BENGALURU: Several Advanced Persistent Threat (APT) groups, a large number of them most likely based in China, are conducting phishing attacks targeting government, diplomatic, scientific and educational organisations. Aerospace and defence organisations are among the main targets.
According to FireEye Inc, a cyber security firm, the advanced campaign appears to target information about ongoing border disputes and other diplomatic matters.
A representative of the company told Express that about 300 APT groups have been tracked, of which some are targeting India. “While hacking of websites is not a sophisticated process, APT groups are more likely to be funded by the governments. These groups target persons with access to high-value information,” the representative said.
APTs sent phishing e-mails containing Microsoft Word attachments containing a script called ‘WATERMAIN’, which creates backdoors on infected machines, allowing the groups to access information on the system.
A specific group, named APT-30 by the security firm, has used the script to target several individuals since 2011, of which 70 per cent were from India. Apart from India, neighbouring nations were also targeted with the objective of collecting information on border disputes.
According to Bryce Boland, chief technology officer of FireEye, collecting intelligence on India remains a key strategic goal for China-based APT groups. FireEye had revealed the details of APT-30, a decade-long cyber espionage campaign by suspected China-based groups, in April.