New Attack on India Identified

By Roban Kearby |

InfoSecurity, Cyberattack, India Cybersecurity, FireEye, Spearphishing, Watermain

Bayshore Blog Post: InfoSecurity Magazine

August 24, 2015

From InfoSecurity Magazine: APT attack on Indian government and other organizations has been in progress since 2011

Phil Muncaster reports in InfoSecurity that researchers have discovered a large scale, advanced attack targeted mainly at Indian organizations and dating back to 2011.

According to security firm FireEye, the group behind the attack is most likely based in China. The group has spent that past four years sending spearphishing emails containing malicious Microsoft Word attachments to targets in India (70%), as well as Tibetan activists and those in other Asian nations including Nepal, Bangladesh and Pakistan.

The goal of the attackers appears to have been to lift information on border disputes and other diplomatic affairs from government, diplomatic, scientific and educational organizations. The spearphishing lure itself contained information on regional issues and was designed to insert a backdoor on victim machines with a view to covertly exfiltrating sensitive data. FireEye has named the campaign “Watermain” after the script it discovered which is designed to place backdoors on victim machines.

There are approximately 100 victims so far, it claimed.