Chinese state-sponsored actors have targeted the transport sector in India in the last few months with cyber attacks, according to a top secret note put out by the Computer Emergency Response Team (CERT-In) under the Ministry of Electronics & Information Technology, early this month.
“CERT-In has observed continued targeted intrusion activities from Chinese state-sponsored actors towards Indian transport sector with the possible intention to collect intelligence and conduct cyber espionage. The notable threat actors such as APT41/Barium, Tonto Team, APT101 StonePanda, APT15/K3yChang, APT27/Emissary Panda, Winnti groups & RedEcho have been targeting organisations across a range of industries aligned with the national strategic goals of the Chinese national policy priorities,” says the note accessed by BusinessLine.
IRCTC, Tata Motors, National Highways Authority of India, RITES, Dedicated Freight Corridor Corporation of India, Centre for Railway Information Systems (CRIS) and Roads & Building Dept, Andhra Pradesh are the entities that were subjected to cyber attacks during the period between May last year and as late as February this year.
“The Chinese actors have reportedly used either spear phishing, Drive via Download or exploiting known vulnerabilities present in public facing applications as an initial entry mode to compromise the enterprise network,” says the note dated March 10 sent to the Ministry of Road Transport & Highways (MoRTH) with copies to the Intelligence Bureau, Research & Analysis Wing and the National Security Council Secretariat. “The Ministry has advised departments and organisations under transport sector to strengthen the security posture of their infrastructure. Accordingly, NIC, NHAI, NHIDCL, IRC, IAHE, State PWDs, testing agencies and automobile manufacturers have been requested to conduct the security audit of the entire IT system by CERT-In certified agencies on a regular basis and take all actions as per their recommendations,” the Ministry said in a reply to BusinessLine.
An e-mail sent to Director-General, CERT-In, Sanjay Bahl, asking for details on the note remained unanswered. Calls and messages sent to Ajay Prakash Sawhney, Secretary, MeitY, also remained unanswered.
“Considering the advanced capabilities and infrastructure and tenacity of the Chinese adversaries, CERT-In suggests departments and organisations under transport sector to beef up the security posture of their infrastructure with respect to the continued computer network operations and targeted intrusion,” the note advised. “Organisations should stringently monitor and examine their network perimeter logs (firewall, proxy etc.) particularly with curated list of Indicator of Compromise of this campaign provided by CERT-In,” it added.
Intimate on actions taken
It may be recalled that the recent attacks on the country’s various power assets were also linked to Chinese hackers. Tech giant Microsoft had also warned its customers recently against cyber attacks that have origin in China, primarily targeting its on-premises ‘Exchange Server’ software.