Chinese hackers attack Dalai Lama and India High Commission


Chinese hackers attack Dalai Lama and India High Commission

Cliff Saran

Security researchers have discovered a complex ecosystem of cyber espionage which they claim systematically compromised computer networks in India, the Offices of the Dalai Lama, the United Nations and several other countries.

A report - "Shadows in the Cloud: An Investigation into Cyber Espionage 2.0" - published by security research firms Information Warfare Monitor and Shadowserver Foundation has documented evidence of a cyber espionage network that compromised government, business, academic and other computer systems.

The researchers were able to obtain data from 44 compromised computer systems, finding:

  • A web-based interface that lists cursory information on compromised computers located on one command and control server;
  • Text files in web-accessible directories on three command and control servers that list detailed information on compromised computers;
  • Information obtained from e-mail accounts used for command and control of compromised computers;
  • Information obtained from one command and control server from which exfiltrated documents (but not necessarily technical identifying information) were retrieved;
  • Information obtained from DNS sinkhole.

The researchers said the hackers, believed to be two people living in Chengdu, have links to the Chinese hacking community. They appear to use social networking sites including Twitter, Google Groups, Blogspot, Baidu Blogs, and Yahoo! to build a command-and-control infrastructure, designed to maintain persistence.

The researchers found evidence that confidential, encrypted documents were stolen from the Indian government. One of the compromised systems was the High Commission of India's UK office.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy