India Bolsters Cyber Capabilities amid Growing Attacks from Chinese Actors like Earth Baku
An advanced persistent threat group called Earth Baku has gained a center stage for launching cyber espionage campaign on public and private entities located in the Indo-Pacific region. It’s not the first time when a Chinese cyber campaign has gained attention for carrying out cyberattacks against India.
The Earth Baku group has a history of launching cyber attacks and campaigns on targets through multiple mediums, under the name APT41. It is a cyber threat group responsible for carrying Chinese state-sponsored espionage activity.
Earth Baku’s activities can be traced back to July 2020, when unidentified shellcode loaders, later termed as StealthVector and StealthMutant, were gaining centre stage in the world of malware tools. Both the loaders possess ability to disable an ETW.
Upon analysing, it was revealed that most of the StealthMutant samples used AES-256-ECB for decryption; alternatively, an earlier variant of the loader uses XOR. Once the payload is decrypted, StealthMutant performs process hollowing to execute its payload in a remote process.
The reports suggested that Earth Baku has developed and upgraded its toolset with StealthVector, StealthMutant, and ScrambleCross to facilitate targeted attacks on public and private entities. Indo-Pacific nations like India, Indonesia, Taiwan, Vietnam, Malaysia, and the Philippines are by far the most impacted nations.
Cybersecurity companies like FireEye and Positive Technologies reported a coincidence in Earth Baku’s recent cyber activities stating that they were related to another campaign that has been active since at least November 2018.
The reports suggest that the frequency of cyber attacks in India have increased over the time. Hence, the country has sought to promote penetration testing, vulnerability assessment and investigation, cyber forensics, and other similar profiles in the government sectors too.
Penetration Testing (PT) and Vulnerability Assessment (VA) are the key components of any cyber forensics investigation. PT helps organisations in learning to handle all types of break-in from a malicious entity. Similarly, vulnerability management has the ability to combine the scanning, monitoring, reporting and remediation of risks to other organisations. Cyber forensics too aims to gather evidence targeting potential crimes and disputes that could have adverse impact on an organisation.
By promoting these profiles, India is bringing a change in its existing framework. The firms offering advanced cyber services, promising courses, and certifications are today gaining traction. Indian cyber firms like eSec Forte, ISECURION, SumaSoft, Kratikal Tech Pvt. Ltd., etc. are actively assisting organisations with critical security issues. They are offering penetration testing, vulnerability assessment, threat intelligence services and trainings to businesses to protect them from cyber threat attacks.
With the help of private firms, the country is not only executing measures for remediation, by detecting and eliminating vulnerabilities before they are exploited but constantly looking for areas of improvement. It is both adapting to cyber defences, and at the same time leveling offensive cyber capabilities to target the adversary nations.