Criminals hack govt officials computers in 2016: Kaspersky

Computers of senior government officials at Cabinet Secretariat, ministries of external affairs and IT were compromised by a Chinese cyber espionage group between February and March this year, a Russian software security company has claimed.
The attackers were able to sent emails from account of a cabinet secretariat official with malicious attachment, Kaspersky said in a report.
"On March 28th several malicious document were sent to various recipients at the Cabinet Secretariat of Government India from the email account of Ms ..., Deputy Secretary at the Department of Administrative Reforms and Public Grievances, the nodal agency of the Government of India," the report said.

Kaspersky discovered comments in Chinese languages in various filed it has obtained from Chinese cyber espionage group Danti's network.
"Danti is highly focused on diplomatic entities. It may already have full access to internal networks in Indian government organizations," Kaspersky claimed.
"The origin of Danti is unknown, but Kaspersky Lab researchers have reason to suspect that the group is somehow connected to the Nettraveler and DragonOK groups. It is believed that Chinese-speaking hackers are behind these groups," the report said.

The cyber security firm has identified the campaign by the group leveraged the exploit for CVE-2015-2545 in Microsoft Office in February 2016.

"As a result, several emails with attached DOCX files were uploaded to VirusTotal. The email recipients were connected to the Indian Ministry of External Affairs," the report said.
It said that Indian embassy in Hungary, Denmark and Colombia were tragetted by Danti.
"In the case of the Indian Embassy in Hungary, it looks like the original message was forwarded from the embassy to the Indian IT security team in the Ministry of Foreign Affairs, and uploaded later to Virus Total," the report said.
It said that Danti masqueraded email of senior government officials and shared to official email ids of India mission.

An email sample published in the report showed an e-mail sent to Indian Embassy in Hungary by fake account of an IT Ministty official but the signature carried full details of the official including his designation, phone number, office address etc.
"In order to attract the attention of potential victims, the threat actors behind Danti have created emails in the names of several high-ranking Indian government officials. Once the exploitation of the vulnerability takes place, the Danti backdoor is installed and this subsequently provides the threat actor with access to the infected machine so they can withdraw sensitive data," the report said.