In an announcement validating the concerns of the IACS, the U.S. Coast Guard and other organizations regarding maritime cybersecurity vulnerabilities, the Indian Navy said Thursday that hackers had attempted to penetrate its computer network defenses to track and monitor the aircraft carriers INS Vikrant and INS Vikramaditya.
Reports varied on the extent of the attacks, but ZeeNews suggested that hackers had been able to track the vessels, at least for a limited period of time. Intelligence agencies are working to combat the problem.
Media reports have linked recent attacks on Indian agencies to the hacking group APT 30, a long-running computer espionage group believed to be based in China. APT 30’s Naikon malware is designed to infect computers without warning and silently monitor email messages, keystrokes, screen images and network traffic. E-security firm FireEye reported on the group’s activity last year; they suggested that it had targeted Indian and SE Asian government and commercial organizations for more than a decade.
APT 30’s malware delivery method relies on decoy documents attached to emails, and the content and subject matter of the documents consistently involves India-China military relations and border disputes, suggesting carefully tailored and targeted attacks (rather than wide-scale attempts to infect computers at random). APT 30 has also been observed to target journalists and activists. The general pattern of attacks, FireEye says, suggest that organizations which are critical of Chinese interests are the primary targets.
FireEye has recently identified another allegedly Chinese hacking group, dubbed WATERMAIN, which also specializes in targeting Indian and SE Asian agencies and organizations, says CTO Bryce Boland. He recommends an adversary-oriented “wartime mindset” for government and commercial network administrators in order to prevent future attacks.