Who Has Been Cyber Attacking India For Years?
This post is also available in: 
עברית (Hebrew)
Cyber Security firm FireEye has published a report revealing that India has been the victim of an advanced capaign of cyber attacks over the past few years, an Indian site published.
According to the report, the campaign appears to target information about ongoing border disputes and other diplomatic matters in India, Bangladesh, nepal and Pakistan. The group behind the operation, which FireEye believes is most likely based in China, sent targeted emails containing Microsoft Word attachments to its intended victims. These documents pertained to regional issues and contained a script called Watermain, which creates backdoors on infected machines. The campaign’s attacks were also detected in April 2015, about one month ahead of Indian Prime Minister Narendra Modi’s first state visit to China.
FireEye has observed WATERMAIN activity since 2011 and, over the past four years, the threat group has used Watermain to target over 100 victims, approximately 70 percent of which were in India. The group has also targeted Tibetan activists and others in Southeast Asia, with a focus on governmental, diplomatic, scientific and educational organizations.
“Collecting intelligence on India remains a key strategic goal for China-based Advance Persistent Threat (APT) groups, and these attacks on India and its neighbouring countries reflect a growing interest in foreign affairs,” said Bryce Boland, FireEye chief technology officer. “Organizations should redouble their cyber security efforts and ensure they can prevent, detect and respond to attacks in order to protect themselves.”
