Chinese hackers attack Dalai Lama and India High Commission

News

Chinese hackers attack Dalai Lama and India High Commission

Cliff Saran

Security researchers have discovered a complex ecosystem of cyber espionage which they claim systematically compromised computer networks in India, the Offices of the Dalai Lama, the United Nations and several other countries.

A report - "Shadows in the Cloud: An Investigation into Cyber Espionage 2.0" - published by security research firms Information Warfare Monitor and Shadowserver Foundation has documented evidence of a cyber espionage network that compromised government, business, academic and other computer systems.

The researchers were able to obtain data from 44 compromised computer systems, finding:

  • A web-based interface that lists cursory information on compromised computers located on one command and control server;
  • Text files in web-accessible directories on three command and control servers that list detailed information on compromised computers;
  • Information obtained from e-mail accounts used for command and control of compromised computers;
  • Information obtained from one command and control server from which exfiltrated documents (but not necessarily technical identifying information) were retrieved;
  • Information obtained from DNS sinkhole.

The researchers said the hackers, believed to be two people living in Chengdu, have links to the Chinese hacking community. They appear to use social networking sites including Twitter, Google Groups, Blogspot, Baidu Blogs, blog.com and Yahoo! to build a command-and-control infrastructure, designed to maintain persistence.

The researchers found evidence that confidential, encrypted documents were stolen from the Indian government. One of the compromised systems was the High Commission of India's UK office.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy