A group of hackers, suspected to be from China, allegedly stole information from the computers of various bureaucrats and Indian embassies earlier this month, claims Kaspersky Lab, a cyber security company.
It said the attackers, which the company has named “Danti,” targeted Indian missions in Denmark, Hungry and Colombia in February this year. The hackers also targeted the email addresses, firstname.lastname@example.org, the Foreign Service Institute, Ministry of Foreign Affairs and email@example.com, possibly related to the Chumar military post in India – a disputed area between India and China.
“Danti is highly focused on diplomatic entities. It may already have full access to internal networks in Indian government organisations,” Kaspersky Lab alleged in a statement.
“The exploit is delivered through spear phishing emails. In order to attract the attention of potential victims, the threat actors behind Danti have created emails in the names of several high-ranking Indian government officials. Once the exploitation of the vulnerability takes place, the Danti backdoor is installed and this subsequently provides the threat actor with access to the infected machine so they can withdraw sensitive data,” it added.
Though the report names officials from the department of technology, cabinet secretariat and ministry of external affairs, it is silent on the nature of information that might have been compromised.
A spokesperson of the Ministry of External Affairs declined comment for the story stating that it was a security matter.
Kaspersky said Danti has been actively hitting targets in Kazakhstan, Kyrgyzstan, Uzbekistan, Myanmar, Nepal and the Philippines as well.