Indian hackers under Chinese code names launched fresh attack at Pakistan
After a year and half of investigation and analysis, a Chinese cybersecurity company discovered that an advanced persistent threat (APT) group based in India under the code name of “Confucius”, had launched fresh attacks on the Pakistani government and military institutions.
On Tuesday, Chinese cybersecurity company Antiy told the Global Times that the group’s earliest attacks can be traced back to 2013. It mainly targeted the governments, military, and energy sectors of neighbouring countries like China, Pakistan, and Bangladesh to capture sensitive data.
The group was named “Confucius” by international cybersecurity insiders. According to Li Bosong, chief engineer of Antiy, the group uses the command “Confucius says” to deliver its attacks.
“This means that the hackers have studied Chinese culture during their consistent attacks on China,” Li said, observing that the group is good at using spear-phishing e-mails and phishing websites, together with unique social engineering measures to attack targets.
“The group’s actions are driven by political and economic profits. It steals core data or damages the key infrastructure facilities of its targets. Their attacks can have a real impact outside the network,” a source as per the Global Times.
According to Antiy CERT, it detected the group’s attacks against the Pakistani government and military facilities when it traced the attacks from the direction of the South Asian subcontinent since 2021. The group operates in the name of the working staff from the Pakistani government and sends targeted spear phishing e-mails. Once the recipients open or download the documents, Trojan horse programs are installed into the machine, stealing all the data.