The Chinese People’s Liberation Army (PLA) is creating tools for strategic guidance and training personnel necessary to support traditional war fighting disciplines, and is developing computer network operations (CNO) capability. And it uses cyber operations to target its other rivals. The Chinese academic community and hacker groups around the world are heavily focused on researching new ‘zero-day’ vulnerabilities.
There are special cyber-warfare units in the Chinese PLA who target not only Indian defence research organizations but other departments too. The Chinese cyber strategy is based on a broad set of objectives that are derived from Beijing’s interests and started investments in cyber warfare beginning in 1997.
India Vs China
Dr (Prof) Nishakant Ojha, Advisor-Cyber & Aerospace Security, tells Financial Express Online: “India is yet to develop the notion of using cyber for accomplishing its strategic objectives. The Indian State sponsored cyber offensives are mainly observed as targeted towards Pakistan and very few of them towards China. Also, the number of Indian cyber operations publicly attributed to India is much less as compared to that of China.”
However, “range of sectors observed as targeted in these cyber-attacks is very vast as it includes, economic, trade, defence and foreign affairs, other government and research institutes, mining, automotive, legal, engineering, food service, banks, etc. Due to the lack of publicly available information about the activities of intelligence agencies and the armed forces in the cyber arena, it is difficult to pinpoint the entities that lead the offensive cyber campaigns in India,” Dr Ojha who is also an Expert –Counter Terrorism (West Asia & Middle East) adds.
What are the capabilities of Chinese Hackers?
Successful use of spear phishing emails in various ways such as, use of previously compromised email addresses, impersonating prominent individuals who are relevant to the target, and more.
Proficient in Installation of custom backdoors and use of credential stealers, keyloggers.
Have developed components for infecting removable drives, rootkits and Master Boot Record (MBR) bootkits to hide the malware and maintain persistence on the victim’s systems.
Hacking groups can sustain their activities for a long time and successfully modify and adapt source code to maintain the same tools, tactics and infrastructure.
Frequently develop and adapt Zero-Day exploits for operations.
Create profiles and posts on forums to embed encoded C2 for use with a variant of the malware it used which makes it difficult to determine the true location of the C2 and allow the C2 infrastructure to remain active for a longer period.
Other than spear-phishing techniques, the managed service providers are also used to access victim’s networks.
Successful use of browser based exploits.
Ability to infect air-gapped networks.
The operational capabilities of overall Indian hacking community as observed from the operations so far attributed to India are listed below:-
Successful use of spear phishing emails.
Reuse of C&C infrastructures and decoy documents in spear phishing emails.
Use of SQL Injection to access the website server and obtain administration rights in order to deface the website.
Use of information stealers like Delphi Information Stealers, file splitter tools, C++ information stealers (keyloggers, screen grabbers and file harvesters), and various other malware written in Visual Basic.
Rare use of Zero Day exploits for operations.
What is China’s aim?
“China is aiming to establish a large digital footprint across the globe which it could later leverage to project economic and political power and influence the overall global order While India has a separate policy document for cyber, this document is focused only on securing the country’s cyber space and there is no notion, in slightest, about cyber as a tool for projecting power or influence and there is no role for military in the cyber domain,” states Dr Ojha.