Tech Rise

The Fifth-generation war is a war of perspectives and India aims to improve its position by becoming the most targeting nation amid the changing war composition. In order to do so, the country is developing both the offensive and defensive cyber capabilities taking help from both the domestic and foreign firms.

A recently disclosed data that suggested India’s use of Israeli spyware – Pegasus has invoked huge criticism for the country. The investigation suggested that the Indian government is targeting its own citizens, although the country has named it baseless accusations.

Over time, powerful non-state groups that use asymmetric warfare tactics to attack the adversaries have emerged in India. The private actors serve India’s geopolitical and geo-strategic interests, giving rise to Indian cyberwarfare and hybrid warfare. Its cooperation with the foreign nations is helping it to attack the adversary’s cyberspace in the most impactful way.

The growing use of mercenaries, non-state actors, etc. is overall challenging the fundamental values of the world order. The states are using new war tactics – information warfare, hybrid warfare, disinformation campaigns etc. to deliver attacks.

India has been cooperating with Israel in the cyber field since 2018. Cybersecurity has become a growing and natural area of close cooperation between India and Israel. A cyber agreement was signed between both the countries to deal with the growing cyber threats amid rapid digitisation.

The move was considered as an important step in confronting the global cyber threats. A recent revelation stated that India has been an important customer of NSO Group of Israel. It used the NSO Group’s spyware to target phone numbers of politicians, dozens of journalists, and businessmen in the country.

The NSO client country is also accused of posing a huge threat to the neighbouring adversary – Pakistan, since the Israeli software has the ability to infect a device without the target’s engagement or knowledge.

Pakistan believes that the phone number previously used by the country’s Prime Minister Imran Khan was a part of surveillance hacking attempt via the Pegasus software and hence an investigation is in the process. Since the data is organised in clusters, it does not reveal the attack details of the NSO clients, thereby holding a total of 10 governments responsible for the attacks.

As per the Indian government, the Pegasus Project report was published by disrupters to help the obstructers in the Parliament. Meanwhile, the political parties are now demanding the Indian government to come out with the truth and their dealings with NSO Group.

It’s not the first time where India has cooperated with the foreign country in the cyber field. In the wake of growing cyber attacks from China, North Korea and Pakistan, the largest democracy in the world has also signed cyber agreements with the US and Russia. Simultaneously, it is building cyber offensive capabilities with the help of private actors.

Indian private firms like Phronesis, Aglaya, Dark Basin, and other APT groups like Viceroy Tiger, SideWinder, and APT C-35 have launched malware attacks against the adversaries. These firms are making sure that India continues to advance in the cyber offensive front while the cooperation and the national cyber strategy to make it better are intact.

About Pegasus:

Amid the growing cyberwarfare activities throughout the globe, India is preparing to expand its intelligence network with the help of private firms. The aim is to enhance information gathering networks to curb cyber terror activities.

Today, the Indian firms supplying surveillance equipment are not only doubling their ground locations in the country but also in foreign nations. ClearTrail Technologies and Aglaya are two Indian firms that have long aimed to ensure security and competitiveness in the changing world by expanding the export of their cyber-surveillance technologies – intrusion software, mobile telecommunications interception equipment, cyber forensics, etc.

The range and diversity of products offered by these Indian firms have improved the country’s cyber-surveillance sector in comparison to the other third-world countries. The factors like compliance costs, quality, and reliability played a key role in the competition.

A 2015 report stating the data and information collection for EU dual-use export control policy review recognised ClearTrail Technologies and Aglaya as the leading Asian firms producing and exporting intrusion software outside the EU. The production and use of intrusion software have comparatively increased in recent years. Several private firms in Asia, the Middle East, and even the US are now emerging as providers of their own intrusion software.

Set up by Praveen Kankariya, an Indore-based computer engineer, ClearTrail Technologies is a renowned lawful interception solution provider offering a wide range of communication interception solutions, monitoring & analytics solutions to intelligence agencies that conduct mission-critical operations to neutralise threats & solve the crime.

Indore-based ClearTrail Technologies provides somewhat similar services as New Delhi-based Aglaya which made headlines for having active links with the world of consumer malware and innovative technology. The latter was also involved with the UAE-headquartered cybersecurity firm, Dark Matter, which was assembling an army of hackers from around the world to help the UAE government accomplish its vested interests.

In 2013, ClearTrail Technologies along with another Indian firm – Shoghi Communications were referred to as part of a global ‘mass surveillance industry’, developing or selling systems for monitoring computers, mobile phones, and emails of unsuspecting masses. They were even named as key suppliers of surveillance equipment to the Indian armed forces and intelligence agencies by the ‘Spy Files’ project of whistleblower website – WikiLeaks.

Shoghi Communications Ltd. has been providing innovatively integrated electronic systems, products, and services to global contractors, military forces, and intelligence agencies of nation-states for some time now. It also provides electronic warfare technology, jammers, systems for airborne and ground platforms, etc. The firm has actively participated in major defence exhibitions around the world, like the Africa Aerospace & Defense show in Centurion in Pretoria or the King Abdullah Airbase show in Amman in Jordan.

As cybercriminals targeted various sectors of the Indian infrastructure, including businesses and financial service firms, the country has decided to bring a section of sovereignty in the upcoming cybersecurity plan. It would not only protect Indian cyberspace against the growing APT attacks but also build up India’s cyber offensive capabilities to fight the adversaries.

While speaking about the new cyber plan at the Pursuit 2021 event, Lt. General Rajesh Pant, India’s National Cybersecurity coordinator stated that it would address the entire cyber ecosystem – cybercrimes, capacity building, audits, research, and developments. The aim is to address the gaps that have made the Indian ecosystem a major target of the adversaries and “create a safe, secure, resilient, trusted and vibrant cyberspace for our national prosperity.”

According to a report issued by the Financial Stability Board (FSB), cyber criminals have targeted security gaps at several Indian firms amid the pandemic. As workers and firms relied more on virtual private networks and unsecured WiFi access points, each of these points posed a new challenge in Indian cyberspace.

The state-led or non-state hackers have been using phishing, malware, and ransomware practices, to target individuals and firms. Rajesh Babu, managing director of Mirox India in Technopark, Thiruvananthapuram believes that in an evolving area of technology, the government should bring stringent rules and regulations to protect the individuals and data from the new kinds of APT attacks.

Hence, a national cyber strategy has been considered as the need of the hour. The cybersecurity plan to include sovereignty would set deliverables for the Indian entities while the country is working through the cyber risk management processes, incident reporting, response and recovery activities, and cloud and other third-party services.

On the other hand, the rise of non-state actors has strengthened India’s cyber offensive front. There are several APT groups keeping track of the adversary data to launch malware attacks.

SideWinder, also known as RAZOR TIGER, Rattlesnake, APT-C-17, T-APT-04, is the most active threat group that has mostly targeted Indian adversaries in South Asia. The private actor has been attacking Pakistan’s military targets since 2012. They use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.

Recent news suggested that a Pakistani threat group – SideCopy is now imitating SideWinder’s infection techniques to deliver malware attacks on India. The attacks from China, Pakistan and North Korea, etc. have made it clear that India is not exempted from cyberwarfare.

Though the Indian cyber-espionage differs from the top state-sponsored threats – Russia and China, the attacks could be devastating even in the less ambitious geographic scope. It is the non-state actors that have constantly strengthened and defended India’s cyber front. Threat groups like Viceroy Tiger, Dark Basin, and APT C-35 have increased cyber-espionage activities against the adversaries, paving the way for Indian cyberwarfare.

Pant said, “The way 2021 has started, I would call it the year of ransomware.” He stated that the private actors should be equally prepared against the state-backed advanced persistent threat (APT) attacks.

Creating secure cyberspace in India has become more strenuous in the wake of persistent cyberattacks on the country. The malware attacks by adversaries have not only targeted the critical infrastructure in India but have advanced to the government and the military sector too.

As a developing country, India possesses cyber offensive and defensive capabilities that could ward off attacks from adversaries. India’s cyber offensive front has been stepped up by the private firms that have launched cyber operations against the neighbouring adversaries covertly. Lately, some of the adversaries are even copying the methods used by the Indian cyber threat groups to launch malware attacks.

One of the Pakistani threat groups called SideCopy was spotted imitating the Indian threat group SideWinder’s infection chains to deliver its own set of malware. SideCopy hackers appear to be highly motivated by the attack methods used by Indian APT groups like SideWinder that have been plaguing governments and enterprises in South Asia and East Asia since 2012. Other Indian groups that have come into the limelight for the same purpose include Dark Basin, Phronesis, Aglaya, etc.

SideWinder Advanced Persistent Threat group has been progressing in offensive cyber operations for a long time now. The firm was spotted using the Binder exploit to attack mobile devices. It proactively targeted victims that included multiple government and military units – in China, India, Nepal, and Pakistan using social-engineering techniques.

At present, SideCopy is actively copying techniques reserved for Sidewinder. Seqrite, Quick Heal’s enterprise security brand stated that the Pakistani cyber-espionage group has been active since 2019. The threat intelligence team first uncovered the spear-phishing campaigns in September 2020.

The team analysed that most of the old attacks were related to ‘Operation SideCopy’ by common IOCs. Cisco Talos, one of the networking giant’s cybersecurity divisions stated that the group has continued to launch cyber operations against the Indian government and military. They used spear-phishing email attacks each of which came with malicious file attachments—ranging from LNK files to self-extracting RAR EXEs and MSI-based installers—that installed remote access trojans (RATs) on infected systems.

SideCopy operators deployed RAT plugins that ranged from file enumerators to credential-stealers and keyloggers. The APT group’s activities posed a close resemblance to the campaigns initiated by another Pakistani threat group called APT36 (aka Mythic Leopard and Transparent Tribe), which has recently shifted its focus to Afghanistan. The Talos report has stated that the sophistication of attacks has comparatively increased and more visible in 2020 and 2021. It also reported a spike in activity by Chinese security firm – Rising.

Over time, state-led or non-state hybrid warfare has multiplied the cybercrime attack options with higher frequency throughout the globe. In India, geopolitical tensions have sped up the process of developing offensive and defensive cyber capabilities. In addition, the government is also looking to unveil a national cyber strategy that would holistically cover the entire Indian cyberspace ecosystem.

In a recent conference organised by the Public Affairs Forum of India, the Indian National Cybersecurity Coordinator Lt. Gen. Rajesh Pant explained the critical aspects of cyberspace. He stated that cyberspace is witnessing technological bipolarity in the geopolitical world and that it is split between the US and China, each advancing with the help of its allies.

Secondly, he stressed India’s need to formulate its approach towards the cyber issue by establishing a national cyber strategy. India is quickly emerging as a new cyber power and a formidable opponent all because of the cyber offensive capabilities it is building with the help of private actors. Following the threats in cyberspace that have become more pertinent, Indian APT groups like Dark Basin, CyberRoot, Phronesis, etc., have been reinforcing India’s cyber front and targeting adversaries.

Recently, China evolved a new internet protocol and even released the Global Initiative on Data Security (GIDS) for the world. It has been aiming to take the control of the data security narrative away from the US when the latter came up with the concept of a “clean network with trusted equipment.” It has built several hacking organisations, many of which have repeatedly targeted Indian cyberspace.

The Chinese threat group – RedEcho’s attack on the Indian power grid in 2020, the Chinese state-backed hackers attacked the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India (SII), the world’s largest vaccine maker and, Chinese state-sponsored threat actor APT41’s attack on SITA, a multinational IT company providing services to the air transport industry, and other airlines, including the Air India, were some of the major recent attack incidents by China.

China’s aggressive cyber-espionage activities have been condemned by several western countries. The US congressman Frank Pallone even urged the Biden administration to support the strategic partner – India. The aim has been to work together on cybersecurity to counter fifth-generation warfare.

The steady increase in cyberwarfare activities throughout the globe has motivated countries to build offensive and defensive capabilities. Countries like the US, UK, Russia, China, North Korea, Iran, Israel, etc. have been launching cyber operations on the developing nations, extending the nature of war.

In the wake of steady growth in the nation-state-sponsored attacks, world nations including India have made cybersecurity a top priority. Several Indian firms have come forward to offer cyber forensics and penetration testing services to the government and agencies at the national and global levels.

Five major Indian firms that have major clients in the corporate, banking, and government sectors are as follows:

Kratikal Tech Pvt. Ltd.

Indian Cyber Security Solutions (ICSS)

Pyramid Cyber Security & Forensic

Orion Security Solutions

3rd Eye Techno Solutions

Some of the above-mentioned companies like Kratikal Tech Pvt. Ltd and Indian Cybersecurity Solutions are also leading providers of penetration testing services and cyber forensics.

Established in 2012 in Noida, India, Kratikal Tech Pvt. Ltd. is one of the trusted established standards to protect businesses and brands from cyber threat attacks. Its services include Network/Infrastructure Penetration Testing, Phishing/Fraud Monitoring Tool, and also avails Real-Time Attack Simulation. It has helped 80+ companies including some Fortune 500 and leading startups across the globe.

On the other hand, Indian Cyber Security Solutions is known for working with government agencies and corporate houses. Incorporated in Kolkata in 2013, the firm provides cybersecurity training services to prevent the system from data leaks and privacy violations. Its services include Web/Network/Android Penetration Testing, Secure Web Development, Secure Code Review, etc.

The other three companies such are Pyramid Cyber Security & Forensic, Orion Security Solutions, and 3rd Eye Techno Solutions are providers of cyber forensics services.

Pyramid Cyber Security & Forensic is a firm in New Delhi, which has also been listed under the 10 most important cyber forensic providers mentioned by Silicon India. It specialises in Digital Forensics & Cyber Intelligence, Fraud Management, and Information Security. It provides for the prevention, detection, resolution of cybercrimes, security breaches, and digital frauds. At present, the Pyramid team of experts is preparing to take the start-up to a position of leadership in the niche space of Digital Crime, Fraud & Forensic Solutions, and Services.

The Indian cybersecurity firms help customers in government, law enforcement, and enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & frauds arising due to misuse of digital & communication devices, applications, and technologies. It has also set up some of the best and prestigious Digital Forensic Labs in Asia, the Middle East & Africa.

Meanwhile, another New Delhi-based firm Orion Security Solutions (OSS) has developed a comprehensive, enterprise solution for individual & enterprise customers, to secure against threats & attacks. It provides tailored intelligence services and customises services according to the needs of the clients. It also provides VAPT services to clients and the government.

Today, ORIONSECURE has a presence in countries such as UAE, Bahrain, and Finland through group entities. In UAE and Bahrain, the firm operates through Universal Security Services LLC, Ascertain Holding Co. S.P.C And Orion Fire & Safety International L.L.C. Respectively.

The 3rd Eye Techno Solutions provides digital investigation solutions, services, and training to the government and private sector which includes video forensics, digital forensics solutions, student management system, customised software solutions, and services. It is a certified company that serves both the govt. & corporate sector in India.

Following the cyberspace battle, the countries around the world are building cyber offensive and defensive capabilities, while employing overt tactics to overcome their adversaries. India being the most targeted country in cyberspace, by tier two countries, is now exerting influence with the help of hybrid warfare strategy.

The consequences of hybrid warfare are considered the most lethal in the present world, for the modus operandi is irregular, uncertain, and varies from the old military war tactics. However, to counter the growing attacks from the neighbouring nations, India is adopting all the present-day global warfare tactics to knock out the regional rivals.

In 2020, FireEye described the cyberattacks on India as “the broadest campaigns by a Chinese cyber espionage actor in recent years. Several Chinese threat groups used phishing emails or Trojan malware and targeted vulnerable systems and devices that remained exposed to the internet.

So India stepped up its cyber offensive game with the help of private actors. From launching malware attacks to campaigning fake news and foreign political intervention, Indian non-state actors took advantage and attacked the adversaries in a comprehensive manner.

It wouldn’t be wrong to say that the non-state actors in India have defended India against cyberattacks from time to time. They have strengthened India’s cyber warfare potential, while their violent measures fitted the contemporary definitions of hybrid warfare.

In the wake of information warfare, Pakistan became the most targeted victim of Indian non-state actors. India’s Srivastava Group played an important role in discrediting Pakistan internationally. The Indian firm launched nearly 750+ fake media sites that promoted pro-government content worldwide in retaliation to Pakistan’s anti-India sentiments.

In the 15-year long global operation, the group targeted the European Union and the United Nations. Later, it even resurrected the dead media, dead individuals, think tanks, and NGOs, launching wide-scale disinformation campaigns to defame Pakistan on a global scale.

The Indian threat groups have also launched malware attacks on the regional rivals. Earlier this year, Cyberroot Risk Advisory, an Indian firm that provides cyber forensics investigation, penetration testing, physical access control, and security testing, etc. was seen to be involved in controversial incidents of hack-and-leak cases. A deep dive into the company’s business shed light upon its businesses in the Middle East and Asia.

A Delhi-based company – BellTrox that was in limelight last year for the ‘years-long hacking campaign’ that targeted more than 10,000 accounts across the globe, was involved with the CERT-In Empanelled Security Audit Company. Meanwhile, several other APT groups like SideWinder, Viceroy Tiger, etc. continued to pose prolific threats to Indian adversaries via phishing and malware attacks.