Internet security experts have identified a major cyber espionage activity in India. A group called Danti has reportedly barged into several government accounts, creating backdoors to steal information. The attackers are infecting the networks with malware to create channels for themselves to siphon off data.

The Moscow-based Internet security solutions firm Kaspersky, which has been tracking the racket for the last few months, estimates that the attackers might have full access to internal networks in Indian government organisations.

“The exploit is delivered through spear-phishing emails. In order to attract the attention of potential victims, the threat actors behind Danti have created emails in the names of several high-ranking Indian government officials,” a Kaspersky executive said. The firm suspect that some “Chinese-speaking hackers” are behind these groups.

Once the exploitation of the vulnerability takes place, the Danti backdoor is installed and this subsequently provides the threat actor with access to the infected machine so they can withdraw sensitive data.

There’s a striking similarity in all the incidents. The attackers tapped the CVE-2015- 2545 vulnerability to inject malware. The CVE-2015- 2545 error enables an attacker to execute arbitrary code using a specially crafted EPS image file.

Kaspersky’s security experts have observed a wave of espionage attacks conducted by different groups across the Asia-Pacific (APAC) and Far-East regions.

Trojans detected

The firm has detected Trojans (which spread like wildfire once infected) in Kazakhstan, Kyrgyzstan, Uzbekistan, Myanmar, Nepal and the Philippines apart from India.

“We expect to see more incidents with this exploit, and we continue to monitor new waves of attacks and the potential relationship with other attacks in the region,” Alex Gostev, Chief Security Expert at Kaspersky Lab Research Centre in APAC, said.

Related Topics
comment COMMENT NOW