India now faces threat of Chinese cyberattacks2 min read . Updated: 19 Jun 2020, 11:26 PM IST
- Cyber intelligence firm warns of threat to Indian firms by hacking groups
- Cyfirma found chatter on Chinese hacker forums about ‘teaching India a lesson’
Several government agencies, media houses, pharma companies, telecom operators and a large tyre company in India may be targeted by a massive cyberattack from hacking groups with links to the Chinese government, cyber intelligence firm Cyfirma has warned, citing recent chatter on dark web forums.
Around 10 days ago, Chinese hacker forums in Mandarin and Cantonese started talking on the dark web—part of the internet that is not indexed by search engines—about teaching India a lesson, especially media houses that have been critical of the Chinese army, Cyfirma said.
“What piqued our interest was the list published on these forums. They had names of several Indian companies, media houses, telecom operators and a large tyre company. When we started attributing the handles publishing these lists back to their sources, we found that they belonged to Gothic Panda and Stone Panda, two well-known hacking groups with direct affiliation to the PLA (People’s Liberation Army)," said Kumar Ritesh, chairman and CEO of Cyfirma.
Cyfirma has informed CERT-In (Computer Emergency Response Team), India’s nodal agency for cyberattacks, and some of the firms whose names were on the list. According to Cyfirma, the list included MRF Tyres, Airtel, BSNL, Sun Pharmaceutical, Cipla, Reliance Jio, Hindustan Times, Times of India and Republic TV.
“These two hacker groups have a history of launching cyberattacks against government agencies and competing companies in case of any geopolitical conflict with China," Ritesh said.
Active for more than a decade, Gothic Panda has been involved in large-scale cyberattacks targeting organizations in the US and Hong Kong.
State-backed cyberattacks have become a common weapon of retaliation for powerful countries that do not want to get into physical wars.
In another recent incident, Chinese hacker groups are suspected to have launched a series of cyberattacks against Australian organizations in retaliation against Australia’s decision to back an investigation into the origins of covid-19.
Australian entities, including those run by the government and essential service providers, have been targeted by a series of state-backed cyberattacks in the past month, Prime Minister Scott Morrison told the media. Australia believes there is a strong involvement of a rival state, given the scale and nature of targeting.
India has also been in the line of fire of Pakistan-backed cyberattacks. After the abrogation of Article 370, cyberattacks on Indian institutions increased, with many of the attackers openly acknowledging their allegiance to Pakistan.
In 2019, CERT-In informed Parliament that over 24 websites related to central ministries and state governments were hacked till May. In November, a malware was found on one of the systems of Nuclear Power Corporation of India’s Kudankulam plant. The malware was designed for data extraction and was linked to the Lazarus Group, which is known to have ties to North Korea.