Cyber Attacks On Govt Policy Firms On The Rise

by CXOtoday News Desk    Aug 05, 2014


There has been an increase in aggressive activity against Indian organizations involved in environmental, economic and government policy, says a recent Kaspersky Labs report. The security firm states that the attackers have been targeting organizations for a few years now by abusing a Windows service - Windows Management Instrumentation (WMI) - to get access to sensitive information. The malicious operations have been executed with the help of WMIGhost/Shadow Trojan.

 “Over the past couple of years APTs have intensely targeted organizations and individuals across India. India’s developing technology base, its geographical location and size, its inclusive and riotous political energy, and its growing economic weight makes it a special place of interest for ill-intentioned cyber attackers,” says Kaspersky Lab Chairman and CEO Eugene Kaspersky said during his recent visit to India. “Unfortunately there is quite a long list of APT groups targeting Indian organizations,” he adds.

To establish a foothold in target organizations within the Ghost malicious campaign, the attackers generally re-use current headline news for spearphishing attacks. For example, in a March 2014 attack, this actor used an upcoming meeting between national energy labs and the Departments of Energy as their spearphishing lure, sending out a mis-spelled spoof file called “India US strategic dialouge press release.doc”.

In another recent WMIGhost campaign this year, a spoofed unclassified military document was sent simultaneously to several Indian targets with the consistent WMIGhost toolchain, “united states air force unmanned aircraft systems flight plan 2009-2047.doc”.

“We are seeing more of these current attacks occurring throughout the country, targeting government and military agencies, NGOs, subcontractors and technology developers. The scope of these attacks is getting broader all the time. Meanwhile, other actors are currently working to exfiltrate more data from India. Indian organizations are being bombarded with spearphishing and webserver attacks on multiple levels – and there is no end in sight,” says Kaspersky.

The list of advanced persistent threat groups targeting Indian organizations is long. Among the malicious campaigns interested in Indian targets we find the infamous GhostNet, Shadownet, an Enfal, Red October, NetTraveler, the LuckyCat, the Turla APT, a Mirage, and the Naikon. In some cases, Kaspersky Lab has seen unusual new techniques, some for infiltrating mobile devices by the Chuli attackers, the Sabpub attackers’ focus on Apple’s OS X devices, and various effective watering holes.