China is trying cyber-attack by hackers. Over the last two months, since border tensions broke out, Indian agencies have been battling direct and indirect attacks from what seems to be a multinational coalition. Virtually every sector and cyber platform in India has been facing attacks originating from China, North Korea, Pakistan, Beijing, Guangzhou, Shenzhen and Chengdu. Cybersecurity attacks and breaches in the country are likely to have surged over six-fold since the lockdown was imposed on March 25, forcing many people to work from home
Hacking attempts from the three nations are multiplied using bots and proxies, and attackers from of different origins are carrying out different tasks. The attacks aimed at causing issues such as denial of service, hijacking of Internet Protocol and phishing emails originating from spoofed ID - firstname.lastname@example.org with subject lines like "Free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad". Also large-scale phishing attack campaign against businesses small, medium, and large enterprises, Several government agencies, media houses, pharma companies, telecom operators are targated. The campaign is expected to use malicious emails designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information.
Coronavirus-themed malware-laden spam emails are used to distribute malware and Trojans, especially the Emotet banking Trojan. Phishing emails are designed as communication from the Centers for Disease Control and Prevention (CDC) to steal email credentials.
For Organisations that use Firewalls, AntiVirus Softwares, IPS/IDS and E-Mail Spam Guard, following are the Indicators for Compromise (IOC’s) that can be added in the safety filters for prevention of attack.
EMAIL ID - email@example.com
IP Address - 188.8.131.52 | 184.108.40.206
Domain Names - userimage8.360doc.com | welcome.toutiao.com | image91.360doc.com |