State-sponsored cyberattacks are increasingly targeting India, according to the India Threat Landscape Report 2020 by cyber intelligence platform CYFIRMA.
“India is a haven for start-ups, a fertile ground for technological innovation, sparking the generation of massive amounts of data that attract cybercriminals,” said Kumar Ritesh, Founder and CEO, CYFIRMA.
“While digital adoption is breaking new ground, the corresponding cyber maturity is low and not keeping pace with technological strides. All these factors are prompting more nations, especially India’s geopolitical foes, to partake in the cyber game targeting India. The Big 3, namely China, North Korea and Russia, authoritarian regimes that are suspected of aiding state-sponsored cybercriminal activities, have shown interest in breaching India’s security perimeters,” Ritesh added.
Threat actors targeting India
Some of the top state-sponsored threat actors targeting India include the North-Korean backed Lazarus group, Chinese state-sponsored threat actors MISSION2025, along with Chinese threat actor Stone Panda/MenuPass/APT 10/ Cloud Hoppe.
Lazarus’ primary activities include spreading new malware samples, and attacking cryptocurrency businesses, while MISSION2025 is suspected of carrying out various campaigns against multiple industries, such as automotive, retail, healthcare, energy, hi-tech, media, finance, telecom, supply chain, and travel, says the report.
The Stone Panda/ MenuPass/ APT 10/ Cloud Hopper “has traditionally shown interest in stealing international trade data and supply chain information from various enterprises across several countries such as India, Japan, Canada, Brazil, etc,” as per the report.
Pakistani government-backed APT36, Operators Transparent Tribe, ProjectM and Mythic Leopard groups have also made it to the list.
The group is believed to have carried out a phishing campaign targeting Indians in the first half of 2020 sending bogus health advisories through emails while impersonating the Indian Government.
“Victims who clicked on the attached document activated a malware that gave them access to…