A group of hackers believed to be based out of China targeted Indian institutions – including in the run-up to Prime Minister Modi’s visit to the country in May – for sensitive information regarding India’s borders and diplomacy, Tibetan exiled groups and scientific institutions based in the country, according to a cybersecurity firm.
The cyberattacks, which were likely able to obtain sensitive information on account of India’s weak cybersecurity defences, were reported in the lead up to Prime Minister Narendra Modi’s May visit to China and were believed to be continuing.
Indian officials have previously told India Today they had to step up cybersecurity arrangements on account of a spurt in hacking attacks over the past few years, and the belief among some officials was that many of these attacks were originating from China.
“Over the past four years, this threat group has [targeted] over 100 victims, approximately 70 per cent of which were in India,” cybersecurity firm FireEye said in a statement on Friday, reported by the South China Morning Post.
The group said attacks were reported even in the lead up to Modi’s China visit, and that attackers were still likely continuing with cyberattacks. “It is most likely Chinese,” Bryce Boland, FireEye’s chief technology officer for the Asia Pacific, told the Washington Post. “We don’t have a smoking gun, but all roads lead to China.”
The US newspaper reported that the cyber group sent spear-phishing emails with Microsoft Word attachments containing information “on regional diplomatic issues”. The attachments contained a script called Watermain that could infect computers and allow backdoor access for hackers.
While the origins of hacking attacks are usually almost impossible to verify, FireEye suggested that both the targets of the attacks, including India’s diplomatic interests and Tibetan exiled groups, as well as the use of the Watermain script which “appeared to have been designed for Chinese-speaking users”, pointed the finger at China-based hackers.