CYFIRMA has released early warnings on the rise of cyber attacks since the India-China border conflict. It has requested CERT IN to send out public advisory to all the organizations and individuals. They have found out the Chinese hacking groups are planning to attack large number of government and private organizations.
The Indicators Of Compromise (IOC) are mainly used for hosting Command and Control Centre, malware and malware hashes. These led back to Chinese Hacking Groups “Gothic Panda” & “Stone Panda”. IP addresses that are in discussion among hacker groups associate with these two groups. These two groups have close association with the Chinese Government.
Cyber Attacks Groups
Gothic Panda – APT3
This group is responsible for the campaigns – Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap. They have targeted Aerospace, Defense, Construction and Engineering, High Tech, Telecommunications, Transportation and Manufacturing sectors in the past.
Stone Panda – APT10
APT10 – Stealing international trade secrets and supply chain information from various organizations in India, Japan, USA, Canada & Brazil.
Avoid Cyber Attacks
To get the list of IP addresses and more technical details please contact CYFIRMA. The impacted organizations should monitor and block these IP addresses and hashes immediately. Individuals should be careful while downloading files or accessing links. Do not click or download anything in excitement. Do not visit unsecure websites. Don’t be a victim of Cyber Attacks.
Chinese Ministry of State Security Behind APT3 – https://www.recordedfuture.com/chinese-mss-behind-apt3/
APT3 Groups – https://attack.mitre.org/groups/G0022/
CYFIRMA – https://www.cyfirma.com/
CERT IN – https://www.cert-in.org.in/