Chinese hackers get more aggressive to hack Indian organisations' cyberspace in last one year, agencies on alert
Mar 03, 2021
By Ankur Sharma
New Delhi [India], March 3 : Chinese hackers have been trying hard to crack Indian cyber space. There have been more aggressive attempts of hacking by Chinese hackers since last one year.
Various government organisations like the Computer Emergency Response Team (CERT-IN) and the National Critical Information Infrastructure Protection Centre (NCIIPC) are following trends and keeping a track of attempts made by Chinese post Galwan clash.
Experts said attempts from China have increased in the last year, which further amplified after the Indian Government banned Chinese applications post the Galwan clash.
Recently a report has emerged this week claiming that two Indian companies, which are supplying COVID-19 vaccinations -- Serum Institute and Bharat Biotech -- are under cyber attack by a Chinese hacking group APT10, also known as Stone Panda and actively targeting one such company. Sources claimed that CERT-IN is looking into this matter.
Also, Telangana electricity department officials have also claimed that they have received alerts from CERT-IN about Chinese malware trying to enter the cyber system of the department.
Earlier on Tuesday, Union Power Minister RK Singh had said, "We should remain alert" while refuting claims that the blackout in Mumbai last year was due to a Chinese cyber-attack.
Sources in the government said that all alerts were issued regarding such attempts and concern agencies have been asked to educate organisations about such attempts and keep them updated with new threats. Chinese hackers, majorly focus on big institutions instead of Individual, sources claimed.
The NCIIPC, which comes under the National Technical Research Organisation (NTRO) also documented details about Chinese hackers and their modus operandi about attacks generating from China recently.
The NCIIPC is a national nodal agency for all measures to protect the nation's critical information infrastructure. It protects and delivers advice that aims to reduce the vulnerabilities of critical information infrastructure against cyber terrorism, cyber warfare and other threats.
Sources said this organisation has compiled data of attempts of cyber attack from China in the last year, which had seen an upward trend.
While giving details about a China-based threat, NCIIPC's Threat Assessment group said, "Emissary Panda also known as APT-27 is a China-based threat actor that involves in targeting foreign embassies to collect data related to government, defence and technology sectors. Activities of Emissary Panda have been noticed since 2010 during attack in organisations across the world including financial services firms, US defence contractors, and a national data center in Central Asia."
The organisation dedicated more than half a dozen of pages to various China-based threats on Power, IT and government sectors in its last newsletter of 2020.
NCIIPC further warns that when malicious attackers gain access to an industrial control system, they are able to disrupt industrial control and safety processes, leading to costly outages, damaged turbines, threats to personnel safety and even environmental disasters.
The threat assessment group of NCIIPC also provided about another Chinese hacker group Elderwood and said, "Elderwood is a Chinese cyber espionage group that attacked Google in 2009 using Hydraq Trojan horse known as Operation Aurora and Google also confirmed that some of its intellectual property had been stolen. Interesting highlights of their approach include the use of the seemingly unlimited amount of zero-day exploitation, attacks on service providers working for the target organization."
Meanwhile, experts said attempts post the Galwan clash have been increased and various government organisations are dealing with it in a coordinated manner.
Rakshit Tondon, a cyber expert who works with various state and central agencies said China has always been like that but whenever there is some direct military conflict, the attempts increase.
"There is no official confirmation that Chinese hackers have successfully hacked any system of India but there have been aggressive attempts in the last year. Whenever there is such a (military) conflict, the Chinese increase their attempts. It was further amplified after India banned Chinese applications," he told ANI.