Chinese threat actors are increasingly targeting various sectors in India, with over 40,300 cyber attack attempts made in just the past five days. The information has been shared by Maharashtra’s cyber security cell, which has noted the increasing activity of Chinese state-backed hackers targeting numerous sectors in India. While Chinese threat actors are known cyber crime actors across the world, the recent surge in hacker activity comes in light of heightened geopolitical tensions in Galwan Valley at the Indo-China border.
Speaking to News18, Yashasvi Yadav, Inspector General of Police, cyber security at Maharashtra Police, said, “In the past 4-5 days, there is a sudden surge of cyber criminal activity in the Indian cyber space. Resources and sectors such as infrastructure, information and banking have been heavily targeted in this period by Chinese attackers. At least 40,300 cyber attacks have been made in this time, and a large volume of these attacks have originated from Chengdu, the capital city of China’s Sichuan province.”
Talking about the type of attacks that have largely become prevalent, Yadav said, “These attacks can be divided into three categories – denial of service, IP hijacking and phishing. This has led to the Indian government’s cyber infrastructure being vulnerable right now.”
Echoing these observations, Himanshu Dubey, director of Quick Heal Security Labs, told News18, “Over the past few days, we have seen some well-calibrated attacks targeting India’s critical infrastructure using malware that are designed to communicate with CnC (Command & Control) servers based in China. As part of these attacks, crypto miners and Remote Access Tool (RAT) malware are being dropped on victim computers, which enable remote administration and extensive interactions with those devices. Some of the actions include keylogging (a common tactic used to steal credentials), screen capture, privilege escalation (used to gain deep-level access to classified files) and data exfiltration, among others.”
Dubey also said that noted Pakistani hacker collective APT36 (aka Transparent Tribe) has also been targeting Indian Defence organisations persistently since March. While it is not clear if the actions of Pakistani and Chinese hackers are correlated, Dubey said on the matter, “Attackers are using honey-trapping to get inside an organisation’s environment, with the intent of stealing sensitive information.”
Making an appeal to common users to take cyber security even more seriously in such tense socio-political times, Yadav said, “I would advise everyone, including all individual users, to pay attention to necessary cyber security protocol and protect their online resources. Use robust firewalls, and for enterprises, it is important that they audit their systems by verified cyber security experts.”