A Chinese cyber espionage system has systematically stolen data from government, business, academic, and other computer network systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries, a report stated.
The joint report, Shadows in the Cloud: Investigating Cyber Espionage 2.0, is the result of a collaborative investigation by the Information Warfare Monitor and Shadowserver Foundation.
The recovered data that was stolen from sensitive locations in India was analyzed by the researchers. One of the document was an encrypted diplomatic correspondence. Other documents belonging to the Indian government included two marked as “SECRET”, six as “RESTRICTED”, and five as “CONFIDENTIAL”. These documents are:
- Sensitive information taken from a member of the National Security Council Secretariat (NSCS) concerning secret assessments of India’s security situation in the states of Assam, Manipur, Nagaland and Tripura, as well as concerning the Naxalites and Maoists.
- Confidential information from Indian embassies regarding India’s international relations with and assessments of activities in West Africa, Russia/Commonwealth of Independent States and the Middle East, as well as visa applications, passport office circulars and diplomatic correspondence.
- A variety of military computers had been compromised as well as the computers of defence-oriented academics and journals. Documents and presentations relating to Pechora Missile System (An anti-aircraft surface-to-air missile system), Iron Dome Missile System (A mobile missile defence system – Ratzlav-Katz 2010), and Project Shakti (An artillery combat command and control system – Frontier India 2009) were recovered.
The recovered documents also included 1500 letters sent from the Dalai Lama’s office between January and November 2009.
The sensitive information that was stolen from the Indian computers as mentioned in the report include:
1. National Security Council Secretariat: According to the report, a computer at the NSCS was compromise. It says that during the period in which the researchers monitored the attackers, 14 documents (two marked “SECRET”), were exfiltrated.
“In addition to documents containing the personal and financial information of what appears to be the compromised individual, the exfiltrated documents focus on India’s security situation in the states of Assam, Manipur, Nagaland and Tripura as well as the Naxalites, Maoists, and what is referred to as Left wing extremism,” the report states.
2. India’s Diplomatic Missions: The report states that computers at the Embassy of India, Kabul, the Embassy of India, Moscow, the Consulate General of India, Dubai, and the High Commission of India in Abuja, Nigeria were compromised based on the documents exfiltrated by the attackers. During the period in which the researchers monitored the attackers, 99 documents (1 encrypted diplomatic correspondence, 5 documents marked “RESTRICTED”, and 4 documents marked “CONFIDENTIAL”) were exfiltrated.
Documents containing personal, financial, and travel information on embassy and diplomatic staff, and numerous visa applications, passport office circulars, and country assessments and reports were exfiltrated. Confidential visa applications from citizens of Afghanistan, Australia, Canada, the PRC, Croatia, Denmark, Germany, India, Ireland, Italy, New Zealand, Philippines, Senegal, Switzerland, Uganda, and the United Kingdom were also among the exfiltrated documents.
3. Military Engineer Services: Computers at the MES-Bengdubi, MES-Kolkata, MES(AF)-Bangalore, and MES-Jalandhar were compromised based on the documents exfiltrated by the attackers, the report states. During the period in which the researchers monitored the attackers, 78 documents were exfiltrated. While these documents included manuals and forms that would not be considered sensitive, they also included documents that contained private information on personnel, and documents and presentations concerning the financing and scheduling of specific engineering projects.
4. Military Personnel: According to the report, computers linked with the 21 Mountain Artillery Brigade (Assam), the air force Stations (Race Course in New Delhi and Darjipura in Vadodara) were compromised based on the documents exfiltrated by the attackers. During the period in which the researchers monitored the attackers, sixteen documents were exfiltrated. One document contained personal information on Saikorian alumni of the Sainik School, Korukonda, which prepares students for entry into the National Defence Academy. One document is a detailed briefing on a live fire exercise while others pertain to surface-to-air missile systems and moving target indicators.
5. Military Educational Institutions: Computers at the Army Institute of Technology in Pune and the Military College of Electronics and Mechanical Engineering in Secunderabad were compromised, the report said. During the period in which the attackers were monitored, 21documents (1 marked “RESTRICTED”) were exfiltrated. A document that describes Project Shakti, the Indian Army’s command and control system for artillery, was also exfiltrated.
6. Institute for Defence Studies and Analyses: The computers at IDSA were compromised and while monitoring the attackers the researchers found that 187 documents were exfiltrated. While many of the documents were published papers from a variety of academic sources, there were internal documents, such as an overview of the IDSA research agenda, minutes of meetings for the Journal of Defence Studies, budgets and information on a variety of speakers, visitors, and conference participants.
7. Defence publications: The computers at the Force magazine were compromised and 58 documents were exfiltrated. These documents include publicly accessible articles and previous drafts of those articles. There is also private information regarding the contact details of subscribers and conference participants. The documents also include interviews and PowerPoint presentations from conferences that detail national security topics such as network data and monitoring for national security, and responses to combat cyber threats.
8. Maritime: A total of 53 documents were exfiltrated from the computers at the National Maritime Foundation and the Gujarat Chemical Port Terminal Company Limited. These documents include a summary of a seminar as well as numerous documents relating to specific shipping schedules, financial matters and personal medical information.
9. Indian Corporations: Documents from computers at YKK India Private Limited, DLF Limited, and TATA were also exfiltrated, the report added. These documents include rules overseeing business travel, a presentation on roadmap and financial status, and an annual plan for a business partnership.
One Comment