Indian government websites on Chinese hackers' radar trigger security concerns

Indian security agencies are concerned on the latest development in which the United States Department of Justice has said that five Chinese hackers who charged were involved to target the Indian government networks and comprised of foreign government computer networks. 

The US government alleged that the hackers targeted "over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

The Justice Department investigation once again highlights how the Chinese hackers systemically conspiring to hack Indian computer networks including other countries.

“There is an urgent need for Indian law enforcement agencies to investigate the leads and file prosecution against Chinese and North Korean hackers.” said a senior security official deployed in Indian Security establishment to Zee Media.

"In about 2019, the conspirators compromised government of India websites, as well as virtual private networks and database servers supporting the government of India. The conspirators used VPS PROVIDER servers to connect to an Open VPN the network owned by the government of India," the indictment said.

The conspirators had installed "Cobalt strike" malware on Indian government-protected computers, it added.

As per the investigation, security researchers have tracked using the threat labels “APT41,” “Barium,” “Winnti,” “Wicked Panda,” and “Wicked Spider,” facilitated the theft of source code, software code signing certificates, customer account data, and valuable business information, says the Department of Justice (DOJ).  These intrusions also facilitated the defendants’ other criminal schemes, including ransomware and “crypto-jacking” schemes, the latter of which refers to the group’s unauthorized use of victim computers to “mine” cryptocurrency. 

“The Department of Justice has used every tool available to disrupt the illegal computer intrusions and cyberattacks by these Chinese citizens,” said Deputy Attorney General Jeffrey A. Rosen. 

“Regrettably, the Chinese communist party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China.”

The report added, The racketeering conspiracy pertained to the three defendants’ conducting the affairs of Chengdu 404 Network Technology (“Chengdu 404”), a PRC company, through a pattern of racketeering activity involving computer intrusion offenses affecting over 100 victim companies, organizations, and individuals in the United States and around the world, including India. The defendants also compromised foreign government computer networks in India and Vietnam, and targeted, but did not compromise, government computer networks in the United Kingdom.  In one notable instance, the defendants conducted a ransomware attack on the network of a non-profit organization dedicated to combating global poverty.

In India, there are many cases that have been reported in the last few months in which Chinese hackers associated with the People’s Liberation of Army (PLA) attempted to gather sensitive information of the country through cyber espionage. There have been attempts made by these hackers to send a special computer program worldwide by attaching malware tools to cyber espionage. Icebug, Hidden Lynx (a professional advanced persistent threat using the program), and APT-12 have been used for attacking government and industrial organizations by Chinese hackers.

In 2014, the US had charged five PLA military officers for espionage and they were part of unit '61398'. The US agencies believe that, like Unit '61398', many such groups exist in China with the active support of the PLA, who are engaged in cyber spying around the world. 

Many analysts believe China now has the capability to successfully target critical infrastructure during the war. There is also concern that Chinese hackers may disrupt the electric grid and banking system through cyber attacks.