Tierney - stock.adobe.com
China and India were among the most-targeted countries in the past two years when it comes attacks against the government sector, a study has found.
According to data by CloudSEK, an India-based cyber security company, cyber attacks against India’s government intensified in 2022, as hacktivist groups such as Dragon Force Malaysia ramped up campaigns in the subcontinent.
Other hacktivist groups also joined and supported those campaigns, laying the path for subsequent ones. At the same time, government agencies in India have also become popular targets for extensive phishing campaigns, CloudSEK noted.
China’s government also saw a spike in cyber attacks, particularly by advanced persistent threat (APT) groups in 2021.
Nearly 96% of attacks against China were initiated by the AgainstTheWest threat group under the Operation Renminbi campaign, which began as a retaliation to China’s activities against Taiwan and the Uyghur community.
It was also speculated that conspiracy theories about China being responsible for the Covid-19 outbreak may have contributed to the increase in attacks.
Besides China and India, the US and Indonesia were also highly targeted by threat actors. Together, those four countries accounted for about 40% of the total reported incidents in the government sector.
Motivation behind attacks
While the primary motive of most threat actors is to exfiltrate and sell data for money, it is not the only reason they target governments. This change is clearly evident from the emergence of various APT groups and hacktivist campaigns over the past decade.
In 2022, CloudSEK found a significant increase in hacktivist activity that accounted for about 9% of cyber incidents reported in the government sector.
This suggests that attacks against governments are no longer limited to financial gains. Instead, they are now used as a means to express support or oppose a certain political, religious or even economic goal.
Read more about cyber security in APAC
- Australia plans to develop a new cyber security strategy that aims to strengthen the country’s critical infrastructure, among other goals, following a spate of high-profile cyber attacks against Australian companies.
- Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks.
- Companies with Chinese operations may have to disclose information about the security of their networks in other countries under China’s draft data security law.
- An Interpol-coordinated cyber operation against a strain of malware targeting e-commerce websites has led to the arrest of three individuals who were allegedly running the malicious campaign from Indonesia.
Ransomware groups were also active in the government sector, accounting for 6% of the total incidents, with LockBit as the most prominent ransomware operator.
While a majority of attacks were focused on compromising data and access, there were a few attacks conducted to expose flaws in a country’s cyber security posture. CloudSEK observed that such attacks had been launched against Indonesia.
The advent of ransomware as a service has also led to more government-sponsored attacks.
“Threat actors have started developing and advertising services of dedicated criminal infrastructure which can be bought by governments or individuals and used for nefarious purposes,” CloudSEK said.