China: The Singapore based cyber-security firm Cyfirma warned that China is plotting a “terrorist cyber-attack” against India. The primary target of these attacks is purported to be media services in India. There are also claims that Chinese state-sponsored attackers are attempting to plant false news stories in an attempt to “change the narrative” about what is taking place between the two nations. Reports from Cyfirma indicate that discussions on Chinese hacking forums are increasing in relation to the tensions between India and China. Many of the conversations are tied to a desire to “teach India a lesson” with the frustration by many being that “this is one nation that doesn’t listen to us.” According to Cyfirma, targets have been discussed and they have seen “that IoCs (Indicators of Compromise) were shared” leading them to believe that an attack is imminent.
Analyst Notes
While the idea that Chinese state-sponsored attackers are in the process of planning and/or carrying out attacks on Indian organizations is not far-fetched, given the current tensions between the two nations, it is unlikely that conversations about it would be taking place in forums in hacking forums on the Darknet. Darknet forums are extremely popular with cyber-criminals but state-sponsored actors tend to prefer much more restricted communications mediums to ensure better operational security. What is not uncommon though, is for attackers who are inspired by national pride to discuss tools and attack methods to coordinate with other hackers. Any organization with business interest or infrastructure in India should ensure that their systems are up-to-date with the latest security patches to protect against any targeting, should the tensions between the two nations continue to escalate. Cyber-attacks from Chinese hackers at both the state-sponsored level and the criminal level are probable during this time. SEIM monitoring and Endpoint Detection and Response (EDR) is a preferable method for having an earlier warning of any intrusions before they are able to spread throughout the network. More information on the attacks on MPD can be found at https://www.express.co.uk/news/world/1299458/China-India-news-Beijing-cyber-attack-terrorism-latest-update-cyfirma
Additional information can be found here: https://economictimes.indiatimes.com/tech/internet/chinese-hacker-groups-could-target-indian-businesses/articleshow/76505894.cms
