Cyber espionage campaign targets India and Tibetan activists

Security experts at FireEye uncovered a cyber espionage campaign that targeted organizations in India and the Tibetan activists.

Security firm FireEye revealed an intense activity of hackers based in China particularly interested in entities and organization linked to the Indian Government as well as in information on Tibetan activists. Also in this case we are dealing with a cyber espionage campaign conducted by an Alleged Chinese APT. The Chinese hackers run spear phishing attacks against their targets, the malicious email have an attachment containing a script called Watermain. When victims open it the malicious code creates backdoors on target machines.

“Its targets appear to be of particular interest to the Chinese government, such as Tibetan activists,” a company spokesman told AFP.

“It’s also well resourced and works around the clock. We found indicators in their malware that the group behind it may speak Chinese.”

Experts at FireEye are monitoring the Watermain’s activity since 2011, the APT targeted more than 100 entities since now, about 70% of them are from India.

“Collecting intelligence on India remains a key strategic goal for China-based APT groups, and these attacks on India and its neighbouring countries reflect growing interest in its foreign affairs,” said Bryce Boland, FireEye chief technology officer for Asia Pacific.

“Organizations should redouble their cyber security efforts and ensure they can prevent, detect and respond to attacks in order to protect themselves.”

Fire Eye detected the same APT group in April 2015, one month before Indian Prime Minister Narendra Modi’s first visit to China.

FireEye has already reported cyber espionage conducted by other APT groups, in April the security firm revealed the details of APT30 which targeted aerospace and defence company in India among others.

“Advanced threat group like APT 30 illustrate that state-sponsored cyber espionage affects a variety of governments and corporations across the world,” explained Dan McWhorter, VP of threat intelligence at FireEye. “Given the consistency and success of APT 30 in Southeast Asia and India, the threat intelligence on APT 30 we are sharing will empower the region’s governments and businesses to quickly begin to detect, prevent, analyze and respond to this established threat.”


According to FireEye, the majority of targeted organizations in India have already patched the flaws exploited in the attacks.

At the time I was writing the Government of Beijing hasn’t commented the findings of the FireEye experts.

India and China have long been involved in a dispute over their border, for this reason, the government of Bejing could have arranged a cyber espionage campaign searching for information related to the Indian diplomacy.

India has also been wary of China influence in Sri Lanka and Nepal.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase