Computers & Laptops

Cyber attack on Defence Research Lab thwarted: Quick Heal

PTI New Delhi | Updated on October 02, 2014 Published on October 02, 2014

An attempt to steal sensitive data from Defence Metallurgical Research Laboratory (DMRL), the research lab of DRDO, through cyber attack was detected and blocked in September, security software maker Quick Heal has said in its report.

“We have been closely tracking an attack campaign named as ’Sinon’ specifically aimed at the Defence Metallurgical Research Laboratory (DMRL), research laboratory of the Defence Research and Development Organisation (DRDO),” said Quick Heal Chief Technology Officer Sanjay Katkar, sharing contents of the report.

The report said that the attack termed as ‘Sinon Campaign’ was detected on September 5, 2014 and was carried out through a genuine looking email - spear-phishing email - with an infected attachment designed to exploit an old vulnerability in Windows operating system.

“The threat was immediately found and blocked by our end point security solution active in DRML’s computer thus making it completely harmless. We took a couple of weeks’ time to understand that the threat blocked was actually an invasive effort to penetrate and steal our defence intelligence,” Katkar said.

He did not share the damage that the attack could have done in stealing information from the lab located in Hyderabad but said the thwarted attack was “capable of copying sensitive data and sending it to the attackers server, and the attackers would also have full control over the machine from its Control & Command centre.”

The Quick Heal analysis of the attack showed that it was being executed through a server in Vietnam but that the server address and other details could have been a fake registration. The location of original attacker was not shared in the report.

The attack was executed through a genuine looking e-mail and once the spear-phishing e-mail was opened, it opened a fake document. The fake document downloaded a malicious code.

“While the document would completely misguide the victim, the malware would create another huge avg.dll file of 28MB size to misguide anti-virus or any other debugging software. This file once installed looks like a genuine antivirus software,” the report said.

Earlier this year the Indian Infosec Consortium found that about 3,000 Internet connections in Delhi were compromised probably for snooping from foreign locations.

The list included names of Defence Ministry at South Block and the Chief of Naval Staff in C-Wing at South Block.

Government’s cyber security arm Computer Emergency Response Team-India (CERT-In) reported 62,189 cyber security incidents in first five months of the current calendar year.

The attacks have been observed to be originating from the cyber space of a number of countries including the US, Europe, Brazil, Turkey, China, Pakistan, Bangladesh, Algeria and the UAE, but could not be established.

Published on October 02, 2014

A letter from the Editor

Dear Readers,

The coronavirus crisis has changed the world completely in the last few months. All of us have been locked into our homes, economic activity has come to a near standstill. Everyone has been impacted.

Including your favourite business and financial newspaper. Our printing and distribution chains have been severely disrupted across the country, leaving readers without access to newspapers. Newspaper delivery agents have also been unable to service their customers because of multiple restrictions.

In these difficult times, we, at BusinessLine have been working continuously every day so that you are informed about all the developments – whether on the pandemic, on policy responses, or the impact on the world of business and finance. Our team has been working round the clock to keep track of developments so that you – the reader – gets accurate information and actionable insights so that you can protect your jobs, businesses, finances and investments.

We are trying our best to ensure the newspaper reaches your hands every day. We have also ensured that even if your paper is not delivered, you can access BusinessLine in the e-paper format – just as it appears in print. Our website and apps too, are updated every minute, so that you can access the information you want anywhere, anytime.

But all this comes at a heavy cost. As you are aware, the lockdowns have wiped out almost all our entire revenue stream. Sustaining our quality journalism has become extremely challenging. That we have managed so far is thanks to your support. I thank all our subscribers – print and digital – for your support.

I appeal to all or readers to help us navigate these challenging times and help sustain one of the truly independent and credible voices in the world of Indian journalism. Doing so is easy. You can help us enormously simply by subscribing to our digital or e-paper editions. We offer several affordable subscription plans for our website, which includes Portfolio, our investment advisory section that offers rich investment advice from our highly qualified, in-house Research Bureau, the only such team in the Indian newspaper industry.

A little help from you can make a huge difference to the cause of quality journalism!

Support Quality Journalism
This article is closed for comments.
Please Email the Editor
You have read 1 out of 3 free articles for this week. For full access, please subscribe and get unlimited access to all sections.