A hacker group that appears to be residing in China has been targeting India and Southeast Asian nations in a bid to extract information about ongoing border disputes and other diplomatic issues.
Describing the hackers as part of an APT (advanced persistent threat) group, cybersecurity vendor FireEye said the attack campaign had been ongoing since 2011 and targeted more than 100 victims, 70 percent of which were in India.
The group would send spearphishing e-mail attached with Microsoft Word documents containing a script, called Watermain, which would create backdoor on infected machines. FireEye also detected the attacks in April 2015, a month ahead of India’s premier Narendra Modi’s first state visit to China.
The hacker group had modified their approach over the past four years and, today, primarily relied on an exploit from 2012, a FireEye spokesperson told ZDNet. Organizations in the region that continued to operate systems without patching against such known exploits were easy victims, he said.
View full story
