Chinese hacker groups could threaten Indian companies.
According to Cyfirma, preparations are underway to seek to intercept personal data, refuse service or deface websites, or initiate disruptive phishing campaigns targeting Indian government websites to companies in the banking, healthcare, mobile and construction industries.
Indian enterprises and media houses could be under attack by Chinese state-sponsored hacker groups according to a chatter uncovered on the dark web. Over the last 10 days, there have been extensive conversations in Chinese hacking communities discussing ways to ‘teach India a lesson,’ according to Cyfirma, a Singapore-based cyber security firm. It said the hackers shared annoyance with India, using comments like, “This is one country that doesn’t listen to us.”
According to Cyfirma, preparations are underway to seek to intercept personal data, refuse service or deface websites, or initiate disruptive phishing campaigns targeting Indian government websites to companies in the telecommunications, healthcare, mobile and construction industries.
The report stated that companies such as Jio, Airtel, L&T, ApolloTyres, Micromax and Cipla could be targeted, along with the Ministry of Defense, Foreign Affairs and Information and Broadcasting. ET sent an email to the companies listed in the study and to CERT-In.
The increased activity seen in chat groups over the last ten days has been attributed to current border tensions between the two countries. “The whispers in the dark web and the hackers’ forums have increased in volume and intensity, with actual references to Indian targets. When noticed that IoCs (compromise indicators) were exchanged, ET instinctively realized that the danger might be imminent. The course of action now for these businesses and government agencies is to address the security holes and weaknesses fast, said Kumar Ritesh, Founder CEO of Cyfirma. the organizations mentioned in these chats, as well as the Indian Computer Emergency Response Team CERT-In, had been alerted.
Based on a review of the IP addresses exchanged in the hacker chat, the firm claimed that the Chinese threat actor groups Gothic Panda and Stone Panda were behind these alleged hacking operations, which are strongly connected to the Chinese Government.
Gothic Panda has been credited for projects such as Operation Secret Cat, Operation Covert Wolf and Operation Double Tap in the past. Stone Panda has historically demonstrated interest in stealing foreign trade secrets and supply chain knowledge from businesses in countries such as India, the USA, Japan, Canada and Brazil.