Internet security experts have identified a major cyber espionage activity in India. A group called Danti has reportedly barged into several government accounts, creating backdoors to steal information. The attackers are infecting the networks with malware to create channels for themselves to siphon off data.
The Moscow-based Internet security solutions firm Kaspersky, which has been tracking the racket for the last few months, estimates that the attackers might have full access to internal networks in Indian government organisations.
“The exploit is delivered through spear-phishing emails. In order to attract the attention of potential victims, the threat actors behind Danti have created emails in the names of several high-ranking Indian government officials,” a Kaspersky executive said. The firm suspect that some “Chinese-speaking hackers” are behind these groups.
Once the exploitation of the vulnerability takes place, the Danti backdoor is installed and this subsequently provides the threat actor with access to the infected machine so they can withdraw sensitive data.
There’s a striking similarity in all the incidents. The attackers tapped the CVE-2015- 2545 vulnerability to inject malware. The CVE-2015- 2545 error enables an attacker to execute arbitrary code using a specially crafted EPS image file.
Kaspersky’s security experts have observed a wave of espionage attacks conducted by different groups across the Asia-Pacific (APAC) and Far-East regions.
Trojans detectedThe firm has detected Trojans (which spread like wildfire once infected) in Kazakhstan, Kyrgyzstan, Uzbekistan, Myanmar, Nepal and the Philippines apart from India.
“We expect to see more incidents with this exploit, and we continue to monitor new waves of attacks and the potential relationship with other attacks in the region,” Alex Gostev, Chief Security Expert at Kaspersky Lab Research Centre in APAC, said.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.