Tierney - stock.adobe.com

China and India governments among top targets for cyber attackers

Chinese and Indian governments targeted by hacktivists and ransomware groups out to make statement or expose flaws in their respective security postures

China and India were among the most-targeted countries in the past two years when it comes attacks against the government sector, a study has found.

According to data by CloudSEK, an India-based cyber security company, cyber attacks against India’s government intensified in 2022, as hacktivist groups such as Dragon Force Malaysia ramped up campaigns in the subcontinent.

Other hacktivist groups also joined and supported those campaigns, laying the path for subsequent ones. At the same time, government agencies in India have also become popular targets for extensive phishing campaigns, CloudSEK noted.

China’s government also saw a spike in cyber attacks, particularly by advanced persistent threat (APT) groups in 2021.

Nearly 96% of attacks against China were initiated by the AgainstTheWest threat group under the Operation Renminbi campaign, which began as a retaliation to China’s activities against Taiwan and the Uyghur community.

It was also speculated that conspiracy theories about China being responsible for the Covid-19 outbreak may have contributed to the increase in attacks.

Besides China and India, the US and Indonesia were also highly targeted by threat actors. Together, those four countries accounted for about 40% of the total reported incidents in the government sector.

Motivation behind attacks

While the primary motive of most threat actors is to exfiltrate and sell data for money, it is not the only reason they target governments. This change is clearly evident from the emergence of various APT groups and hacktivist campaigns over the past decade.

In 2022, CloudSEK found a significant increase in hacktivist activity that accounted for about 9% of cyber incidents reported in the government sector.

This suggests that attacks against governments are no longer limited to financial gains. Instead, they are now used as a means to express support or oppose a certain political, religious or even economic goal.

Read more about cyber security in APAC

Ransomware groups were also active in the government sector, accounting for 6% of the total incidents, with LockBit as the most prominent ransomware operator.

While a majority of attacks were focused on compromising data and access, there were a few attacks conducted to expose flaws in a country’s cyber security posture. CloudSEK observed that such attacks had been launched against Indonesia.

The advent of ransomware as a service has also led to more government-sponsored attacks.

“Threat actors have started developing and advertising services of dedicated criminal infrastructure which can be bought by governments or individuals and used for nefarious purposes,” CloudSEK said.

Read more on Hackers and cybercrime prevention

Data Center
Data Management