NEW DELHI: Several government agencies, media houses, pharmaceutical companies, telecom operators and a large tyre company in India may be the target of cyberattack by hacking groups with links to China, cyber Intelligence firm Cyfirma has gathered from conversations on Dark Web (part of the Internet that is not indexed by Search engines) forums.
India and China engaged in violent clashes earlier this week, a first in 45 years. Twenty Indian soldiers lost their lives in the face-off, while many were injured.
According to the Cyfirma, around 9 to 10 days ago Chinese hacker forums in Mandarin and Cantonese started talking about teaching a lesson to India, especially media houses which have been critical of Chinese army.
“What piqued our interest was the list published on these forums. They had names of several Indian companies, media houses, telecom operators and a large tyre company. When we started attributing the handles publishing these lists back to their sources we found that they belonged to two hacking groups, Gothic Panda and Stone Panda, two well known hacking groups with direct affiliation to PLA (People’s Liberation Army)," said Kumar Ritesh, chairman and CEO of Cyfirma.
Cyfirma has already informed CERT-In (Computer Emergency Response Team) and some companies whose names were on the list. According to Cyfirma, MRF Tyres, Airtel, BSNL, Sun Pharmaceutical, Cipla, Reliance Jio, Hindustan Times, Times of India and Republic TV, among others, featured on the list.
These groups have a history of launching cyberattacks against government agencies and competing companies in case of any geopolitical conflict with China, added Ritesh.
In another recent incident, Chinese hackers groups are suspected to have launched a series of cyberattacks against Australian entities in retaliation to the country's decision to back an investigation into the origins of covid-19.
Several Australian entities including those run by government, political organisations and essential service providers were targeted by a series of state-backed cyberattacks in past month, Prime Minister Scott Morrison told media. Australia believes there is a strong involvement of a rival state given the scale and nature of targeting.
State-backed cyberattacks have become a common weapon of retaliation or passive aggression for powerful nation states that do not want to get into actual war.
North Korea is believed to have built a cyber army of 7,000 hackers to steal state secrets or weapon blueprints, disrupt critical infrastructure and steal from banks and cryptocurrency exchanges of rival countries. They have widely targeted power plants and electrical grids in the US and South Korea and have raised billions of dollars through cyberattacks which is used to fund their weapons programme.
India has also been in the line of fire of Pakistan-backed cyberattacks over the last few years. After the abrogation of article 370, cyber attacks on Indian institutions also increased and in many cases the attackers openly acknowledged allegiance to Pakistan.
In 2019, CERT-In informed the Indian Parliament that over 24 websites related to central ministries and state governments were hacked till May. In November 2019, a malware was found on one of the systems of Nuclear Power Corporation of India's Kudankulam nuclear power plant. The malware was designed for data extraction and was linked to the Lazarus Group, which is known to have ties to North Korea.
"Cyberattack, by national intelligence agencies, or groups affiliated with such agencies, is a growing concern. Such hackers have access to talent and resources that are far beyond the reach of most ordinary cybercriminals. With their heightened capabilities, foreign hackers pose a powerful threat to government agencies," warned Vitaly Kamluk, director of Global Research and Analysis Team, Asia Pacific, Kaspersky.