FireEye Reveals Cyber Attacks On India, Neighbouring Nations - Quick Facts

(RTTNews) - FireEye, Inc. (FEYE), a leader in stopping advanced cyber attacks, revealed the details of an advanced campaign which appears to target information about ongoing border disputes and other diplomatic matters.

The advanced persistent threat or APT group behind the operation, which FireEye believes is most likely based in China, sent targeted spear phishing emails containing Microsoft Word attachments to its intended victims.

These documents pertained to regional issues and contained a script called WATERMAIN, which creates backdoors on infected machines.

The campaign's attacks were also detected in April, about one month ahead of Indian Prime Minister Narendra Modi's first state visit to China.

FireEye has observed WATERMAIN activity since 2011. Over the past four years, this threat group has used WATERMAIN to target over 100 victims, 70 percent of which were in India.

The group launching WATERMAIN attacks has also targeted Tibetan activists and others in Southeast Asia, with a focus on governmental, diplomatic, scientific and educational organizations.

"Collecting intelligence on India remains a key strategic goal for China-based APT groups, and these attacks on India and its neighbouring countries reflect growing interest in its foreign affairs," said Bryce Boland, FireEye chief technology officer for Asia Pacific.