China Accuses Indian APT Group Of Cyber Warfare Against Pakistan; 2nd Major Accusation After ‘Evil Flower’

Chinese state media claimed that an ‘advanced persistent threat (APT) group’ operating from India under the nom de guerre “Confucius” had launched fresh cyber attacks on the Pakistani government and military institutions. 

The Chinese cybersecurity company Antiy conducted a thorough one-and-a-half-year investigation into this matter and determined that the group’s first attacks can be dated to 2013, the Global Times reported. 

The state-run Global Times alleged that the group primarily targeted the governments, military, and energy sectors of neighboring countries such as China, Pakistan, and Bangladesh to steal sensitive data.

These hackers were classified as “Advanced Persistent Threat” (APT) in the report, which is largely a hacking group that repeatedly attacks particular targets.

The Chinese media outlet said that India employs these APTs as tools of cyberwarfare against China and its neighbors in South Asia with the help of state intelligence.

It is not the first time China’s state media has accused New Delhi of targeting the governments and military enterprises of various South Asian countries. 

In November 2022, Chinese state media claimed that an Indian hacking group known as ‘Evil Flower’ conducted multiple cyber attacks on government and military institutions in China, Pakistan, and Nepal. 

India China Pakistan hacking
Image for Representation

The latest report asserted that political and financial gains motivated the group’s actions. The report said it steals vital information or wrecks the target’s critical infrastructure. 

Li Bosong, the chief engineer of Antiy, alleges that the group commands its attacks with the phrase “Confucius says.” 

Bosong suggested that the group is skilled at using spear-phishing emails and phishing websites and specific social engineering techniques to attack targets. He added that this indicates the hackers have studied Chinese culture during their repeated attacks on China.

Is The Group Targeting Pakistan? 

Antiy contends that “it detected the group’s attacks against the Pakistani government and military facilities when it traced the attacks from the direction of the South Asian subcontinent since 2021.”

The group sends specialized spear phishing emails under the guise of the government of Pakistan employees. After the recipient download or opens the documents, Trojan horse programs are installed on the computer and steal all the data.

This company says it follows this group’s movements constantly. For instance, Antiy claims to have discovered that the group carried out attacks in June 2021 using a malicious file containing information about a list of Pakistani army fatalities.

The group in February 2022 also used a file containing information about the vaccinations of Pakistani government employees, Li said.

The Chinese firm claims to have carefully examined the attack samples from the group and found that the hackers shared tools and codes with SideWinder, another APT group.

Indian APT groups frequently exchange tools and codes, the firm said. According to the report, International cybersecurity firms had previously disclosed that the APT group, known as Confucius, had also exchanged codes with other Indian groups like Urpage. 

Meanwhile, authorities in Pakistan appear to be worried about these attacks. Hackers are sending spear phishing emails using the prime minister’s office’s name, per the nationwide alert from Pakistan’s National Telecom & Information Technology Security Board. 

Threat Of Cyber Warfare In The Region

Chinese media frequently publishes such stories based on its established narrative that India is an ally of the west and works with the US and NATO to counter Beijing. 

For instance, Shen Yi, Deputy Director of the Fudan University Cyberspace Research Center, previously told the Global Times, “India conducted numerous cooperation with the US in cybersecurity, and it is reasonable to speculate that behind the hacker groups there is intelligence sharing between India and the US.”

The Chinese government has also received public advice from its cyber security experts to set up a comprehensive reporting system in the event of an attack, similar to what the US does. 

The head of the Institute of China Cyberspace Strategy in Beijing also claimed that these “Indian-backed” cyberattacks are a component of its Indo-Pacific containment strategy for China.

Besides, China itself regularly launches cyberattacks against New Delhi. In April, Chinese state-sponsored hackers attempted to attack Indian power grid assets near Ladakh.  According to experts, China may attempt to understand the system through these intrusions by state-sponsored hackers.

It would enable China’s hacking army to develop capabilities for “future use” and possibly provide them with the necessary access to prepare for “future contingency operations.”

On the other hand, Islamabad is worried about expanding cyber cooperation between India and Israel, as was once again highlighted at a recent seminar organized by a Pakistani think tank.