A few weeks earlier we had reported that more than 100 Government sites have been scythed within a span of a few months. There were reports of intelligence, research and shipping websites being hacked too! It seems the persistent espy has been tracked. According to Trend Micro Researchers, project code Luckycat has been active since at least June 2011and are connected to an online alias – ‘scuhkr’, owned by Gu Kaiyuan, apparently an employee at Tencent, China’s leading Internet portal company. A former graduate student at Sichuan University, China, Kaiyuan he may have recruited students to work on the university’s research involving computer attacks and defence.
The researchers did not link the attacks directly to government-employed hackers but claim that the techniques and the victims point to a state-sponsored campaign. According to Trend Micro there were systematic attacks on at least 233 personal computers that include Indian military research organizations and shipping companies; aerospace, energy and engineering companies in Japan. “Atleast 30 computer systems of Tibetan advocacy groups have been attacked so far. The espionage has been going on for at least 10 months and is continuing. This was not the only attack that was started and is stopped, it is a continuous effort by the Cyber criminals to attack Government websites and Defence authorities in India,” said Baburaj Varma, Head – Technical Services (India & SAARC), Trend Micro.
Each attack began with an e-mail intended to lure victims into opening an attachment. Indian victims were sent an e-mail about India’s ballistic missile defence program. Once clicked, the malware automatically created a backdoor from the victim’s computer to the attackers’ servers. To avoid detection, the hackers used a diverse set of infrastructure and anonymity tools. Each attack used a unique campaign code to track which victims were compromised by which malware, illustrating that the attackers were both very aggressive and continually targeted intended victims with several waves of malware.
This incident has not only created ripples of fear across the country’s defence wings, but also pointed out the obvious vulnerability of the untrained defence personnel, who might be accessing sensitive information through emails and the internet.