December 2, 2016

Chinese malware used to steal secrets from Indian Navy

(LiveHacking.Com) – Hackers, most likely from China, have infected naval systems in India and stolen classified data. According to a report in the Indian Express, the hackers breached systems at the headquarters of the Eastern Naval Command in Visakhapatnam. One possible motivation for the attack is that the Eastern Naval Command plans operations in the South China Sea including the current sea trials for India’s first nuclear submarine, the INS Arihant.

The naval computer systems were infected with malware that collected and transmitted confidential files and documents to Chinese IP addresses. However, since the Navy computers are standalone and don’t have Internet access, it is believed that the malware was transporting files via USB pen drives.  To do this the malware created a hidden folder and collected specific files and documents based on keyword searches. The documents remained hidden on the USB flash drive until it was connected to a computer with Internet access. Then the files were sent to IP addresses in China.

According to the Indian Navy,  “an inquiry has been convened and findings of the report are awaited. It needs to be mentioned that there is a constant threat in the cyber domain from inimical hackers worldwide.”

The alleged Chinese cyber attack was discovered six months ago, but only now are details coming to light. The Indian Navy called in other Indian cyber forensic agencies in an attempt to find the hackers. China has been frequently accused of launching cyber attacks on other nation states including the USA.

Microsoft’s Indian Online Store Hacked

(LiveHacking.Com) – It appears that Microsoft’s online store in India was hacked over the weekend. During the hack the site was defaced and user information exposed including unencrypted passwords. Initially Microsoft didn’t comment on the attack, which is very embrassing for the Redmond company. However they have now commented:

“Microsoft is investigating the limited compromise of the company’s online store in India,” a Microsoft spokesperson told SecurityWeek. “Customers have been notified and provided with guidance to reset their passwords. We are diligently working to remedy the incident and keep our customers protected.”

The hacker taking credit for the attack is known as “7z1&Ancker” and is claiming to be part of “EvilShadow Team”. Microsoft quickly took the site offline once the attack was discovered and it currently remains unavailable.

A Microsoft spokeswoman told Reuters: “The store customers have already been sent guidance on the issue and suggested immediate actions. We are diligently working to remedy the issue and keep our customers protected.”

The website is operated for Microsoft by Indian company Quasar Media.