SOURCE: INDIA TODAY
If at the Line of Actual Control, Indian forces are facing off against an actively hostile China, in the cyber world, agencies defending India’s internet domain are facing a cyber war waged by China through invisible hackers. Over the last two months, since border tensions broke out, Indian agencies have been battling direct and indirect attacks from what seems to be a multinational coalition.
Virtually every sector and cyber platform in India has been facing attacks originating from China, North Korea and Pakistan. Hacking attempts from the three nations are multiplied using bots and proxies, and attackers from of different origins are carrying out different tasks. Top sources in the government say that though the attacks are coming from different countries, a single guiding hand behind a bulk of the attacks cannot be ruled out, especially because these hacking attacks are timed with the escalation of tension at the China border.
A senior IT ministry official said, “There are virtually no independent actors in China where systems are terribly opaque. And that’s why the attacks can’t be attributed to non-state players alone. Many of the known hackers are established fronts of the Chinese government. And China, Pakistan and North Korea are part of an identified axis. Both in Pakistan and North Korea, the state operates such [hacker] entities.”
Last week NIC, which manages central and state government websites, had to scramble and ‘smash’ a cyber attack that had breached the security firewalls of a ministry’s official site
Sources in the government say that over the last two months, cyber attacks numbering in thousands have been thwarted by Indian IT defence systems. The attacks have specific mandates that range from attempts to gain unauthorised access to Indian systems or their data, creating unwanted disruption and denial of service attacks to abuse or misuse of systems or data.
Such attacks have been reported on a global level as well. A heavy traffic of cyber attacks was witnessed after Covid-19, which originated in China, spread on a massive scale globally. In March 2020, Chinese hackers are said to have targeted over 75 organisations around the world in the manufacturing, media, healthcare, and non-profit sectors as part of a broad-ranging cyber espionage campaign.
Last week, though the ministry of commerce denied it, sources in the National Informatics Centre, or NIC, which manages central and state government websites and communication systems, had to scramble and ‘smash’ a cyber attack by a hacker group that had breached the security firewalls of the ministry’s official site and almost taken charge of the security protocols.
CHINA
In a big revelation, a senior government official said, “Hacking attempts originating from China are looking for information about products and raw material procurement including that for anti-Covid19 battle and policies. This is where the Chinese business interest comes in. If they know what India needs or wants to procure, Chinese companies and entities can align their supplies.”
The Chinese government through its ‘hacktivists’ is also attempting to know more about changes in manufacturing, import and other policies that can impact Chinese interests. There has been a spurt in such attempts since April, when India announced new FDI rules that curb inflows from neighbouring countries, especially China. With Prime Minister Narendra Modi’s appeal to “go vocal for local” and the Atmanirbhar Bharat Abhiyan, or self reliant movement, China is out to pilfer information on Indian policies and plans.
There are virtually no independent actors in China where systems are terribly opaque. And that’s why the attacks can’t be attributed to non-state players alone
– Senior IT ministry official
Since email platforms are also under attack, important advisories on their use and those of chat and conference platforms have been sent.
According to IT ministry sources, Stone Panda, a Chinese threat actor group, has been active in these attacks. The group has traditionally shown interest in stealing international trade secrets and supply chain information from various enterprises in countries such as India, Japan, USA, Canada, and Brazil. The group’s known motive has been known to be sensitive data exfiltration. The group is said to be linked to the Chinese Ministry of State Security (MSS) entities in Guangzhou.
The other group is believed to be Gothic Panda, which is a long-standing Chinese threat actor group that has targeted aerospace, defence, construction and engineering, telecommunications, transportation, and manufacturing sectors in the past.
NORTH KOREA
The attackers with origins in North Korea have been carrying out two-pronged attacks. One is by creating a huge amount of unusual activity, thereby raising demand on the servers of Indian government and institutional websites. IT ministry sources say, “This in cyber parlance is called Distributed Denial Of Service or DDoS. It’s similar to what happens to the IRCTC site when the Tatkal operations are on. Too much demand either slows down the system or stalls it.”
A couple of days back Cert-In, India’s premier internet defence agency, issued a specific alert about phishing attempts.
from Indian Defence Research Wing https://ift.tt/2BKS3v2
via IFTTThttp://idrw.org
No comments:
Post a Comment