Threat Intelligence

Nascent China-linked cyberespionage campaign hits India

China Bans Cyber Attacks: Examining Internet Security with Chinese Flag and Binary Data Through a Magnifying Glass Concept

Cybernews reports that India was subjected to a China-linked cyberespionage campaign in early December that involved the spoofing of India's tax office.

Malicious emails purporting to be from the Income Tax Department of India included a file that allowed the exploitation of a trusted Windows process for covert operations, as well as the deployment of an initial stage loader that conducted comprehensive anti-analysis checks, according to an analysis from eSentire's Threat Response Unit.

Subsequent retrieval of the secondary payload is followed by privilege escalation and the distribution of a custom toolkit that fortifies persistence before the launch of the Chinese-developed SyncFuture TSM software, which has been adapted as a surveillance framework. Aside from the exploitation of SyncFuture software, attackers have also harnessed multiple code-signing certificates signed from 2019 to 2024.

"The campaign demonstrates characteristics consistent with advanced persistent threat (APT) operations focused on long-term espionage rather than financial gain," said the report.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds