Cyber Attacks On Govt Policy Firms On The Rise
There has been an increase in aggressive activity against Indian organizations involved in environmental, economic and government policy, says a recent Kaspersky Labs report. The security firm states that the attackers have been targeting organizations for a few years now by abusing a Windows service - Windows Management Instrumentation (WMI) - to get access to sensitive information. The malicious operations have been executed with the help of WMIGhost/Shadow Trojan.
“Over the past couple of years APTs have intensely targeted organizations and individuals across India. India’s developing technology base, its geographical location and size, its inclusive and riotous political energy, and its growing economic weight makes it a special place of interest for ill-intentioned cyber attackers,” says Kaspersky Lab Chairman and CEO Eugene Kaspersky said during his recent visit to India. “Unfortunately there is quite a long list of APT groups targeting Indian organizations,” he adds.
To establish a foothold in target organizations within the Ghost malicious campaign, the attackers generally re-use current headline news for spearphishing attacks. For example, in a March 2014 attack, this actor used an upcoming meeting between national energy labs and the Departments of Energy as their spearphishing lure, sending out a mis-spelled spoof file called “India US strategic dialouge press release.doc”.
In another recent WMIGhost campaign this year, a spoofed unclassified military document was sent simultaneously to several Indian targets with the consistent WMIGhost toolchain, “united states air force unmanned aircraft systems flight plan 2009-2047.doc”.
“We are seeing more of these current attacks occurring throughout the country, targeting government and military agencies, NGOs, subcontractors and technology developers. The scope of these attacks is getting broader all the time. Meanwhile, other actors are currently working to exfiltrate more data from India. Indian organizations are being bombarded with spearphishing and webserver attacks on multiple levels – and there is no end in sight,” says Kaspersky.
The list of advanced persistent threat groups targeting Indian organizations is long. Among the malicious campaigns interested in Indian targets we find the infamous GhostNet, Shadownet, an Enfal, Red October, NetTraveler, the LuckyCat, the Turla APT, a Mirage, and the Naikon. In some cases, Kaspersky Lab has seen unusual new techniques, some for infiltrating mobile devices by the Chuli attackers, the Sabpub attackers’ focus on Apple’s OS X devices, and various effective watering holes.
- Four Reasons For Indian Enterprises To Move To SIP
- Coolpad Appoints Chief IP Officer; Focuses On India Market
- Ransomware Against IoT, Mobile On The Rise: SonicWall
- Employee Training: A Security Priority For Financial CISOs
- Google Eyes Indian Enterprises With Its Cloud Partnership Program
- Women In Cybersecurity Face Harsh Reality: Study
- India Inc's Progress on Gender Diversity: Good, Bad or Ugly?
- Top 10 Tech Companies To Work With In India
- 3 Indian Brands that Know How To Use Humour on Twitter
- How Companies Can Disrupt Ransomware Attacks