A sophisticated cyberespionage group, probably based in China, is taking advantage of India’s weak cyberdefenses to burrow into government bodies and academic institutions to steal sensitive diplomatic information, a leading U.S. network security company alleged Friday.
The group has also attacked other South and Southeast Asian countries, as well as Tibetan activists outside China, over the past four years, cybersecurity company FireEye said. But the group seemed particularly interested in India and its border disputes with neighboring countries.
“It is most likely Chinese,” said Bryce Boland, FireEye’s chief technology office for Asia Pacific, in an interview. “We don’t have a smoking gun, but all roads lead to China.”
The report is likely to fuel mistrust between Asia’s two most populous countries, which went to war in 1962 and continue to dispute large parts of their 2,500-mile border. India’s border with Pakistan is also disputed and heavily militarized, although India recently resolved another border dispute with Bangladesh to the east.
The cyberespionage group sent targeted spear-phishing e-mails to its intended victims, with Microsoft Word attachments containing information on regional diplomatic issues, FireEye said.
The attachments contained a script called “WATERMAIN” that, if opened, could infect the user’s computer, creating a backdoor that would allow the attacker access.
Boland said the attacker used a vulnerability in Microsoft software that has been known about for three years. The fact that dozens of attacks were successful underlines India’s inability to detect and protect itself against such attacks, he said, and the “very poor state” of its cyberdefenses.
The group was careful not to leave traces that could pinpoint the origin of the attacks. But the operation, which runs throughout the week and round the clock, appeared sophisticated and well-resourced.
The WATERMAIN script appeared to have been designed for Chinese-speaking users, Boland said, and targeted information of interest to the Chinese government. Attacks were seen on government bodies as well as diplomatic, scientific and educational institutions in Asia.