A number of cyberattacks targeting China and South Asian countries in the Subcontinent have been busted this year with hackers from India behind the attempts to launch attacks on China’s defense and military units as well as state-owned enterprises, Antiy Labs, the country’s leading anti-virus company, announced on Monday. According to vice chief engineer of Antiy Labs Li Bosong, the phishing activities they have detected since March mainly targeted the country’s government, defense and military units, as well as state-owned enterprises in China, Pakistan, and Nepal. “The hackers disguise themselves as government or military personnel and deliver emails with phishing attachments or embedded links to targets luring them to visit the websites created by them and collect the account password for intelligence gathering,” Li said.
Antiy Labs discovered that the organization behind the attacks is from India and its activities can be traced back to as early as April 2019. By far, more than 100 phishing counterfeit websites have been found by Antiy Labs, some of which target major universities, state-owned enterprises and key organs of the government in China. Others target the military, defense, and diplomatic circles in South Asia, including Pakistan and Nepal. “Once the phishing activities work, the email address will become the starting point of a new wave of cyberattacks that pose great threats to national and social security, as well as to the privacy of governments, entities and individuals,” Li noted.
The phishing emails would trick receivers to download the files and trick the target to register on the fake email system. When the victim enters the account’s password, the phishing website will send the victim’s account information to the hackers.
When a phishing website is used, it will first show a message like “restricted” or “updating e-mail system.” Then, the website will pop up a window asking to log in to the email account again. When this is done, the user will be switched to the fake email login site that the hackers have created.