Beijing: A Chinese hacker group has claimed to have hacked the documents of an important department of the Indian government. From PMO to private companies like Reliance Industries and Air India were also the targets of the hacker group. The hacking group Aisoo, in collaboration with the Chinese government, recently posted thousands of documents, images, and chat messages on GitHub. According to two employees of this hacking group, iTunes and Chinese police have started investigating how these files were leaked.
An employee of Isun Group said that a meeting of Isun was held on 21 February regarding this leak issue. It was said in this meeting that this incident will not have any impact on the business and the work will continue as normal. The leaked internal documents are originally in Mandarin. This reveals the working methods and goals of the hackers. Hackers have also targeted private entities ranging from NATO to European governments and China's allies like Pakistan. However, the leaked document also mentions the target of the cyber espionage operation. However, it is not known which people have been targeted in this hacking.
The leaked data mentions Indian targets like the President's Finance Ministry, External Affairs Ministry and Home Ministry. This probably refers to the Ministry of Home Affairs. Amid heightened tensions on the India-China border, a group of Advanced Persistent Threat (APT) or hackers recovered 5.94 GB of data related to various offices of the President's Home Ministry between May 2021 and October 2021.
In India the main targets are the Ministry of External Affairs, Ministry of Finance and other related departments. We continue to take an in-depth look at this area. User data of state-run pension fund manager EPFO, BSNL and private healthcare group Apollo Hospitals was also reportedly hacked. The stolen data of Air India pertains to daily check-in details of passengers.
The leaked documents include about 95GB of India data from 2020, including immigration details, such as 'entry and exit point data'. The data is believed to have been stolen, especially since India-China relations became tense following the Galwan Valley standoff in 2020.
Taiwanese researcher Ajaka was the first to bring the GitHub leak issue to light. He told India that India has always been the target of China APT Group. The stolen data naturally included many organizations in India, including Apollo Hospitals, people moving in and out of the country in 2020, the Prime Minister's Office, and population records.
John Hultquist, principal analyst at Google Cloud-owned Mindant Intelligence, was quoted by the Washington Post as saying that the online dump was “authentic data from a contractor that supports global and domestic cyber espionage campaigns out of China.” “We have probably never had such unfettered access to the inner workings of any covert operation before,” he said. That means everyone, from friend to enemy, is China's target. Apart from India, Beijing has also reportedly targeted its friend Pakistan. Other apparent targets include Nepal, Myanmar, Mongolia, Malaysia, Afghanistan, France, Thailand, Kazakhstan, Turkey, Cambodia and the Philippines. According to the leaked dataset, between May 2021 and January 2022, a Chinese hacker group obtained 1.43 GB of postal service data from a counter-terrorism center in Pakistan's Punjab province.
Chinese hackers also reportedly stole massive amounts of data from Nepal Telecom, Mongolia's parliament and police department, a French university and Kazakhstan's pension management authority. The hackers also reportedly gained access to the official systems of the Tibetan government-in-exile and its domain, tibet.net. Mustang Panda, or APT41, a hacking group affiliated with the Chinese Communist Party, is running a malicious campaign.
China has been in the headlines in the past also for cyber attacks in India. Hackers linked to China reportedly targeted seven Indian power hubs in 2022. Threat actors have attempted to infiltrate India's power infrastructure in 2021 as well.