Websites of Indian
government and Tibetan activists in the country are under attack in a
cyber attack campaign engineered by a Chinese hacker, working with one
of the world's largest e-tailers Tencent.
The cyber criminal in question
is Gu Kaiyuan, once a graduate student at a Chinese university that
receives government financial support for its computer security program
and currently an employee at Chinese portal Tencent. Before Kaiyuan
initiated the exploits, collectively called the Luckycat campaign, he was involved in recruiting students for his school’s computer security and defense research.
The Luckycat cyber campaign, has been
linked to 90 attacks in recent past against targets in India and Japan,
as well as against Tibetan activists, said the report released by the
Japanese network security firm. 'Luckycat' has been able to compromise
about 233 computers many of which are in India. A report on the campaign
from cloud security company Trend Micro shows that the Luckycat
perpetrators began around June 2011.
Also, Trend Micro was able to find a set of campaign codes used to monitor compromised systems. “The
campaign codes often contain dates that indicate when each malware
attack was launched. This demonstrates how actively and frequently the
attackers launched attacks,” the report reads. “The campaign codes also reveal the attackers’ intent, as some of these referenced the intended targets.”
The report did not directly
implicate the Chinese government, but security researchers believed that
the style of the attacks and the types of targets indicated
state-sponsored spying.