A Chinese cyber security firm has claimed that a hacker-group operating under the code name ‘Confucius,’ from India, is behind several cyber-attacks against Pakistan targets.
According to the Chinese cyber security firm Antiy Labs, the group’s 1st attacks date to 2013. To steal critical data, it has mostly targeted govts., armed forces & energy sector entities of neighbouring states, including China, Pakistan & Bangladesh.
“Confucius Says”
International cyber security experts have named the group ‘Confucius’ because it uses the command “Confucius says” when launching an attack.
The gang is skilled at employing spear-phishing emails, phishing websites & specific social engineering techniques to attack various targets. It is reasonable to conclude that they have studied Chinese culture during their repeated attacks on China. Profits from politics & the economy motivate the group’s behaviour.
Important Infrastructure
It either steals vital information from its targets or tries to destroy important infrastructure. The strikes may actually affect the outside world. When Antiy CERT traced the attacks from the direction of the South Asian subcontinent starting in 2021, it claimed to have discovered the group’s strikes targeting govt. & military sites in Pakistan.
Targeted spear phishing emails are sent from fake govt. addresses. Trojan horse programs are installed on the host computers after the recipients open or download the documents.
Pakistan Army
Antiy discovered that the group conducted attacks in Feb. 2022 using a malware file containing information about the “vaccination status of govt. employees”. In June 2021, the attackers used another file containing “a list of those who died in the Pakistan Army”.
To fool their targets into clicking the links in spear-phishing emails, the hackers include several types of malware.
Antiy has thoroughly examined the attack samples from the group & discovered that the hackers collaborated with SideWinder, another advanced persistent threat (APT) group, to swap tools & scripts.
Indian APT groups often exchange tools & codes. International cyber security firms had previously disclosed that the APT group known as ‘Confucius’ had also exchanged codes with other Indian players like Urpage.
Vaccination Status
The hacker group conducted attacks in Feb. 2022 using a malware file containing information about the “vaccination status of govt. employees”. In June 2021, a similar file containing information about a list of those who had “died in the army” was used. To fool their targets into clicking the links in spear-phishing emails, the hackers include various forms of malware.
Authorities in Pakistan have taken note of the attacks. In a nationwide alert, the Pakistani National Telecom & Information Technology Security Board warned that hackers are sending spear phishing emails with the name of the Pakistan PM’s office as the sender.
It urged officials & the general public to remain vigilant & avoid sending any personal information via email or social media.
Targets
The gang has so far mainly targeted govts., armed forces & energy industries in neighbouring states, including China, Pakistan & Bangladesh. The purpose of the attacks has been illegal collection of data. The report categorises the hackers as an APT, which is primarily a hacking gang that persistently attacks specific targets.
Chinese media outlets have claimed that India uses the APTs in conjunction with state intelligence to wage cyber warfare against China & its neighbours in S. Asia. It is not the 1st time that New Delhi has been accused by China’s official media of attacking the militaries & administrations of several South Asian nations.
Chinese Attacks
The Chinese official media reported in Nov. 2021 that the Indian hacking collective ‘Evil Flower’ had conducted many cyber-attacks on military & govt. organisations in China, Pakistan & Nepal.
Supporting this group, along with some others include the ‘Lure of Beauty’ & the ‘Ghost War Elephants.’ The Chinese claim that these ‘state-backed’ hackers have attacked the Chinese military operations & administration in several S. Asian nations.
Chinese media have claimed that the ‘Evil Flower’ & other APTs broke into sensitive Chinese networks via phishing techniques. According to Antiy Labs, “Since March, we have discovered various phishing activities targeting govt., defence & military units, as well as state-owned organisations in China, Pakistan & Nepal.”
Spear-Phishing
It has been claimed that these hackers have been attacking China continuously since 2019 & have used techniques like spear-phishing that involves online impersonation.
The paper, however, does not explain how ‘Evil Flower’ had managed to get away with these operations for 2 years, despite the fact that cyber security, data privacy & cyber-infrastructure have received increased attention since Chinese President Xi Jinping called for this in a speech in 2014.
Cyber Security Experts
Beijing has reportedly received advice from Chinese specialists to strengthen its cyber security measures, conduct drills & protect data moving across borders to defend it from potential assaults.
The Chinese Govt. has also received public advice from its cyber security experts to set up a thorough reporting system in the event of an attack.
The Director of the Institute of China Cyber Base Plan in Beijing has also claimed that these Indian-backed cyber-attacks are a component of India’s containment strategy for China.
The Indian cyber-attacks are seen by some as an element of a larger plan by India to undermine China’s national security.