Cyberspies have been snooping on Bangladesh, India, Nepal and Pakistan, seeking information on border disputes as well as general diplomatic intelligence.
The ongoing APT-style cyber-attack against India and neighbouring nations has been going on since 2011 and is likely to be the work of China, according to net security firm FireEye. The standard modus operandi for the group involves sending targeted spear phishing emails containing Microsoft Word attachments to its intended victims. These documents refer to regional issues and contain a script called Watermain, which creates backdoors on infected machines.
Attacks by the group have been traced back to 2011, but flared up in April 2015, about one month ahead of Indian Prime Minister Narendra Modi’s first state visit to China.
FireEye reckons Watermain has been slung against more than 100 victims over the last four years, approximately 70 per cent of which were in India. The group launching Watermain attacks has also targeted Tibetan activists and others in Southeast Asia, but specialised in governmental, diplomatic, scientific and educational organisations.
“Collecting intelligence on India remains a key strategic goal for China-based APT groups, and these attacks on India and its neighbouring countries reflect growing interest in its foreign affairs,” said Bryce Boland, FireEye chief technology officer for Asia Pacific. “Organisations should redouble their cyber-security efforts and ensure they can prevent, detect and respond to attacks in order to protect themselves.”
APT attacks on organisations in India and neighbouring countries are becoming increasingly commonplace. In April, FireEye revealed details of APT30, a decade-long cyber-espionage campaign by suspected China-based hackers that compromised an aerospace and defence company in India among others. Other security researchers have previously uncovered evidence of spying between India and Pakistan. ®