China-Based Hacker Group Targeting Indian Manufacturing Firms

China-Based Hacker Group Targeting Indian Manufacturing Firms

In India the Manufacturing Sector has emerged as one of the highly-growing sectors. Prime Minister of India, Mr. Narendra Modi, had started Make in India program to make India world manufacturing hub. According to the researcher by the end of the year, 2020 India will be world’s fifth largest manufacturing country. With the help of Make in India, the country is on the path of becoming the hub for hi-tech manufacturing as global giants such as GE, Siemens, HTC, Toshiba, and Boeing have either set up or are in process of setting up manufacturing plants in India. Now India has become one of the most attractive places for investments in the manufacturing sector. Foreign Direct Investment (FDI) inflows in India’s manufacturing sector grew by 82 percent year-on-year to US$ 16.13 billion during April-November 2016.

IT service providers and manufacturing companies in India are now targeted by China based hackers, said US-based cyber-security group FireEye. According to the research by FireEye, China-based cyber espionage group APT10 are targeting Indian manufacturing companies to steal confidential business data from domestic firms to support Chinese corporations. FireEye said that the hackers had targeted manufacturing companies from US, Europe and Japan since 2009. But now their new target is Indian manufacturing firms, said the report.

Manufacturing companies use various systems for production purpose as well as various smart devices such as CCTV, IP phone, Biometric devices, production machines, Mobile phones, Smart TV which are connected to each other through the internet. Hackers are targeting these internet connected devices in various ways. There are various reasons for manufacturing companies being targeted by hackers.

The Motivation behind the Hack:

Stealing Company data: Chinese hackers are targeting Indian manufacturing companies in support of Chinese national security goals, including acquiring valuable military and intelligence information as well as the theft of confidential business data to support Chinese corporations. Confidential business data includes product details, design, cost, the procedure to develop a product. Chinese hackers are mainly using this data to sell it to production companies which are from China.

Hacking Scenario used by Chinese hacker

Chinese hackers are targeting companies by using phishing attack. A phishing attack is a way to obtain sensitive information such as usernames, passwords, and credit card, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. APT10 activities include both traditional spear-phishing and access to victim’s networks. Hackers are accessing victim’s network through service providers.  APT10 using “HAYMAKER” and “SNUGRIDE” as first-stage backdoors, while “BUGJUICE” and a customized version of the open source “QUASARRAT” have been used as second stage backdoors. HAYMAKER is a backdoor that can download and execute additional payloads in the form of modules and BUGJUICE is a backdoor, executed by launching a benign file and then hijacking the search order to load a malicious dll into it. Once the malicious dll is loaded successfully then it loads encrypted shellcode from the binary, which is decrypted and runs the final BUGJUICE payload. BUGJUICE defaults to TCP using a custom binary protocol to communicate with the C2, but can also use HTTP and HTTPs. It is capable of finding files, enumerate drives, exfiltration of data, taking screenshots and providing a reverse shell to the attacker. SNUGRIDE communicates with its C2 server through HTTP requests. Messages are encrypted using AES with a static key. The malware is also responsible for taking remote access, access file system and execute commands.

Cyber Security Mitigation

Hackers are targeting companies due to lack of security awareness. Following are preventive methods to protect from such cyber attack

  • Vulnerability Assessment and Penetration Testing (VAPT): Do vulnerability assessment and penetration testing to know vulnerabilities in your critical asset.
  • Be aware of Phishing: Chinese hackers are targeting companies through a phishing attack. Users are recommended to be aware of phishing. Avoid clicking on any unknown e-mails, avoid clicking on any advertisement and in case of any mishap, contact with IT team.
  • ISO implementation: Implement ISO 27001 for information security and ISO 90001 for quality management.
  • Awareness training: Arrange information security awareness training for employees to make them aware of cyber security incidents and prevention methods.
  • Keep system up-to-date: IT admins are recommended to keep their systems up-to-date, install latest firmware versions and security patches.
  • Set up your network properly: Set up your network properly using a strong password, disable insecure services, disable unnecessary ports, use strong encryption methods.
  • Keep strong credentials: Use strong credentials for system login, email login, web interfaces and change default password for a critical asset.
  • Back up your data: IT admins are recommended to keep a backup of data regularly to avoid data loss.
  • Use a reputable security suite: Use reputed security products such as firewall, Antivirus, Intrusion detection, and prevention system to detect security incidents.

Leave a Reply