Chinese information security companies reveal the activities of hackers behind attacks on critical infrastructure.
Recent reports from Chinese cybersecurity companies have highlighted a series of cyber attacks on critical infrastructure originating in India. The attacks were directed, among other things, against China and Pakistan.
It is noted that one of these attacks on the Chinese military infrastructure, intercepted by a Chinese information security company in December, was carried out by a group of hackers from India. The attack had similar goals and methods to the previous ones, which indicates that the same group was involved.
The APT group, which has been active since November 2013, was first discovered and named "Bitter" by the American company Forcepoint and "Manlinghua" by the Chinese company Qihoo 360 in 2016. Over time, the disclosure of Bitter's activities revealed its political motivations, since the main targets are Pakistan and China, including government structures, military and nuclear sectors.
Cybersecurity analysts suspect that the group has roots in India and is potentially supported by the state, given the location of IP addresses and linguistic features seen in the attacks. Bitter is also believed to be associated with several other supposedly Indian bands, including Patchwork, SideWinder, and Donot.
Contrary to popular belief that cyber threats to China mostly originate from the United States, professionals note that a significant number of attacks originate from South Asian countries, as noted by a Beijing-based security expert who requested anonymity. China and India, the world's two most populous countries, have a complex relationship, with border disputes and conflicts as well as growing bilateral trade.
Bitter uses two main attack strategies: Spear phishing and Watering hole attacks:
According to the reports of information security companies Anheng, QiAnXin, Intezer and Secuinfra, in 2022 and 2023, 7 and 8 attacks were recorded, respectively, closely related to Bitter, targeting Pakistan, Bangladesh, Mongolia and China. The attacks ranged from forging emails from the Kyrgyz embassy to sending emails to the Chinese nuclear industry.
Although Bitter's operations are primarily focused on intelligence gathering, and may not seem disruptive at first glance, they can lead to significant information leaks with immeasurable consequences. At the moment, the Foreign Ministries of China and India have not made any official comments on the situation.
Recent reports from Chinese cybersecurity companies have highlighted a series of cyber attacks on critical infrastructure originating in India. The attacks were directed, among other things, against China and Pakistan.
It is noted that one of these attacks on the Chinese military infrastructure, intercepted by a Chinese information security company in December, was carried out by a group of hackers from India. The attack had similar goals and methods to the previous ones, which indicates that the same group was involved.
The APT group, which has been active since November 2013, was first discovered and named "Bitter" by the American company Forcepoint and "Manlinghua" by the Chinese company Qihoo 360 in 2016. Over time, the disclosure of Bitter's activities revealed its political motivations, since the main targets are Pakistan and China, including government structures, military and nuclear sectors.
Cybersecurity analysts suspect that the group has roots in India and is potentially supported by the state, given the location of IP addresses and linguistic features seen in the attacks. Bitter is also believed to be associated with several other supposedly Indian bands, including Patchwork, SideWinder, and Donot.
Contrary to popular belief that cyber threats to China mostly originate from the United States, professionals note that a significant number of attacks originate from South Asian countries, as noted by a Beijing-based security expert who requested anonymity. China and India, the world's two most populous countries, have a complex relationship, with border disputes and conflicts as well as growing bilateral trade.
Bitter uses two main attack strategies: Spear phishing and Watering hole attacks:
- Spear phishing involves sending infected documents or links to targets via email, which when opened download Trojans to steal data and further instructions from attackers;
- Watering holes involve compromising legitimate websites to host malicious files or creating fake websites to trap victims, usually using the content they are interested in.
According to the reports of information security companies Anheng, QiAnXin, Intezer and Secuinfra, in 2022 and 2023, 7 and 8 attacks were recorded, respectively, closely related to Bitter, targeting Pakistan, Bangladesh, Mongolia and China. The attacks ranged from forging emails from the Kyrgyz embassy to sending emails to the Chinese nuclear industry.
Although Bitter's operations are primarily focused on intelligence gathering, and may not seem disruptive at first glance, they can lead to significant information leaks with immeasurable consequences. At the moment, the Foreign Ministries of China and India have not made any official comments on the situation.
