Indian police officials said on Tuesday they have charted “at least 40,300 cyberattacks” in the past four to five days against infrastructure and banking targets.
The bulk of these attacks allegedly originated in China, which currently has very tense relations with India after a deadly clash along the disputed border in the Himalayas.
The attacks include denial-of-service assaults to overwhelm websites, phishing emails intended to trick users into giving up passwords or downloading virus payloads, and the hijacking of Internet addresses. Yadav said most of them originate from the Chengdu region of China, which has long been known as a hotbed of hacker activity.
Maharashtra Cyber officials warned that the hackers are believed to possess a database containing about two million Indian email addresses to facilitate their phishing attacks. They warned phishing emails could be made to look as if they came from government or trade union email addresses. One example cited by the police was a fraudulent email that appeared to come from an Indian government health official and offered free coronavirus testing.
The Times of India noted that even before the surge of cyber attacks last week, India was the sixth most popular target for Chinese hackers, behind the U.S., South Korea, Hong Kong, Germany, and Japan. Past cyber campaigns were fairly clearly orchestrated by the Chinese People’s Liberation Army (PLA), but in recent years the hackers are more careful about covering their tracks and using widely-available malware instead of cyber weapons easily traced to the Chinese military.
India Today cited analysis by Singapore-based security firm Cyfirma Research that found the hackers plaguing India have “links to the Chinese government” and have attacked the Indian Defense Ministry and Ministry of Foreign Affairs, among other government and private targets. Major Indian media operations have also been attacked.
Cyfirma analysts said the attackers are attempting to steal valuable trade secrets and sensitive information, and also to embarrass their targets by vandalizing and hijacking websites.
“In the hackers’ conversations, IP addresses were shared and discussed. Our analysis of these IP addresses attributed Gothic Panda and Stone Panda to be behind these potential hacking campaigns. These are two prolific hacking groups with close association with the Chinese Government,” Cyfirma said.
The Economic Times of India quoted “whisperings in the dark web and hackers’ forums,” as Cyfirma founder and CEO Kumar Ritesh put it, in which the Chinese hackers speak of wanting to “teach India a lesson” and derisively describing India as a “nation that doesn’t listen to us.”
Another analyst quoted by the Economic Times, J. Prasanna of the Cyber Security and Privacy Foundation, argued that state-run hacking operations usually “don’t chat on private forums.” Some cybersecurity experts believe there are “patriotic” Chinese hackers who voluntarily attack adversaries of the regime in Beijing, while others suspect PLA cyber espionage units have gotten better at pretending to be “private” hackers, or manipulate civilian hackers to carry out sabotage campaigns directed by the Chinese Communist Party.