name any affected parties. However, the team did note that the hackers were able to successfully damage organizations in every country they targeted, thanks to their use of tools that are widely available and being used in the enterprise category.
Here's what the researchers said
"These attacks succeeded largely because most of the utilities the group uses to move inside the network are widely used by the specialists everywhere for network administration. The group used publicly available utilities and exploit tools, such as SysInternals, Mimikatz, EternalBlue and EternalRomance."
No direct links to China discovered yet
Having said that, it's also imperative to note that it is not yet fully confirm that this group is based out of China. The evidence that indicates a Chinese connection is the use of PlugX malware and Byeby trojan, both of which are pretty widely used by Chinese hackers. Also, some unearthed IP addresses belong to Chinese providers.