Chinese hackers aggressive since Galwan clash, stealing sensitive info from India: Cyber research expert | #cybersecurity | #cyberattack

Following the Galwan Valley clashes, cyber attacks by Chinese hackers have seen a massive surge in India. As per Singapore-based cyber research firm, Cyfirma, there has been a 300% jump in such attacks since June 18 by hackers supported by the Chinese army.

A spike in the intensity and aggression in these cyber attacks have been noticed post-Galwan clashes which took place on June 15-16 at the Ladakh border between the Indian Army and People’s Liberation Army (PLA) of China.

In an exclusive interview to India Today TV, Cyfirma Chairman and CEO Kumar Ritesh said that their research has found that there is a marked shift since the Galwan Valley clashes. Cyfirma has shared its research findings with India’s nodal agency Computer Emergency Response Team (CERT-In) and flagged the increased Chinese dark web activity against India at a time it is engaged in a border standoff.

“Our research has found that targets have changed since June 18 and a lot of activity has been noticed, almost 300% increase from June 18,” said Kumar Ritesh.

“What we are witnessing now is the reconnaissance phase during which they are collecting sensitive information about targets and then profile them, the second phase might see cyber attacks one by one,” he further added.

The Cyfirma CEO confirmed that cyber attacks post-June 18 are unique. He added that initially the attacks focussed on indigenous industries such as mobile manufacturing, construction, tyres and media companies and some government agencies as well.

“Since June 18, the second wave of cyber attacks are very different and they have moved on from website defacement and reputational damage to stealing sensitive information, sensitive data, customer information and intellectual property,” he added.

The modus operandi of Chinese hackers has also changed following border standoff with India since June.

Earlier, Chinese hackers operated through Pakistan and North Korea-based hackers. Now Chinese hackers have directly involved themselves and are trying to collect sensitive data from targeted Indian entities.

Kumar Ritesh said told India Today TV, “Earlier the Chinese hackers were in a supportive role for Pakistan and North Korea-based hackers but now they are in the frontline and are driving the agenda for cyber attacks.”

  • Research indicates that most attacks are being launched from bases in Beijing, Guangzhou, Shenzhen and Chengdu. Although to hide their identity the two most common Chinese state-sponsored threat actors — Gothic Panda and Stone Panda don’t use assets in China and they operate out of the US, Europe and have moles in Asia as well. But most of the handlers of both Gothic and Stone Panda were from PLA and they have been using the infrastructure of the Chinese army.

“There was always an interest in India among the Chinese state-sponsored hackers, but they were not aggressive,” said Kumar Ritesh.

“From June they have become very aggressive, we have decoded vocal statements like try to teach them (India) a lesson, if you look at state-sponsored hackers they have a geopolitical agenda but now the Chinese state-sponsored hackers support interests of local industries which makes their intent very clear,” he added.

“Their targets are primarily those Indian firms which have established globally and have an international reputation,” said the Cyfirma CEO. He said that while the government infrastructure is undergoing upgradation but hackers are much faster. “Information sharing between nodal organization and other entities is slow, there should be real-time sharing of information to deal with cyber attacks effectively and timely,” he suggested.

Original Source link

Leave a Reply

Your email address will not be published.

64 − fifty six =