NEW DELHI, INDIA -- (Marketwired) -- 08/20/15 --
FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today's advanced cyber attacks, today revealed the details of an advanced campaign which appears to target information about ongoing border disputes and other diplomatic matters.
The advanced persistent threat (APT) group behind the operation, which FireEye believes is most likely based in China, sent targeted spear phishing emails containing Microsoft Word attachments to its intended victims. These documents pertained to regional issues and contained a script called WATERMAIN, which creates backdoors on infected machines. The campaign's attacks were also detected in April 2015, about one month ahead of Indian Prime Minister Narendra Modi's first state visit to China.
FireEye has observed WATERMAIN activity since 2011. Over the past four years, this threat group has used WATERMAIN to target over 100 victims, approximately 70 percent of which were in India. The group launching WATERMAIN attacks has also targeted Tibetan activists and others in Southeast Asia, with a focus on governmental, diplomatic, scientific and educational organizations.
"Collecting intelligence on India remains a key strategic goal for China-based APT groups, and these attacks on India and its neighbouring countries reflect growing interest in its foreign affairs," said Bryce Boland, FireEye chief technology officer for Asia Pacific. "Organizations should redouble their cyber security efforts and ensure they can prevent, detect and respond to attacks in order to protect themselves."
APT attacks on organizations in India and neighbouring countries are now commonplace. In April, FireEye revealed the details of APT30, a decade-long cyber espionage campaign by suspected China-based threat actors that compromised an aerospace and defence company in India among others.
About FireEye, Inc.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defences, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 3,700 customers across 67 countries, including 675 of the Forbes Global 2000.
© 2015 FireEye, Inc. All rights reserved. FireEye is a registered trademark or trademark of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.
Source: FireEye, Inc.
News Provided by Acquire Media