Share this article on:
The Insikt Group, subsidiary of US cyber intelligence firm Recorded Future, has found evidence linking Chinese state-backed hackers to a swathe of cyber breaches in India.
The Insikt Group released a report this week detailing how a swathe of Indian organisations including a media company, government agency and police department were targeted by hackers thought to be supported by the Chinese government.
The vital clue for the cyber agency was the use of the Winnti malware, which is typically utilised by threat actors who are thought to be supported by the Chinese government.
According to a release from Recorded Future, the hacks follow a trend of Chinese outlets targeting Indian organisations.
“Following this theme of Chinese targeting of Indian entities, we have identified further suspected intrusions targeting the Indian media conglomerate Bennett Coleman And Co Ltd (BCCL), commonly known as 'The Times Group'; the Unique Identification Authority of India (UIDAI); and the Madhya Pradesh Police department,” a release from the Recorded Future read.
The cyber intelligence company alleged that the targets were carefully selected, with UIDAI providing a valuable source of intelligence to the Chinese government.
“TAG-28 highly likely targeted UIDAI due to its ownership of the Aadhaar database. Bulk personally identifiable information (PII) data sets are valuable to state-sponsored threat actors. Likely uses of such data include, but are not limited to, identifying high-value targets such as government officials, enabling social engineering attacks, or enriching other data sources,” the release continued.
“As of early August 2021, Recorded Future data shows a 261 per cent increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian organisations and companies already in 2021 compared to 2020.”
The Chinese government has however hit back, suggesting that the accusations have only been directed at China as a method to hurt the Chinese government.
“This cyber security company has repeatedly fabricated similar incidents to smear the Chinese government,” China’s foreign ministry said last week.
“It is unprofessional and irresponsible.”
[Related: CrowdStrike reports surge in state-sponsored cyber attacks]