By Sanjeev Sharma New Delhi, November 20, 2018 : .Antiy Labs, a Chinese cybersecurity company, has published a new report that revealed that a hacker group based out of Delhi had been conducting cyberattacks on the defence and government departments in Pakistan and China.
Global Times reported.
This report analyzed the cyberattacks by You Xiang, a South Asian organization.
It revealed its target, technology, equipment and exposed the attackers, who hide behind screens and wear invisible clothes.
Li Bosong (the company’s vice-chief engineer) told Global Times they discovered “baby elephant activities” in 2017.
This was when large-scale cyberattacks against the South Asian government, military, and defense departments were detected.
Based on the investigation of their activities it was determined that they are from India.
This is in contrast to another hacker group called “white elephant” from India.
Although the organisation was equipped with its own attack tools and resources, it had a primary attack capability.
This might just be an inexperienced attack team.According to Li, the report, “That’s why I’ve called this new, advanced threat organization ‘baby Elephant’.”
The “baby elephant”, four years later, is still on the move, expanding their target list.Li stated that since 2017, there have been more “baby elephant” attacks than ever before.
Attack methods and materials have become better and their target area has expanded to include South Asia.The group started targeting Chinese intelligence-theft institutions in 2021.
Antiy Labs reported that the attacks include phishing sites, malware Android apps attacking phones, Trojans in Python languages to steal documents, browser cache passwords, and other information about computers’ host systems.
The “baby elephant”, for example, used disguises to pretend to be the postal system of the Nepalese Police, Army and Government, which included the Ministry of Foreign Affairs and Ministry of National Defence of Nepal, to launch targeted attacks in order to get email accounts that could then be used for subsequent attacks.
The app also claimed to be an Android application that could poll for India-Nepal disputes.The malicious Android app will be installed and opened by the victim.
Global Times reports that the application will be able to monitor victim’s phone if permissions have been granted.
Highlight of this report is the fact that hackers were exposed after they uploaded Trojan horses to government security resources in order to determine if the Trojan horses could escape antivirus software.
Resource retrieval revealed that at least one of the sample uploaders was from Delhi in India.According to the report, eight malicious test files had been uploaded by this hacker between November 23 and November 24, 2020.
These samples had a similar code content to those of the “baby Elephant”.
Some hacking organizations from India, judging by their previous activities aren’t very well-hidden.
The first is due to its inept attacking capabilities, but it also reflects the fearless mindset of these attackers.Li stated that the physical location for one attacker is most likely the same as the location of an entire hacking group.
Li stated that “despite constantly diversifying attack methods and more numerous functions of malicious files, attacks could still traced back to the baby elephant” based upon its targets, tactics, decoys, and Trojan homology.”
The attacks targeted the same targets, including those in Nepal and Pakistan.According to Li, the tactics and techniques they employed were similar to that of the baby elephant in its early stages.They used malicious HTA scripts as well as Python Trojan horses.
Li pointed out that their domain names are similar to those of the state-owned entities in Sri Lanka, Nepal, and Pakistan.The report also stated that they tended to use dynamic domain names from the US network provider No-IP such as myftp.org and hopto.org.
Numerous signs indicated that “baby elephant”, a cyberattack organization that poses a threat to the security of South Asia-Pacific, was already active.
Li stated that it is likely to also become the principal attack group in South Asia’s future.
He called for more attention to the “baby Elephant”.
The “baby elephant”, which attacks victim countries, is often weak in economics and digital maintenance.
Li said that they have the same rights as any country to protect their sovereignty, security, and interests.
Antiy Labs stated that they had detected phishing attacks targeting government units in Pakistan, China and Nepal since March.
It is believed that the attackers are from India.Their activities can be tracked back as far as April 2019.
Global Times reports that material obtained by several top cybersecurity firms in China has revealed another sophisticated network.Top hackers from South Asia, mostly from India, have continuously attacked defense and military units in China, Nepal, and Pakistan over the last few years.
Such attacks are now on the rise, disguised as international trends.
(Sanjeev Sharma can be reached at [email protected])
san/dpb #hackers #Delhi #China #Pakistan
