Indian Cyber Warfare Discussion

The Military Issues & History Forum is a venue to discuss issues relating to the military aspects of the Indian Armed Forces, whether the past, present or future. We request members to kindly stay within the mandate of this forum and keep their exchanges of views, on a civilised level, however vehemently any disagreement may be felt. All feedback regarding forum usage may be sent to the moderators using the Feedback Form or by clicking the Report Post Icon in any objectionable post for proper action. Please note that the views expressed by the Members and Moderators on these discussion boards are that of the individuals only and do not reflect the official policy or view of the Bharat-Rakshak.com Website. Copyright Violation is strictly prohibited and may result in revocation of your posting rights - please read the FAQ for full details. Users must also abide by the Forum Guidelines at all times.
Post Reply
Rishirishi
BRFite
Posts: 1409
Joined: 12 Mar 2005 02:30

Re: Indian Cyber Warfare Discussion

Post by Rishirishi »

No matter what you do, manufacture the hardware or even the software will not be 100% secure. Only way is to develop own communication protocols and avoid connection to the internet.

As for soldiers, they should not use smartphones at all. Because all apps can get some info. Even just logging on the Gmail will give a great profile of the soldiers. They can figure out their whereabouts, who they are with, their mood (by what they are searching). With this info they can predict the movement of military units and hardware, they can figure out profiles that are easy to corrupt and what they need the money for.

I would be surprised if IA soldiers are allowed to have smartphones at all.
schinnas
BRFite
Posts: 1773
Joined: 11 Jun 2009 09:44

Re: Indian Cyber Warfare Discussion

Post by schinnas »

Indian govt should make KoiOS based phones and provide basic apps either made by GoI or made by Indian industry and vetter by GoI. Govt can fully control Internet and data usage on those phones.
Manish_P
BRF Oldie
Posts: 5414
Joined: 25 Mar 2010 17:34

Re: Indian Cyber Warfare Discussion

Post by Manish_P »

Need to be equally vigilant about non-chinese apps and websites

How a Chinese agent used LinkedIn to hunt for targets
Jun Wei Yeo, an ambitious and freshly enrolled Singaporean PhD student, was no doubt delighted when he was invited to give a presentation to Chinese academics in Beijing in 2015.

His doctorate research was about Chinese foreign policy and he was about to discover firsthand how the rising superpower seeks to attain influence.

After his presentation, Jun Wei, also known as Dickson, was, according to US court documents, approached by several people who said they worked for Chinese think tanks. They said they wanted to pay him to provide "political reports and information". They would later specify exactly what they wanted: "scuttlebutt" - rumours and insider knowledge.

That was how Dickson Yeo set off on a path to becoming a Chinese agent - one who would end up using the professional networking website LinkedIn, a fake consulting company and cover as a curious academic to lure in American targets.
Sonugn
BRFite
Posts: 446
Joined: 13 Jul 2005 12:03
Location: DeceptyKon Workshop

Re: Indian Cyber Warfare Discussion

Post by Sonugn »

Bug targets critical govt computers at cyber hub NIC, email from Bengaluru firm is suspect

Well,

This breach is at NIC MeiTY & what they do is setup ICT/Security infra.at various GOI departments. It is highly likely that they will have project related files like project plans, network/security designs & policy documents. The issue was found out "when a user could not access his email", if true, his means there is a potential lack of proactive security/end point monitoring systems. If data has been exfiltrated consider that the Chinese (assuming it be them) will have a great understanding of the design/implementation/security of all the projects executed by NIC
Sonugn
BRFite
Posts: 446
Joined: 13 Jul 2005 12:03
Location: DeceptyKon Workshop

Re: Indian Cyber Warfare Discussion

Post by Sonugn »

India is no superpower in Cyberspace, claims Harvard report
Of the 30 countries analysed in the report, India ranked at number 21. The top five most powerful countries in cyberspace according to the report (in particular order) are the United States, China, the United Kingdom, Russia and the Netherlands.
The National Cyber Power Index (NCPI) is a composite index of two broad factors - capacity and intentions. These two factors are based on seven sub-parameters - Defence, Offence, Surveillance, Control, Intelligence, Commercial and Norms. In none of the factors stated above does India fare anywhere in the top. The full report can be found here.

India ranked 24th in the Defence category, 29th in Control, 15th in intelligence, 12th in Norms, 26th in surveillance and 19th in commercial parameters. There were 13 such countries including India, which neither show intent nor build capabilities in the 'offence' or destructive intents and capabilities.
Good article.
Manish_P
BRF Oldie
Posts: 5414
Joined: 25 Mar 2010 17:34

Re: Indian Cyber Warfare Discussion

Post by Manish_P »

October 12 blackout was a sabotage
Last month’s power outage in the Mumbai Metropolitan Region (MMR) was possibly the result of a sophisticated sabotage attempt involving foreign entities, a probe carried out by the state police’s cyber cell has revealed.

The month-long probe detected presence of multiple “suspicious log – ins” into the servers connected with power supply and transmission utilities by accounts operating from Singapore and a few other south Asian countries. The state police is now coordinating with national agencies to determine if these “intrusions, interferences” were part of a coordinated effort aimed at crippling the country’s financial capital.

A source who is privy to the probe, said hackers have been trying to target the country’s power utilities since February. In June, a swarm of 40,000-plus hacking attacks by non-state groups purportedly operating from China had used a type of malware to access and then encrypt sensitive data of targeted private and public entities. A power supply provider in Jammu and Kashmir had also come under the hackers’ attack.
Sonugn
BRFite
Posts: 446
Joined: 13 Jul 2005 12:03
Location: DeceptyKon Workshop

Re: Indian Cyber Warfare Discussion

Post by Sonugn »

Not per se related to India but very serious implications.

FireEye hacked
The hack hit one of the largest cybersecurity companies in the US. FireEye has investigated prominent cyberattacks including the Equifax breach and the Democratic National Committee hack. The hackers stole FireEye's "Red Team" tools, a collection of malware and exploits used to test customers' vulnerabilities
"Based on my 25 years in cyber security and responding to incidents, I've concluded we are witnessing an attack by a nation with top-tier offensive capabilities," Mandia said in his post. "This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye."
darshan
BRF Oldie
Posts: 4018
Joined: 28 Jan 2008 04:16

Re: Indian Cyber Warfare Discussion

Post by darshan »

Added later: one may want to see it from the point of view of the virus timeline and IT security chaos.
U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise
https://krebsonsecurity.com/2020/12/u-s ... ompromise/
...
It’s unclear how many of the customers listed on SolarWinds’ website are users of the affected Orion products. But Reuters reports the supply chain attack on SolarWinds is connected to a broad campaign that also involved the recently disclosed hack at FireEye, wherein hackers gained access to a slew of proprietary tools the company uses to help customers find security weaknesses in their computers and networks.

The compromises at the U.S. federal agencies are thought to date back to earlier this summer, and are being blamed on hackers working for the Russian government. FireEye said its breach was the work of APT 29, a.k.a. “Cozy Bear,” a Russian hacker group believed to be associated with one or more intelligence agencies of Russia.

In its own advisory, FireEye said multiple updates poisoned with a malicious backdoor program were digitally signed with a SolarWinds certificate from March through May 2020, and posted to the SolarWindws update website.

FireEye posits the impact of the hack on SolarWinds is widespread, affecting public and private organizations around the world.

“The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” the company’s analysts wrote. “We anticipate there are additional victims in other countries and verticals.”
darshan
BRF Oldie
Posts: 4018
Joined: 28 Jan 2008 04:16

Re: Indian Cyber Warfare Discussion

Post by darshan »

SolarWinds Hack Could Affect 18K Customers
https://krebsonsecurity.com/2020/12/sol ... customers/
The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems.
...
And it seems that Microsoft may now be in perhaps the best position to take stock of the carnage. That’s because sometime on Dec. 14, the software giant took control over a key domain name — avsvmcloud[.]com — that was used by the SolarWinds hackers to communicate with systems compromised by the backdoored Orion product updates.

Armed with that access, Microsoft should be able to tell which organizations have IT systems that are still trying to ping the malicious domain. However, because many Internet service providers and affected companies are already blocking systems from accessing that malicious control domain or have disconnected the vulnerable Orion services, Microsoft’s visibility may be somewhat limited.
....
Based on the timeline known so far, the perpetrators of this elaborate hack would have had a fairly good idea back in March which of SolarWinds’ 18,000 Orion customers were worth targeting, and perhaps even in what order.
...
Some of the legal and regulatory fallout may hinge on what SolarWinds knew or should have known about the incident, when, and how it responded. For example, Vinoth Kumar, a cybersecurity “bug hunter” who has earned cash bounties and recognition from multiple companies for reporting security flaws in their products and services, posted on Twitter that he notified SolarWinds in November 2019 that the company’s software download website was protected by a simple password that was published in the clear on SolarWinds’ code repository at Github.
...
Another open question is how or whether the incoming U.S. Congress and presidential administration will react to this apparently broad cybersecurity event. CSIS’s Lewis says he doubts lawmakers will be able to agree on any legislative response, but he said it’s likely the Biden administration will do something.

“It will be a good new focus for DHS, and the administration can issue an executive order that says federal agencies with regulatory authority need to manage these things better,” Lewis said. “But whoever did this couldn’t have picked a better time to cause a problem, because their timing almost guarantees a fumbled U.S. response.”
basant
BRFite
Posts: 894
Joined: 20 Mar 2020 20:58

Re: Indian Cyber Warfare Discussion

Post by basant »

Don't know where to post -- this looked the best place!
Image

Source: https://ibb.co/M67SNz2
Manish_Sharma
BRF Oldie
Posts: 5128
Joined: 07 Sep 2009 16:17

Re: Indian Cyber Warfare Discussion

Post by Manish_Sharma »

This is the most important scientific breakthrough that should be celebrated. On the other hand Raman Research Institute ( Bengaluru ) should become target # 1 for official Chinese hackers.
Bengaluru scientists make quantum technology breakthrough. The project aims to encrypt a message which CANNOT be deciphered by a third party, be it a hacker or a foreign power, without the use of a decryption key, which ITSELF is shared SECRETLY in the MESSAGE stream.
Note : UPLINK transfer no country has achieved. To date, no country has successfully carried out a successful so-called quantum key distribution from the earth to a satellite in orbit.
Note : DOWNLINK, the easier one, has been achieved. In 2017, China managed to carry out a “downlink” transfer, meaning that a key was transferred down from a satellite to a ground station.
IMPORTANT : During a demonstration on Sunday, the research team at Raman Research Institute showed the technology in which they could share this secret key across a 50-metre free space from one building to another, using only the atmosphere.
Dr Sinha pointed out that the challenge of downlink transfers is easier to surmount when compared to “uplink” transfers because a key being transferred down through the atmosphere via a photon stream faces significantly few atmospheric distortions. “Because the atmosphere is thinner at high altitudes, the chance of success is more. However, all countries want to carry out successful uplink transfers, which we and ISRO are working to achieve,” she said.

https://www.deccanherald.com/science-an ... LfjxqfIKTU
wig
BRF Oldie
Posts: 2162
Joined: 09 Feb 2009 16:58

Re: Indian Cyber Warfare Discussion

Post by wig »

https://economictimes.indiatimes.com/ne ... 196620.cms
extracts
It is unclear how the soldier managed to smuggle out a chunk of data from the heavily guarded command but sources described it as a ‘high level breach’, which could have a bearing on security of soldiers posted in the region. The Army declined to comment on the incident after ET reached out.
and
sources said the soldier belonged to an infantry regiment and is from Punjab. He was posted at a sensitive branch in the Northern Command headquarters and is suspected to have been recruited by a foreign agency a few years ago
wig
BRF Oldie
Posts: 2162
Joined: 09 Feb 2009 16:58

Re: Indian Cyber Warfare Discussion

Post by wig »

https://www.indiatoday.in/india/story/a ... 2021-02-26

Army probes data breach as massive Northern Command espionage case could see heads roll soon
extracts
The Indian Army is probing a data breach in the Northern Command after a soldier was found to have passed on tactical and operational Indian military data to Pakistan's ISI. India Today has learnt that the data leaked by the mole-in-uniform includes top secret military maps, positions of forward troops and assets on the LAC and LoC.
and
India Today has learnt that the data leaked by the mole-in-uniform includes top secret military maps, deployment specifics, patrolling routes, positions of forward troops and assets on the Line of Actual Control and Line of Control.
and
The other, more alarming reason, is that it wasn't the Army's own internal checks and balances that detected the breach, but a high-level tip-off from the counter-intelligence arm of India's Research & Analysis Wing (RAW).

The Army's own internal counter-intelligence machinery, heavily fortified in its most sensitive operational command, has successfully countered several breaches in the past, but the fact it missed this one, the biggest in years, is being seen as a top-level lapse.
Manish_P
BRF Oldie
Posts: 5414
Joined: 25 Mar 2010 17:34

Re: Indian Cyber Warfare Discussion

Post by Manish_P »

China appears to warn India: Push too hard and the lights could go out
Early last summer, Chinese and Indian troops clashed in a surprise border battle in the remote Valley, bashing each other to death with rocks and clubs.

Four months later and more than 1,500 miles away in Mumbai, Trains shut down and the stock market closed as the power went out in a city of 20 million people. Hospitals had to switch to emergency generators to keep ventilators running amid a coronavirus outbreak that was among India’s worst.

Now, a new study lends weight to the idea that those two events may have been connected — as part of a broad Chinese cyber campaign against India’s power grid, timed to send a message that if India pressed its claims too hard, the lights could go out across the country.

The study shows that As battles raged in the Himalayas, taking at least two dozen lives, Chinese malware was flowing into the control systems that manage electric supply across India, along with a high-voltage transmission substation and a coal-fired power plant, a new report has just revealed. As tensions rose on the border, Chinese hackers unleashed a swarm of 40,300 hacking attempts on India’s tech and banking infra in just five days.

The flow of malware was pieced together by Recorded Future, a Somerville, Massachusetts, company that studies the use of the internet by state actors. It found that most of the malware was never activated. And because Recorded Future could not get inside India’s power systems, it could not examine the details of the code itself, which was placed in strategic power-distribution systems across the country. While it has notified Indian authorities, so far they are not reporting what they have found.

Stuart Solomon, Recorded Future’s chief operating officer, said that the Chinese state-sponsored group, which the firm named Red Echo, “has been seen to systematically utilize advanced cyber intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure.” The discovery raises the question about whether an outage that struck on October 13 in Mumbai, one of the country’s busiest business hubs, was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.

News reports at the time quoted Indian officials as saying that the cause was a Chinese-origin cyberattack on a nearby electricity load-management center. Authorities began a formal investigation, which is due to report in the coming weeks. Since then, Indian officials have gone silent about the Chinese code, whether it set off the Mumbai blackout and the evidence provided to them by Recorded Future that many elements of the nation’s electric grid were the target of a sophisticated Chinese hacking effort.
Manish_P
BRF Oldie
Posts: 5414
Joined: 25 Mar 2010 17:34

Re: Indian Cyber Warfare Discussion

Post by Manish_P »

And the rebuttal..

Mumbai power outage: Centre denies there was any cyberattack
A day after the Maharashtra government claimed the possibility of a cyberattack being responsible for last October’s power outage in Mumbai, Minister of State for Power RK Singh ruled out sabotage by China or Pakistan-supported hackers. In a media interaction in New Delhi, Singh said the probes conducted by experts had established human error as the reason. However, he said some cyberattacks on India’s northern and southern load despatch centres were reported, but the malware could not reach the controlling system.

Maharashtra's former energy minister Chandrashekhar Bawankule said the MVA ministers lied to mask a failure in grid management and that the existing power network is not as advanced for facilitating a malware attack. He said the state’s electricity transmission and distribution network wasn’t very advanced. “At present, everything is operated manually. We need at least Rs 50,000 crore to build a sophisticated and advanced network. The existing network cannot be manipulated by cyberattacks. The probe has proved that human error and bad management of the grid caused the blackout,”
Sonugn
BRFite
Posts: 446
Joined: 13 Jul 2005 12:03
Location: DeceptyKon Workshop

Re: Indian Cyber Warfare Discussion

Post by Sonugn »

Data of over 3.5 million MobiKwik users up for sale on darknet by hackers

1. Total 350GB MySQL dumps – > 500 databases
2. 99 million — email ID, phone, passwords, addresses, apps installed, phone manufacturer, IP address, and GPS location
3. 40 million — 10 digit card, month, year, card hash
~7.5 TB of ~3 million Merchant KYC data – passports, Aadhar cards, pan cards, selfie, store picture proof, and more used to get loans on the mobile phone-based payment system.
Philip
BRF Oldie
Posts: 21538
Joined: 01 Jan 1970 05:30
Location: India

Re: Indian Cyber Warfare Discussion

Post by Philip »

https://www.bleepingcomputer.com/news/s ... -designer/
Xcpts:
Suspected Chinese state hackers target Russian submarine designer
By Ionut Ilascu
April 30, 2021 10:09 AM 0
Russian submarine

Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy.

They used a spear-phishing email specifically crafted to lure the general director of the company into opening a malicious document.

Specific targeting
The threat actor targeted Rubin Central Design Bureau for Marine Engineering in Saint Petersburg, a defense contractor that designed most of Russia’s nuclear submarines.

The method for delivering the backdoor was a weaponized RTF document attached to an email addressed to the company CEO, Igor V. Vilnit.

Threat researchers at Cybereason Nocturnus found that the attacker lured the recipient to open the malicious document with a general description for an autonomous underwater vehicle.

Digging deeper, the researchers discovered that the RTF file had been weaponized using RoyalRoad, a tool for building malicious documents to exploit multiple vulnerabilities in Microsoft’s Equation Editor.

The use of RoyalRoad has been linked in the past to several threat actors working on behalf of the Chinese government, like Tick, Tonto Team, TA428, Goblin Panda, Rancor, Naikon.

When launched, the RTF document drops the PortDoor backdoor in the Microsoft Word startup folder disguising it as an add-in file, “winlog.wll.”

PortDoor backdoor disguised as Microsoft add-in
PortDoor backdoor disguised as Microsoft add-in
According to Cybereason’s analysis, PortDoor is a full-fledged backdoor with an extended list of features that make it suitable for a variety of tasks:

Doing reconnaissance
Profiling victim systems
Downloading payloads from the command and control server
Privilege escalation
Dynamic API resolving to evade static detection
One-byte XOR encryption (sensitive data, configuration)
AES-encrypted data exfiltration
In a technical report today, Cybereason Nocturnus Team describes the functionality of the malware and provides indicators of compromise to help organizations defend against it.

The researchers attributed PortDoor to a Chinese state-sponsored hacker group based on similarities in tactics, techniques, and procedures with other China-linked threat actors.
arvin
BRFite
Posts: 672
Joined: 17 Aug 2016 21:26

Re: Indian Cyber Warfare Discussion

Post by arvin »

Philip wrote:https://www.bleepingcomputer.com/news/s ... -designer/
Xcpts:
Suspected Chinese state hackers target Russian submarine designer
By Ionut Ilascu
April 30, 2021 10:09 AM 0
Russian submarine

Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy.

They used a spear-phishing email specifically crafted to lure the general director of the company into opening a malicious document.
Two years back Head of Engeneering firm ICB technimont based out of Mumbai was also targeted in a phishing scam.
https://www.reuters.com/article/us-mair ... SKCN1P40KE
A group of Chinese hackers robbed 1.3 billion rupees ($18.45 million) from the Indian unit of Tecnimont SpA through an elaborate cyber fraud that included impersonating the Italian engineering firm’s chief executive, the Economic Times reported.

The scammers sent emails to the India head of Tecnimont, part of the publicly traded Maire Tecnimont, from an account that looked similar to one used by the Italian group’s CEO and also organized conference calls to discuss a “confidential” acquisition in China, the ET report said, citing a complaint made with the police.
Such level of impersonation of inner circle of top guys in a company makes me wonder the level of corporate espionage network chinese are running.
Rakesh
Forum Moderator
Posts: 18274
Joined: 15 Jan 2004 12:31
Location: Planet Earth
Contact:

Re: Indian Cyber Warfare Discussion

Post by Rakesh »

Prioritise Cyber And Surveillance Capabilities, Exhorts CDS

VinodTK
BRF Oldie
Posts: 2982
Joined: 18 Jun 2000 11:31

Re: Indian Cyber Warfare Discussion

Post by VinodTK »

India Prime Minister Suffers Another Twitter Hack; Fake Tweet Sent Promising Bitcoin to All Indians
Kevin Reynolds
Sun, December 12, 2021, 9:09 AM
The Twitter account of India Prime Minister Narendra Modi was briefly hacked early Sunday morning local time, the second such attack on an account linked to the PM in little over a year.

While the account was restored quickly, the hacker had enough time to tweet, falsely, that India had adopted bitcoin as legal tender and that the government had bought 500 bitcoin and would distribute them to all Indians.
Image


Image

I hope better Cyber security will be provide to PM's account going forward
Manish_P
BRF Oldie
Posts: 5414
Joined: 25 Mar 2010 17:34

Re: Indian Cyber Warfare Discussion

Post by Manish_P »

Article from bloomberg

Suspected Chinese hackers collect intelligence from India’s Grid
Suspected state-sponsored Chinese hackers have targeted the power sector in India in recent months as part of an apparent cyber-espionage campaign, the threat intelligence firm Recorded Future Inc. said in a report published Wednesday.

The hackers focused on at least seven “load dispatch” centers in northern India that are responsible for carrying out real-time operations for grid control and electricity dispersal in the areas they are located, near the India-China border in Ladakh, the report said.

One of the load dispatch centers previously was the target of another hacking group, RedEcho, which Recorded Future has said shares “strong overlaps” with a hacking group that the US has tied to the Chinese government.
wig
BRF Oldie
Posts: 2162
Joined: 09 Feb 2009 16:58

Re: Indian Cyber Warfare Discussion

Post by wig »

https://www.thestatesman.com/cities/del ... 62138.html
cyber security breach reported in military, high-level probe ordered

excerpts
The intelligence services have detected a cyber-security breach in the military, and a high-level investigation has been ordered, sources said here on Tuesday.

Some military officials implicated in the breach are suspected of having ties to enemy countries, according to sources.

The military officials are also suspected of being involved in espionage-related activities of a neighbouring country, according to the sources. The sensitive breaches were carried out through ‘WhatApp Groups,’ and the military officials are suspected of being involved in espionage-related activities of a neighbouring country.
AdityaM
BRF Oldie
Posts: 2025
Joined: 30 Sep 2002 11:31
Location: New Delhi

Re: Indian Cyber Warfare Discussion

Post by AdityaM »

A long dead thread.

So the Chinese have our data dumps.
https://x.com/_avahgar_/status/1759792738177020260?s=46
vijayk
BRF Oldie
Posts: 8785
Joined: 22 Jun 1999 11:31

Re: Indian Cyber Warfare Discussion

Post by vijayk »

AdityaM wrote: 20 Feb 2024 19:00 A long dead thread.

So the Chinese have our data dumps.
https://x.com/_avahgar_/status/1759792738177020260?s=46

Some terrifying findings, on India (1/n)

1. EPF India data seems to be compromised (data as of 2021, ~9.37GB + UAN repo, 20GB)

Seems there are already a few summarized reports.

Thanks
@S0ufi4n3


Cursory glance reveals:
Apollo Hospital India,
Indian Govt - Immigration (95.2GB),
Indian Govt - PMO (5.49GB),
Indian - population data (3.19GB)

Repo: https://github.com/soufianetahiri/Anxun-isoon


6/7

Ok, the machine translated image (Chinese->Eng) reveals even more horrifying details about what data of EPFO of India seems to have been compromised.

The entire stash, as of July 2021.

!!! THIS IS HORRIBLY TERRIBLE !!!

Original image is beside.
Image
Post Reply