Bengaluru: FireEye Inc., a malware protection system, reveals the details of an ongoing advanced malware campaign which is programmed to target confidential files and information regarding border issues and other diplomatic matters. FireEye suspects that the advanced persistent threat (APT) group behind this campaign is mostly based in China. Organizations in Bangladesh, India, Nepal and Pakistan were the main targets and this group had sent targeted spear phishing emails containing MS Word attachments pertaining to regional issues. These documents also contained a hidden script called WATERMAIN, which created a backdoor on the infected computers.
FireEye has closely been watching WATERMAIN’s activity since 2011 and since then, this group has used WATERMAIN to target over 100 victims, of which 70 percent were Indians. The campaign’s attacks were also detected in April 2015, just one month after Indian PM Narendra Modi’s visit to China. This group’s primary targets are Tibetan activists and others in Southeast Asia, with a focus on governmental, diplomatic, scientific and educational organizations.
Bryce Boland, FireEye CTO for Asia Pacific, says, “Collecting intelligence on India remains a key strategic goal for China-based APT groups, and these attacks on India and its neighboring countries reflect growing interest in its foreign affairs. Organizations should redouble their cyber security efforts and ensure they can prevent, detect and respond to attacks in order to protect themselves”.
The APT group’s attacks on Indian organizations and neighboring countries are becoming an everyday happening. FireEye recently revealed the details of APT30, a ten year long cyber crime campaign by the suspected Chinese group that compromised an aerospace and defence company in India.
Founded in 2004 by Ashar Aziz, FireEye is the leader in stopping the new breed of cyber attacks, such as advanced malware, that easily bypass traditional signature-based defenses and compromise the majority of enterprise networks. FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 3,700 customers across 67 countries, including 675 of the Forbes Global 2000.