BEIJING — India is under attack, virtually.
A sophisticated cyberespionage group, probably based in China, is taking advantage of India’s weak cyberdefenses to burrow into government bodies and academic institutions to steal sensitive diplomatic information, a leading U.S. network security company alleged Friday.
The group has also attacked other South and Southeast Asian countries, as well as Tibetan activists outside China, over the past four years, cybersecurity company FireEye said. But the group seemed particularly interested in India and its border disputes with neighboring countries.
“It is most likely Chinese,” said Bryce Boland, FireEye’s chief technology office for Asia Pacific, in an interview. “We don’t have a smoking gun, but all roads lead to China.”
The report is likely to fuel mistrust between Asia’s two most populous countries, which went to war in 1962 and continue to dispute large parts of their 2,500-mile border. India’s border with Pakistan is also disputed and heavily militarized, although India recently resolved another border dispute with Bangladesh to the east.
The cyberespionage group sent targeted spear-phishing e-mails to its intended victims, with Microsoft Word attachments containing information on regional diplomatic issues, FireEye said.
The attachments contained a script called “WATERMAIN” that, if opened, could infect the user’s computer, creating a “backdoor” that would allow the attacker access.
Boland said the attacker used a vulnerability in Microsoft software that has been known about for three years. The fact that dozens of attacks were successful underlines India’s inability to detect and protect itself against such attacks, he said, and the “very poor state” of its cyberdefenses.
The group was careful not to leave traces that could pinpoint the origin of the attacks. But the operation, which runs throughout the week and round the clock, appeared sophisticated and well-resourced.
In the past, Chinese cyberspies have given themselves away by, for example, using the same IP address used in hacking attacks to access social media accounts or even post photographs. But this group appeared to have good operational security, Boland said.
Still, there are clues to its whereabouts. The WATERMAIN script appeared to have been designed for Chinese-speaking users, Boland said, and targeted information of interest to the Chinese government. Attacks were seen on government bodies as well as diplomatic, scientific and educational institutions in Asia.
In April, FireEye said it had identified another cyberespionage group, also suspected to be based in China, that has been running a decade-long campaign to spy on India and Southeast Asia.
That group, FireEye said, is “particularly interested in regional political, military and economic issues, and media organizations and journalists who report on topics pertaining to China and the government’s legitimacy.”
Cyberespionage has also become a major bone of contention between the United States and China: Washington has accused Beijing of stealing valuable corporate intellectual property and suspects it was behind the theft of the personal information of millions of federal employees last year; Beijing points to Edward Snowden’s revelations about a massive, global spying operation run by the U.S. government.
The United States and India agreed this month that they would join forces to crack down on cybercrime and raise their cyberdefenses, after two days of talks in Washington.
Annie Gowen in New Delhi contributed to this report.