Chinese-sponsored group snooping on India for a decade: Report

Singapore: A suspected Chinese-government sponsored group is understood to have snooped on inaccessible government computer networks in India for over a decade, a cyber security group here claimed on Monday.

The group termed as APT30 touted to be longest-running advanced threat groups, possibly tapped classified government networks and other networks inaccessible from a standard Internet connection, cyber security provider FireEye has claimed.

Indian researchers have also discovered APT30 suspicious activity at Indian organisations besides FireEye identifying alerts from APT30 malware at the computer network of its Indian customers which include an Indian aerospace and defence company and an Indian telecommunications firm, it claimed.

"Such a sustained, planned development effort, coupled with the group's regional targets and mission, lead us to believe that this activity is state sponsored, most likely by the Chinese government," the cyber security group claimed.

Giving details of the modus operandi of the group, FireEye claimed that APT30 deployed customised malware for use in specific campaigns targeting ASEAN members or nations with close ties or interests aligned with ASEAN states in January 2013 and April 2013 which included ASEAN-India Commemorative Summit held here between December 12-20, 2012.

"...We suspected that we were peering into a regionally focused cyber espionage operation. The malware revealed a decade-long operation focused on targets - government and commercial - who hold key political, economic, and military information about the region.

"This group...Stands out not only for their sustained activity and regional focus, but also for their continued success despite maintaining relatively consistent tools, tactics, and infrastructure since at least 2005," the group said on the analysis of APT30.

In an attempt to plant malware, the group also sent phishing mails carrying as attachments the decoy documents about Sino-India relationship particularly their military relations and in one case the snooping group allegedly used the text of a legitimate academic journal on border security challenges between the two countries, it said.

"The decoy documents centered on Indian defence and military materiel topics. In particular, a number of spear phishing subjects have related to Indian aircraft carrier (INS Vikrant) and oceanographic monitoring processes, which probably indicates a specific interest in naval and maritime themes around Indian military activity and disputes in the South China Sea," it claimed.

It said the team, which was running APT30 differed from stray hackers as they prioritised their targets, worked as a collaborative team in shifts and developed viruses and snooping computer programmes from "coherent development plan".

"Their missions focus on acquiring sensitive data from a variety of targets, which possibly include classified government networks and other networks," it said.

The cyber security firm claimed that the APT30 developed itself to target chinks in the cyber security of a country right from its evolution in 2005.