Cyber campaign by Chinese hackers targeting India to get intelligence data

A new report by cyber security firm FireEye claims that Chinese hackers have been targeting India since 2012 to get information related to political issues. The threat group conducting the attacks was first detected in April 2015, ahead of Prime Minister Narendra Modi’s visit to China.

The systematic cyber attacks by the organization have continued since then. So far, it’s racked up to a 100 victims, over 70% of them in India. It spies on any data connected to Sino-India border disputes, exiled Tibetan groups and diplomatic issues concerning Nepal, Pakistan and Bangladesh. FireEye believes the advanced group is most likely based in China and uses spear phishing emails to gain access to data.


To the victim, the documents they receive appear to be related to regional issues and contain a Microsoft Word attachment called ‘WATERMAIN’. Once opened, it creates a backdoor on infected machines. This method has been used for the past four years and has compromised several Tibetan activists and others in Southeast Asia, particularly focusing on scientific, governmental and educational organizations.

According to PTI, FireEye had in the past reported about a cyber espionage campaign by another Chinese hacking team, APT30. It’s been snooping on administrations and businesses in the same region undetected for a decade now, with an aerospace and defense company in India falling prey to its attacks. China strongly denied these accusations in April 2015.

Also See: Pak cyber security firm accused of stealing Indian defense data

Bryce Boland, the chief technology officer of FireEye, thinks collecting intelligence on India remains a top priority for Advance Persistent Threat (APT) groups in China. Targeting the country and its neighbors indicate a rising interest in foreign affairs. Organizations should work on improving their cyber security and make sure it can detect, prevent and respond to attacks.