The Chinese state media has alleged that an Indian hacking group called ‘Evil Flower’ carried out multiple cyber attacks on government and military enterprises in China, Pakistan, and Nepal.
According to Global Times, this group, along with a few others named ‘Lure of Beauty’ and ‘Ghost War Elephants’ is allegedly supported by the Indian state. The Chinese accusation is that these “state-backed” hackers have targeted the Chinese government and military enterprises in various South Asian countries.
These accusations leveled by the state-run Global Times come at a time when China remains embroiled in a land border standoff with India in eastern Ladakh with no sign of de-escalation forthcoming.
On top of that, China is reportedly carrying out mobilization in the eastern sector of the disputed border and establishing dual-use villages near Arunachal Pradesh. A Pentagon report has recently highlighted how China has built a village in the Indian state of Arunachal Pradesh, which Beijing calls South Tibet.
As the global attention falls squarely on Chinese aggression in the South China Sea region, in the Taiwan Strait as well as along the LAC (the disputed border with India), it has leveled reverse charges against India on the cyber security vertical.
Some Chinese observers have commented that “that the next world war will be fought not on the ground, or in the air or underwater, but virtually in cyberspace”, according to the Global Times.
Does ‘Evil Flower’ Really Exist?
According to Global Times, its investigative report was corroborated by China’s leading cyber security agency and labeled these hackers as ‘Advanced Persistent Threat’ (APT), which basically is a hacking organization that repeatedly attacks selected targets.
Global Times believes that these APTs have state intelligence support and are used as instruments of cyber warfare by India against China and its South Asian neighbors.
In a detailed investigation paper, the Chinese media outlet alleges that the ‘Evil Flower’ and other APTs used phishing methods to crack into sensitive Chinese systems.
“Since March, we have detected several phishing activities targeting government, defense and military units, as well as state-owned enterprises in China, Pakistan, and Nepal,” Antiy Labs, one of China’s renowned cybersecurity companies, said in a statement to the Global Times.
It has also accused these hacking groups of using methods such as spear phishing which involves cyber impersonation and has consistently attacked China since 2019.
The report, however, refuses to elaborate on how ‘Evil Flower’ got away with these attacks for two whole years even as a renewed focus has been drawn to cyber security, data privacy and cyber-infrastructure since President Xi Jinping’s call for the same in his speech in 2014.
The investigation fails to ask tough questions to the Chinese officials, its information technology network and security systems in place to protect against cyber attacks.
The report enunciates in no unclear terms that the hacking group Evil Flower, accused of attacking Chinese medical records and health facilities was founded in 2013 but remained undetected till 2016.
It does not mention the corrective actions taken by states in cognizance of Evil Flower to prevent an attack by this group.
‘Cyber Security Is National Security’
Building on its traditional narrative related to India being a western stooge and collaborating with the United States and the NATO, Shen Yi, Deputy Director of the Fudan University Cyberspace Research Centre, told the Global Times, “India conducted numerous cooperation with the US in cybersecurity and it is reasonable to speculate that behind the hacker groups there is intelligence sharing between India and the US.”
Chinese experts have reportedly advised Beijing to enhance its cyber security measures, carry out drills and protect data flowing across borders in order to safeguard it possible attacks.
The Chinese state has also publicly been advised by its cyber security experts to put a detailed report system in case of an attack as is done by the United States. It has also been suggested by the head of Beijing-based Institute of China Cyberbase Strategy that these ‘Indian-backed’ cyber attacks are a part of its Indo-Pacific strategy aimed at containment of China.
In this report, the Chinese refer to these unverified Indian cyber attacks as part of a bigger conspiracy hatched by New Delhi in congruence with its western allies in order to threaten its national security.
It’s worth noting here that all these cyberspace institutions and experts work under the tight control of the Communist Chinese State and have absolute control over its security systems that were reportedly evaded by the Indian hackers. Thus, the investigation fails to consider how these attacks missed the sophisticated network built meticulously by the Chinese state.
Meanwhile, the United States has alleged that foreign hackers breached nine organizations in the defense, energy, healthcare, technology and education sectors.
These attempts were attributed to methods deployed by the Chinese hacking group, ‘Emissary Panda’ which has links with the Chinese government. The accusations have been published in Palo Alto Networks’ report accessed by CNN.
Indian Military Raised Alarm
Earlier this year, India’s Chief of Defence Staff General Bipin Rawat pointed out the gap between the Chinese ability to attack Indian military software and India’s capability to defend the same during an event in New Delhi.
“We have been a little slow on the start, therefore over the years, a capability differential has come in,” he had said.
The CDS is championing a system in which every service within the military will have its own agency to combat cyberattacks to decrease the reach of threats. He also talked about cooperating with western nations to “overcome India’s deficiency”.
A China-backed cyber-attack on Mumbai’s power grid last October made India realize the vulnerability of its critical infrastructure. Witnessing the newer and non-traditional security threats against civilian systems, the vulnerability of the military ones also becomes apparent, despite the latter having more safeguards.