A group of state linked hacker in China have claimed to target the key officers of the Indian Government that adds, PMO, and businesses like Reliance, Air India, etc. The comes after the leaked documents shows that the Beijing’s intelligence and the military group are in the run for large scale cyber intrusions against the foreign governments, companies and infrastructure.
Over the weekend, a trove of thousands of documents, images, and chat messages purportedly linked to iSoon, a cybersecurity contractor with China’s Ministry of Public Security (MPS), surfaced anonymously on GitHub.
Believing the media reports, the Chinese police are carrying an investigation to determine the source of leaked files. One employee disclosed that iSoon held a meeting on February 21 regarding the leak, assuring staff that it would not significantly impact business operations and advising them to “continue working as usual,” as reported by the news agency.
The leak exposes a sophisticated network of covert hacks, spyware activities, and intricate surveillance conducted by cyber threat actors linked to the Chinese government.
A translated version of the leaked internal documents, originally in Mandarin, reveals attackers documenting their methods, targets, and exploits. Targets included entities such as the North Atlantic Treaty Organization (NATO), European governments, private institutions, and allies of Beijing like Pakistan.
The leaked information includes Indian targets such as the Ministry of Finance, the Ministry of External Affairs, and what seems to be referred to as the “Presidential Ministry of the Interior,” likely indicating the Ministry of Home Affairs.
Between May 2021 and October 2021, amid heightened tensions between India and China along the border, advanced persistent threat (APT) groups or hackers managed to obtain 5.49GB of data from various offices within the “Presidential Ministry of the Interior.”
An excerpt from an internal report purportedly prepared by iSoon states, “In India, our primary targets are the Ministry of Foreign Affairs, Ministry of Finance, and other relevant departments. We are continuously monitoring this area closely and anticipate its long-term value.”
Additionally, it is alleged that user data from organizations such as the Employees’ Provident Fund Organisation (EPFO), Bharat Sanchar Nigam Limited (BSNL), and Apollo Hospitals, a private healthcare chain, were compromised. The stolen data related to Air India appears to involve details of passengers’ daily check-ins.
Informing that the neighboring country China is not attempting this kind of cyber attack for the first time. In 2022, hackers from China targeted seven Indian power hubs.
