James Griffiths, South China Morning Post | August 21, 2015
Chinese hackers are believed to have targeted Tibetan exile groups in India that Beijing views as a threat for at least four years, despite China denying any official involvement in hacking.
One advanced team has been zeroing in on organisations there to steal information related to border disputes and Tibetan exile groups, according to cybersecurity firm FireEye.
Hacks were detected in the run-up to the first state visit to China by Indian Prime Minister Narendra Modi in April, and the group is likely still conducting attacks, FireEye said.
“Over the past four years, this threat group has [targeted] over 100 victims, approximately 70 per cent of which were in India,” it said in a statement.
It “also targeted Tibetan activists and others in Southeast Asia, with a focus on governmental, diplomatic, scientific and educational organisations.”
Beijing has viewed Tibetan groups in India with suspicion ever since the Dalai Lama fled China in 1959 to establish the Central Tibetan Administration, more commonly known as the Tibetan government-in-exile, in Dharamsala.
Unrest in China’s Tibetan autonomous region in the run-up to the 2008 Beijing Olympics led to a crackdown by Chinese authorities and protests by Tibetan groups in India, Europe and North America. A spate of self-immolations in the Himalayan province in 2012 spurred another security crackdown.
China has previously been accused of spying on Tibetan organisations overseas in an apparent attempt to stave off future unrest at home.
In April, FireEye reported that a separate Chinese hacking team, APT30, had been spying on governments and businesses in Southeast Asia and India uninterrupted for a decade, echoing claims made by researchers at US firm McAfee in 2011.
China has always denied involvement in such operations.
“The Chinese government firmly opposes hacking attacks; this position is consistent and clear,” foreign ministry spokesman Hong Lei said after the April report.
China has long been accused of spying on Tibetan groups in India, including the Tibet government-in-exile and the Dalai Lama.
In 2009, researchers at the Information Warfare Monitor, a Canadian NGO, accused Chinese hacking groups of breaking into computers at Tibetan government-in-exile organisations in London, New York and Dharamsala.
“Malware attacks against ethnic minority groups in China including Tibetans and Uygurs, and religious groups such as Falun Gong, go back to at least 2002, and possibly earlier,” according to the University of Toronto’s Citizen Lab, which monitors cybersecurity issues.
Uygurs are a Turkic-speaking ethnic group in the far western Chinese province of Xinjiang. Some complain of discrimination in favour of Han Chinese. Others have been accused of “terrorist” activity by Beijing, including one incident in 2013 when a jeep loaded with knives and sticks crashed in Tiananmen Square, killing five people.
While pinpointing the culprits for any given hack attack can be very difficult, FireEye experts told the Post that, at least in terms of the latest campaign, all signs pointed to China.
They said the attackers were “well-resourced, with long-term objectives”, and conducted operations around the clock, indicating high levels of discipline and funding. The malware used also pointed to China.
“Collecting intelligence on India remains a key strategic goal for China-based APT groups,” said Bryce Boland, FireEye chief technology officer for Asia-Pacific.
“These attacks on India and its neighbouring countries reflect growing interest in [India’s] foreign affairs.”