Reports reveal nine Indian firms fell prey to Chinese hackers in 2021

The research data shared exclusively with Hindustan Times shows that a large quantity of sensitive data was hacked and stolen by the group from the targetted servers.

The hacker group, which has been active since at least 2007, is known by several names on the dark web, the most common being Winnti and Barium, reports the newspaper.

Officially, the cybersecurity community recognises it as APT41, where APT stands for Advanced Persistent Threat.

Earlier this year, Group-IB, a Singapore-based cybersecurity company, conducted detailed and focused research into APT41’s activities from January to December 2021.

The research report shows that India was among the biggest targets of APT41.

According to Group-IB’s report, an Indian airline and eight other Indian websites were targeted by the hacker group last year, with just one prize in the crosshairs data.

The research found that the websites were hacked using a method known as SQL injection, where malicious computer code is injected into a website to gain unauthorised access.

‘SQL’ is a programming language, called Structured Query Language, used in programming. Just as a good SQL command leads to productive results, malicious SQL injection leads to unauthorised access.

“With the help of SQL injections, the attackers managed to obtain various levels of access to several databases on the backend with information about credentials, phone numbers, emails of existing users, etc. APT41 also copied several files and managed to launch remote commands on compromised servers,” Nikita Rostovtsev, Threat Analyst at the Group-IB’s Advanced Persistent Threat Research Team, told HT.