How Chinese hackers snooped on Indian defence agencies for over 10 years

A California-based firm has uncovered a large scale cyber espionage network that is says is linked to the Chinese government. The network has been active for 10 years in the region and targets India in particular by infecting computer systems of key, selected individuals and organisations. Terming it the APT30, US firm FireEye says that the infection is specially targeted at Indian military, aerospace and maritime sector.

What is interesting is that researches have uncovered the modus operandi of the spying network that uses decoy documents that users would download or read in their emails or online. The decoy documents contain a bug that can transmit data and information from the infection computer system back to servers in China. The bug can even hide in documents and infect secure computers not connected to a network.

The Decoy documents are specially tailored to meet the interests of individuals or organisations to be targeted - these include government agencies, private industry and media groups. Chinese hackers used decoy documents on Indian military movements in the South China sea, papers on the indigenous aircraft carrier under construction in Kochi, incidents on the China border and relations with Nepal to infect key

A sample of the phising documents includes -

A document titled - "India deploys world's largest military transport plane.doc"

Decoy documents on China's relationship with India, specially on military matters.


Documents related to Indian military projects, like the aircraft carrier being built at Kochi

Documents on Indian military activity in the South China Sea

FireEye says Indian firms infected include an aerospace and defense company and a telecommunications firm

Documents also relate to foreign relations in the region, including Bhutan and Nepal.