A Norwegian cyber security firm has alleged that a sophisticated cyber attack infrastructure appears to originate from India, conducted by private actors with no evidence of state-sponsorship. Norman Shark, Norwegian firm, has also named an Indian company that is known to work with Indian military and intelligence as one of the possible suspects behind the attacks.
The Indian company, Appin Security Group, which figures in the report, has rubbished the claims, saying it was "totally false and very imaginative". The company pointed out that the report itself mentions "we are not implicating or suggesting inappropriate activity by Appin. Maybe someone has tried to hurt Appin by falsifying evidence to implicate them. Maybe some rogue agent within Appin Security Group is involved, or maybe there are other explanations."
Appin also pointed to a report by the Data Security Council of India questioning the credibility of the Norwegian report.
The Norman Shark report said the Indian cyber attack infrastructure "has likely been in operation for over three years, primarily as a platform for surveillance against targets of national security interest that are mostly based in Pakistan and possibly in the United States. It is also used for industrial espionage against the Norwegian telecom corporation Telenor and other civilian corporations. Evidence points to professional project management and outsourcing of key tasks, including some by freelance programmers."
The report said that the attackers based in India seem to have "employed multiple developers tasked with delivering specific malware", and that they appear to have "the resources and the relationships in India to make surveillance attacks possible anywhere in the world".
A senior government official said that one Indian intelligence agency had filed a report with the government a few months ago accusing Appin of wrong doings and probably compromising details of security vulnerability of one of its clients. "It is incorrect that Appin had placed details on any server which was accessible to people or in any manner it could be compromised. Appin always follows industry standard protocols for protecting data," Appin told TOI.
The Norwegian report said that the attacks seemed to target several sectors, including natural resources, telecommunications, law, hospitality and manufacturing. "It is highly unlikely that this organization of hackers would be conducting industrial espionage for just its own purposes, which makes this of considerable concern," the report said.
It added that the findings are currently under investigation by national and international authorities.
The Norman Shark report, titled "Operation Hangover", said the Indian network seems to have targeted victims in over a dozen countries. "Specific targets include government, military and business organizations. Attribution to India was based on an extensive analysis of IP addresses, website domain registrations, and text-based identifiers contained within the malicious code itself," the company said.
"This type of activity has been associated primarily with China over the past several years but to our knowledge, this is the first time that evidence of cyber espionage has shown to be originating from India," a senior official in the Norwegian company said in a statement.
For years now there have been several international reports, making several claims on cyber attacks. Most of these reports, including US official estimates have blamed hackers based in China, especially some units of the Chinese military of carrying out such attacks. Indian investigators have also found evidence of hackers based in Russia, central Asia etc of carrying out attacks on Indian targets. America's CIA and Israel's Mossad have famously used intrusive network attacks to target Iranian nuclear capabilities.