India has become a major source of cybersecurity threats in China: security expert
- A security expert has said while many think the US poses the biggest cybersecurity threat to China, a lot of attacks come from South Asia
- One India-based group of hackers, known as ‘Bitter’, has used various methods to target government, military and nuclear sectors
So far, the foreign ministries of China and India have not issued any responses.
This group, identified as an advanced persistent threat (APT) and active since at least November 2013, was first discovered and named “Bitter” by American security firm Forcepoint and “Manlinghua” by Chinese company Qihoo 360 in 2016.
Cybersecurity analysts suspect the group’s origins trace back to India, potentially with state support, based on IP address locations and linguistic patterns observed in the attacks. Moreover, Bitter is believed to be connected with several other groups that are suspected to be Indian, including Patchwork, SideWinder and Donot, among others.
Amid the cyber offensives, China’s foreign ministry has consistently refrained from public condemnation.
Russian hacker Aleksandr Ermakov linked to prominent 2022 Australia data breach
Spear phishing involves sending targeted individuals bait documents or links via email, which, when opened, deploy Trojans to download malicious modules, steal data and allow further instructions from the attackers.
Watering hole attacks compromise legitimate websites to host malicious files or create fake websites to trap victims, usually centred on content of interest to the target person, such as shared forum software tools.
Bitter’s operations, primarily focused on intelligence gathering, may not appear destructive on the surface, but can lead to significant information breaches with immeasurable consequences.
According to disclosures by cybersecurity firms including Anheng, QiAnXin, Intezer, and Secuinfra, there were seven attacks in 2022 and eight in 2023 closely linked to Bitter, targeting Pakistan, Bangladesh, Mongolia and China.
These attacks varied from impersonating the Kyrgyzstan embassy to sending emails to the Chinese nuclear industry. Hackers also posed as military contractors offering anti-drone systems to the Bangladeshi Air Force and even exploited compromised email accounts to spread malicious files under the guise of New Year greetings.
“Given the broad net these attacks cast, it’s likely that such incidents are continually occurring in the background,” the expert said.
“The actual harm caused by Bitter is difficult to quantify with the reported incidents. In most cases they cause little harm, but under certain circumstances, the incident represents just the tip of the iceberg of potential risks.”