Chinese threat actors are increasingly targeting various sectors in India, with over 40,300 cyber-attack attempts made in just the span of five days. The information has been shared by Maharashtra’s cyber security cell, which has noted the increased activity of Chinese state-backed hackers targeting numerous sectors in India. While Chinese threat actors are known Cybercrime actors across the world, the recent surge in hacker activity comes in light of heightened geopolitical tensions in Galwan Valley at the Indo-China border.

Inspector General of Police, cyber security at Maharashtra Police, said, “In the span of 4-5 days, there is a sudden surge of cyber-criminal activity in the Indian cyberspace. Resources and sectors such as infrastructure, information and banking have been heavily targeted in this period by Chinese attackers. A large volume of these attacks have originated from Chengdu, the capital city of China’s Sichuan province.”

Type of attacks that have largely become prevalent:

These attacks can be divided into three categories –

• Denial of service,
• IP hijacking

This has led to the Indian government’s cyber infrastructure being vulnerable right now. Himanshu Dubey, director of Quick Heal Security Labs, told  “Over the past few days, we have seen some well-calibrated attacks targeting India’s critical infrastructure using malware that are designed to communicate with CnC (Command & Control) servers based in China.

How are attackers exploiting the devices?

As part of these attacks, crypto miners and Remote Access Tool (RAT) malware are being dropped on victim computers, which enable remote administration and extensive interactions with those devices. Some of the actions include key logging (a common tactic used to steal credentials), screen capture, privilege escalation (used to gain deep-level access to classified files) and data exfiltration, among others.”

Dubey also said that noted Pakistani hacker collective APT36 (aka Transparent Tribe) has also been targeting Indian Defence organizations persistently since March. While it is not clear if the actions of Pakistani and Chinese hackers are correlated, Dubey said, “Attackers are using honey-trapping to get inside an organization’s environment, with the intent of stealing sensitive information.”

According to the Indian Computer Emergency Response Team (CERT), the phishing attack campaign by “malicious actors” is expected to start from June 21 (Sunday). Notably, the CERT-In falls under the Information Technology Ministry and it works to protect Indians from cyber threats.

“The phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing government-funded COVID-19 support initiatives. Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information,” CERT-In said in a statement.

Recommendations

It is recommended to consider the following best practices:

1. All individual users, to pay attention to necessary cyber security protocol and protect their online resources.
2. Use robust firewalls, and for enterprises, it is important that they audit their systems by verified cyber security experts.
3. Companies should keep systems up to date, implement strong password policies, and have threat intelligence to adapt to the latest attacks.
4. To prevent phishing email:

• Beware of online requests for personal information
• Check the email address or link
• Watch for spelling and grammatical mistakes
• Look for generic greetings

Avoid emails that insist you act now