Notorious Chinese hackers attack Indian entities; Defence Ministry, Jio, Airtel, Cipla, L&T top targets

Chinese hackers are targeting Indian entities after the recent border clashes between the two countries. Hacker groups with links to Chinese government are carrying out a series of attacks on Indian businesses, ministries, and media organisations. According to Singapore-based Cyfirma Research, a cyber threat intelligence firm, companies like Reliance Jio, Airtel, BSNL, Micromax, Cipla, Sun Pharma, MRF, and L&T are being targeted by Chinese hackers to tarnish their reputation and exfiltration of sensitive information, including trade secrets.


Broadly, the sectors that were targeted for cyberattacks included telecom (private and public), pharma, media companies, smartphone makers, construction and tyre companies. Cyfirma's analysis also shows that the hackers particularly targeted three central government ministries - Ministry of Foreign Affairs, Ministry of Defence, and Ministry of Information and Broadcasting.


The hackers behind these attacks have a long history of carrying out big cyberattacks on different countries. "In the hackers' conversations, IP [Internet protocol] addresses were shared and discussed. Our analysis of these IP addresses attributed Gothic Panda and Stone Panda to be behind these potential hacking campaigns. These are two prolific hacking groups with close association with the Chinese Government," Cyfirma note says.


For the uninitiated, Gothic Panda has a track record of targetting strategic sectors such as defence, aerospace, telecom, transportation, manufacturing, construction and engineering, whereas Stone Panda is an expert group for trade secret theft and stealing supply chain information. Both groups have been actively involved in targeting organisations in countries such as India, Japan, US, Canada, and Brazil.

While attacking Indian companies and authorities, the Chinese hackers were found discussing ways to 'teach India a lesson'. The most common types of attacks included defacing websites using weakness in web applications, data exfiltration using specialised malware, denial of service; and impersonating companies' website and launching malicious phishing campaigns.


Though the data was analysed between June 8 and June 18, experts say that the attacks on Indian institutions continue to remain high following the deadly brawl between soldiers on both sides. Anti-China sentiments in India were building up due to coronavirus even before the recent cross-border tension. But after the killings of Indian soldiers, people are calling for boycott of Chinese products. Ministries too are advising companies to stop use of Chinese items.


Last week, Indian Railways' Dedicated Freight Corridor Corporation of India Limited (DFCCIL) became the first entity to terminate a Rs 470-crore signalling works contract with a Chinese firm CRSC (China Railway Signal and Communication Corporation). Even as some reports suggest that both countries have mutually agreed to disengage at the disputed LAC (line of actual control), it's unlikely that the cyberwarfare would recede any time soon