GEC NEWS WIRELatest campaign targets organizations in Bangladesh, India, Nepal, Pakistan, seeking information on border disputes
FireEye revealed the details of an advanced campaign which appears to target information about ongoing border disputes and other diplomatic matters.
The advanced persistent threat (APT) group behind the operation, which FireEye believes is most likely based in China, sent targeted spear phishing emails containing Microsoft Word attachments to its intended victims. These documents pertained to regional issues and contained a script called WATERMAIN, which creates backdoors on infected machines. The campaign’s attacks were also detected in April 2015, about one month ahead of Indian Prime Minister Narendra Modi’s first state visit to China.
“Collecting intelligence on India remains a key strategic goal for China-based APT groups, and these attacks on India and its neighbouring countries reflect growing interest in its foreign affairs,” said Bryce Boland, FireEye chief technology officer for the Asia Pacific region. “Organizations should redouble their cybersecurity efforts and ensure they can prevent, detect and respond to attacks in order to protect themselves.”
APT attacks on organizations in India and neighbouring countries are now commonplace. In April, FireEye revealed the details of APT30, a decade-long cyber espionage campaign by suspected China-based threat actors that compromised an aerospace and defence company in India among others.
