Experts said attempts from China have increased in the last year, which further amplified after the Indian government banned Chinese applications post the Galwan clash. Ankur Sharma reports.
Chinese hackers have been trying hard to crack Indian cyber space.
There have been more aggressive attempts of hacking by Chinese hackers since last one year.
Various government organisations like the Computer Emergency Response Team (CERT-IN) and the National Critical Information Infrastructure Protection Centre (NCIIPC) are following trends and keeping a track of attempts made by Chinese post Galwan clash.
Experts said attempts from China have increased in the last year, which further amplified after the Indian government banned Chinese applications post the Galwan clash.
Recently a report has emerged this week claiming that two Indian companies, which are supplying COVID-19 vaccinations -- Serum Institute and Bharat Biotech -- are under cyber attack by a Chinese hacking group APT10, also known as Stone Panda and actively targeting one such company. Sources claimed that CERT-IN is looking into this matter.
Also, Telangana electricity department officials have also claimed that they have received alerts from CERT-IN about Chinese malware trying to enter the cyber system of the department.
Earlier on Tuesday, Union Power Minister R K Singh had said, "We should remain alert," while refuting claims that the blackout in Mumbai last year was due to a Chinese cyber-attack.
Sources in the government said that all alerts were issued regarding such attempts and concern agencies have been asked to educate organisations about such attempts and keep them updated with new threats.
Chinese hackers, majorly focus on big institutions instead of Individual, sources claimed.
The NCIIPC, which comes under the National Technical Research Organisation (NTRO) also documented details about Chinese hackers and their modus operandi about attacks generating from China recently.
The NCIIPC is a national nodal agency for all measures to protect the nation's critical information infrastructure.
It protects and delivers advice that aims to reduce the vulnerabilities of critical information infrastructure against cyber terrorism, cyber warfare and other threats.
Sources said this organisation has compiled data of attempts of cyber attack from China in the last year, which had seen an upward trend.
While giving details about a China-based threat, NCIIPC's Threat Assessment group said, 'Emissary Panda also known as APT-27 is a China-based threat actor that involves in targeting foreign embassies to collect data related to government, defence and technology sectors.
'Activities of Emissary Panda have been noticed since 2010 during attack in organisations across the world including financial services firms, US defence contractors, and a national data center in Central Asia.'
The organisation dedicated more than half a dozen of pages to various China-based threats on Power, IT and government sectors in its last newsletter of 2020.
NCIIPC further warns that when malicious attackers gain access to an industrial control system, they are able to disrupt industrial control and safety processes, leading to costly outages, damaged turbines, threats to personnel safety and even environmental disasters.
The threat assessment group of NCIIPC also provided about another Chinese hacker group Elderwood and said, 'Elderwood is a Chinese cyber espionage group that attacked Google in 2009 using Hydraq Trojan horse known as Operation Aurora and Google also confirmed that some of its intellectual property had been stolen.
'Interesting highlights of their approach include the use of the seemingly unlimited amount of zero-day exploitation, attacks on service providers working for the target organisation.'
Meanwhile, experts said attempts post the Galwan clash have been increased and various government organisations are dealing with it in a coordinated manner.
Rakshit Tondon, a cyber expert who works with various state and central agencies said China has always been like that but whenever there is some direct military conflict, the attempts increase.
"There is no official confirmation that Chinese hackers have successfully hacked any system of India but there have been aggressive attempts in the last year. Whenever there is such a (military) conflict, the Chinese increase their attempts. It was further amplified after India banned Chinese applications," he told ANI.
*****
Telangana thwarts China-based hacker's bid to target power set up, says official
Power utilities in Telangana have averted a possible attempt by a China-based group to hack the state's power systems, officials said on Wednesday.
The preventive action was taken following an alert by the Computer Emergency Response Team of India (CERT-In) and a heightened state of alertness would continue for more days, an official said.
"We noticed some malware. Immediately, we erased that. We have taken all the preventive steps. Absolutely, there is no problem," the senior official told PTI.
The CERT-In communicated to the state power utilities two days ago.
"We have a good team here also. Everyday, they are reviewing. We have anti-virus software," he added.
The CERT-In has reported from a trusted source that China-based 'Threat actor Group Command and Control' servers are trying to communicate with systems belonging to Telangana State Load Dispatch Centre (SLDC), TS Transco (Transmission Corporation of Telangana Ltd)) and advised taking suitable precautionary measures to ensure security of the power system, official sources said.
The TS Transco has taken various measures like blocking server IPs communicated by CERT-In and temporarily disabling control function for remote operation of circuit breakers from SLDC, they said.
User credentials for all those accessing TSSLDC website were changed and suspected equipment within the perimeter of the SCADA (process control system) control centre were isolated to ensure safety of the grid and satisfactory power supply to all consumers of the state, they said.
The increased state of alertness would continue for some days, the official said, adding, 'not only Telangana, for that matter, every state has to be careful'.
India target of 5 Chinese hackers charged in US
FIR lodged over hacking of Amazon customer's account
How India can win future wars
All it takes is good coding skills and greed
How to protect yourself from ransomware hackers