How This Startup Uncovered Chinese Hackers’ Plot To Target Indian Cyberspace

Cyfirma, a Singapore-based cyber-security research firm, recently confirmed that hacking groups working closely with the Chinese government were planning a nation-wide cyberattack. The chinese hackers were targeting several Indian businesses and government offices, to infiltrate sensitive data and create brand damage.
“In the first week of June, researchers in our company came across a series of conversations about India on the dark web. The chat was primarily in Mandarin, and the hackers were expressing their frustration over India and were discussing ways to ‘teach India a lesson.’
They also published multiple lists with names of companies they plan to target. Apart from that, they also discussed potential methods that could be used to target their data. They did not want to simply hack the company and de-face their website, they wanted to steal sensitive information,” says Kumar Ritesh, the Chairman and CEO of the company, to The Better India.
A spokesperson from the company confirmed that the ongoing jostle for geopolitical supremacy is a key motivation for these cyberattacks.
The chinese hackers were planning to target companies including Reliance Jio Infocomm, Bharti Airtel, Larsen & Toubro, Apollo Tyres, Micromax, Sun Pharma, and Cipla, along with Defence, External Affairs, and Information and Broadcasting ministries. Media houses like Hindustan Times and Times of India were also named as targets.
Who are the Chinese Hackers?
When the published lists were traced back to their sources it led to two well-known hacker groups — ‘Gothic Panda’, and ‘Stone Panda’ — who are directly affiliated to the People’s Liberation Army (PLA).
Gothic Panda is a long-standing Chinese threat actor group that has targeted the aerospace, construction, engineering, telecommunication, transportation, and manufacturing sectors of other countries in the past. Meanwhile, Stone Panda is involved in stealing international trade secrets, and supply chain information from enterprises in Countries such as India, the United States, Japan, Canada, and Brazil.
“The full list of exposed IP addresses along with a detailed technical analysis has been submitted to IN CERT (Indian Computer Emergency Response Team). They have taken necessary actions,” says Ritesh.
From Bhopal to MI5
Kumar Ritesh, the founder of Cyfirma has undoubtedly had an interesting professional journey.
“I got my first job in 1998, as a software engineer in an MNC. My family was thrilled, and the work was alright, but soon a feeling of dissatisfaction set in, and I quit the job in six months, and started to look for other opportunities,” he begins.
During this time, he spent a lot of time on online coder communities writing codes for other users.
Kumar Ritesh, Founder of Cyfirma.“I used to write a lot of codes. I even made a website with a repository of codes I developed. In 1998, my work, on that online community, reached Biolink, a South Korean firm which was involved in the development of switching units and routers. After an interview at the Embassy of South Korea located in Delhi, I was selected for the role of a research engineer,”
Here, he worked as a ‘security-coder’ and was one of the engineers who helped build a cybersecurity layer for that company. But, within 10 months, Ritesh found himself addressing the media over a security-breach issue that the company had faced.
“Since I was the only one fluent in English, I was given a script to read in front of the press. But, I added details to explain the breach in detail. This was aired on national and international media channels. Within a few days, I was contacted by officials in the UK about a job related to coding. I was 23 years old, and it was like a fairytale for me,” says Ritesh.
Little did he know that he had been selected for a job at Britain’s Secret Intelligence Service MI5.
“I cleared the interview, acquired the work visa and moved to London. For 9 months I was working on different projects, but I did not have the slightest idea that I was part of INTERPOL, the International Criminal Police Organisation. Only after I proved trustworthy, did they tell me the real story,” says Ritesh.
In 2008, Ritesh retired from the organisation for personal reasons, and continued to work in different companies across the world until 2016. After gaining experience for two decades it was clear to him that businesses looked at cyber intelligence in the wrong way.
“Most organisations turn to cybersecurity solutions once an attack has taken place. But, if you understand your enemy and your threats, preventive measures can be taken to protect data. My idea was to decode threats to understand who is the hacker, what is their motive, when they will attack, and how they will attack,” says Ritesh.
In February 2016, Ritesh approached various companies with his idea which was well-received by Goldman Sachs.
“Goldman Sachs was our first investor. They agreed to provide us back up, but since we were just starting and did not have the technology, they invited me to join hands with global data analytics firm Antuit.ai, another company they invested with. But, we had an agreement that once Cyfirma grew, we would become a separate entity,” says Ritesh.
Today, Cyfirma has 3 investors — Zodius capital, ZP3 Partners, and Goldman Sachs. The total funding raised by the company stands at $8 million, and the company is also a separate entity. Their clients include companies such as Mitsubishi Corporation and Toshiba.
Precautionary Measures That a Layperson Can Take
The Better India also spoke to Rizwan Shaik, an experienced ‘ethical hacker’ and the founder of Pristine Infosolution, a Mumbai-based IT company. He has closely followed the news about the chinese hackers plot, and reiterates the importance of taking precautionary measures to protect data from unauthorised access or attacks.
“Everything relies on computers and the internet now. There are many threats, some more serious than the others. Among these dangers are malware attacks which can erase all your data, alter data, and steal sensitive information. Therefore, it is important to take precautionary measures and detect attacks before they happen,” he says.
Rizwan says, simple practices like changing passwords regularly, upgrading technical skills of existing IT experts, and keeping antivirus softwares up to date can minimize chances of getting hacked.
Image courtesy: Cyfirma.
(Edited by Gayatri Mishra)
Like this story? Or have something to share?
Write to us: contact@thebetterindia.com
Connect with us on Facebook and Twitter.

Read on source website...

Author: TheBetterIndia.com

We use media & technology to help people do good. How we do this is fairly simple – we share positive stories. By doing so, we have built & inspired an awesome community of people like you who are always sharing ideas with each other, helping each other with resources – and collectively doing good.