+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

An Asian group has been hacking Indian government organisations, says report

Nov 4, 2019, 18:56 IST
Business Insider India
  • A group of Asian hackers are targeting Indian government organisations with malware and trojans according to an investigation by Positive Technologies.
  • The group has been active since 2016 and some of their IP addresses have been tracked back to Chinese internet providers.
  • The hackers reportedly stole confidential data off of internal servers after infecting the LAN networks of victims.
Advertisement
India has a very diverse cyber network but it might not be the most secure. Cyber attacks against governments are becoming more common and the country seems to be caught in the crosshairs of a new group of hackers.

A hacker group dubbed Calypso APT has been using stolen credentials and remote code execution vulnerability to break into government networks. More than one-third of their attacks have been aimed at India.

The data obtained by Positive Technologies indicates that the APT group is of Asian origin and is Chinese-speaking. In some of the attacks that were registered, the perpetrators accidentally revealed their real IP addresses, which belonged to Chinese internet providers.

According to Positive Technologies, the group first caught their attention in March 2019 but further investigation showed that the attackers have been operational since at least September 2016.

Hacking Indian government organisations

Advertisement

The hackers dealt damage by breaching the network perimeter and injecting a special program. The program then gave them access to the internet network of the system they were hacking.

"These attacks succeeded largely because most of the utilities the group uses to move inside the network are widely used by the specialists everywhere for network administration,” said Denis Kuvshinov, lead specialist in threat analysis at Positive Technologies in a statement.

According to Kuvshinov, the hackers used popular tools like SysInternals, Mimikatz, EternalBlue and EternalRomance to infect LAN networks and siphon away confidential data. They did this by installing malware like Calypso RAT, PlugX and the Byeby Trojan — which was also used in the Sony XY malware campaign in 2017.

In older operating systems like Windows XP and Windows Server 2003, the malware could be found in C:\RECYCLER. In newer operating systems, the trojan was installed in C:\ProgramData.

While most of the attacks by this hacker group were against Indian government organisations, its primary targets also included Brazil, Kazakhstan, Russia, Thailand and Turkey.
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article