Indian Firms Hit by Fresh Wave of APT Attacks

Indian Firms Hit by Fresh Wave of APT Attacks
Indian Firms Hit by Fresh Wave of APT Attacks

Security experts are warning of an uptick in targeted APT-style cyber attacks against Indian environmental, economic and governmental organizations, some of which abuse the Windows Management Instrumentation (WMI) service.

Kaspersky Lab principal security researcher, Kurt Baumgartner, wrote in a blog post that organizations on the sub-continent have been hit by many of the big name APTs over the years including Gh0stNet, Shadownet, Red October, NetTraveler, Turla, Mirage, Naikon, Chuli and Sabpub.
He claimed that in March, Kaspersky Lab had spotted activity from an APT crew in existence for some years, using an “unusual WMI technique”, with malware dubbed “WMIGhost” or “Shadow”.
The attacks typically start with a spearphishing email using a geopolitical event to trick the user into opening a malicious attachment.
“The script instantiates WMI objects for communications complete with their Comment Crew-like encoded WordPress site instructions that redirect the backdoor to the appropriate command and control server for further instruction,” Baumgartner explained.
“Along with other groups, WMIGhost attackers are actively hitting Indian targets.”
Another attack featured a spoofed United States Air Force document as the lure.
“We observe more of these current attacks occurring throughout the country on government and military agencies, NGOs, subcontractors and technology developers, with an expanding scope of targets,” he said.
Another group which has “spent a disproportionate amount of effort and attention” on pilfering data from Indian organizations is the NetTraveler crew.
Its spearphishing emails typically contain content on current Indian political issues in an attempt to trick the victim into opening a malicious attachment.
With a huge number of novice internet users and SMEs coming online every week, India is ripe for exploiting by cyber gangs.
Just this week, the bank accounts of scores of Mumbai police and Indian Air Force officers were aparently hacked and salaries fraudulently withdrawn.
The situation has deteriorated to the point where senior lawmakers are calling for a change in the law to clamp down on cybercrime.
“With the tendency of misuse of technology rising, there is a need for a strict statuary provision to regulate the criminal activities in the cyber world,” said PK Malhotra, a secretary in the Union justice ministry, according to Firstpost.

What’s hot on Infosecurity Magazine?