This group of hackers have been code named as APT30, and had been targeting key military, diplomatic and political establishments from India and other countries. The cyber-security firm’s research states that the origin of these hackers is Mainland China, and there is high probability that Chinese Govt. is behind this mega cyber espionage ever unearthed.
Chinese Govt. has refused to comment on this report as of now.
As per the report, “Such a sustained, planned development effort, coupled with the group’s regional targets and mission, lead us to believe that this activity is state sponsored-most likely by the Chinese government.”
Systematic & Integrated Cyber Espionage
The researchers from Fire Eye were baffled by the incredible consistency with which this group named as APT30 were able to carry on their malicious activities since last 10 years; not only in India but in other South Asian nations as well.
Some shocking revelations:
– The hackers used downloaders, backdoors, a central controller & several hi-tech components to steal data from Indian military and political offices and key persons
– APT30 has a stream-lined workflow procedure and a “collaborative team environment”, thereby methodologically targeting key personals and extracting sensitive data
– They used highly sophisticated Malware C2 communication protocol, which helped them to stay updated with their viruses and malwares. Considering that they have been running their operations since 2005, there has to be a mechanism to overcome resistance.
– They used an advanced BackSpace Backdoor, also called ‘Lecna’, which helped them to target their victims and pass on alerts like when they are online. Hence, they programmatically ‘chose’ their victims and carried on espionage in a professional manner.
– Some of the primary countries which these hackers from APT30 targeted: India, Thailand, Malaysia, South Korea, Vietnam
– Issues which prompted hacking: Religious disturbances, political gossips/debates, military expansion, media personals and journalists who reported these matters and Government offices engaged in decision making exercise
– Some lethal malwares which were used for hacking: BACKSPACE ; NETEAGLE ; SHIPSHAPE; SPACESHIP; FLASHFLOOD. These are some of the most highly advanced and dangerous malwares, as they have an internal version number, which gets auto-updated in case any firewall or anti-malware system is in place. Thus, we can say these are immortal malwares.
One of the major concerns as highlighted by this report is the hacking of Indian military information and passing them to Chinese Govt. As seen in the report, these hackers deliberately and systematically stole information related with INS Vikrant’s launch, it’s projected path and other sensitive information.
Here is a snapshot of it..
You can view the entire report here.
The audacity with which these hackers have been carrying on their operations for the last 10 years makes it even more dangerous.
Is our cyber security net so weak that hackers can consistently steal information since 2005?
[Image Src: Shutterstock.com]