Image Credits - Shutterstock/Chor muangRecent investigations by Chinese cybersecurity firms have reported a surge in cyberattacks originating from India and targeting countries like China and Pakistan. While the United States has historically been perceived as the primary source of cyber threats to China, experts now warn that South Asian countries, particularly India, are posing a significant and increasingly sophisticated challenge.
A group of Indian hackers allegedly launched a cyberattack against the Chinese military in December 2023, raising concerns about the potential escalation of cyber threats in the region. The targeted attack on the Chinese military, successfully intercepted by China, was not an isolated incident. According to reports, Chinese cybersecurity experts have identified “clear parallels” between this attack and previous ones, suggesting the involvement of the same organization.
This group, known as an Advanced Persistent Threat (APT) dubbed “Bitter” or “Manlinghua,” has reportedly been active since at least 2013, predating the current Indian administration. Bitter’s operations, as exposed by cybersecurity firms, reveal a targeted focus on espionage and information gathering. Their primary targets seem to be military and nuclear sectors, along with government entities, in both China and Pakistan.
The group appears to employ a two-pronged attack strategy, relying on both spear phishing emails and watering hole attacks. Spear phishing involves sending personalized emails containing malicious attachments or links, while watering hole attacks target websites frequently visited by the intended victims, infecting their devices with malware upon access.
While conclusive evidence remains elusive, cybersecurity analysts suspect Bitter’s origins lie in India, potentially backed by state support. This theory draws weight from observed IP address locations and linguistic patterns within the attacks, hinting at an Indian source. Furthermore, Bitter’s suspected connections to other groups like Patchwork, SideWinder, and Donot, also believed to be Indian, bolster this analysis.
These revelations challenge popular misconceptions regarding the primary sources of cyber threats faced by China. While the United States often tops the list of concerns, experts now highlight the significant number of attacks originating from South Asian countries, particularly India.
