Daily Times

A new report published by Antiy Labs, one of China’s renowned cybersecurity companies, disclosed an active hacker team whose members are based in Delhi and has been launching cyber attacks against government agencies and defense departments in China and Pakistan.

The report conducted a comprehensive analysis of the cyber attacks launched by the organization called You Xiang (baby elephant in English) in South Asia, revealing its target, technology and equipment, and exposing the attackers who wear “invisible clothes” and hide behind screens. The company’s vice chief engineer, Li Bosong, told the Global Times that they first detected “baby elephant” activities in 2017, when a number of large-scale targeted cyberattacks on the government, military and defense departments of South Asian countries were found. According to the analysis of their activities, it was found that the group is suspected to be from India, and is not the same as another hacker group from India named “white elephant.” The organization had its own set of relatively independent attack resources and tools, but the attack capability was relatively primary at that time. It might be a newly established attack team with immature technical capabilities.

“That’s why we’ve named this new, advanced threat organization ‘baby elephant,'” Li said. Four years since, the “baby elephant” is on the rampage, expanding their targets. “Since 2017, the number of ‘baby elephant’ attacks has doubled each year, and the attack methods and resources have gradually become richer, and the target has started to cover more areas in South Asia,” Li said. “In 2021, the group began targeted attacks on Chinese institutions for intelligence theft.”

The attacks detected by Antiy Labs include setting up phishing websites, attacking mobile phones with malicious Android applications, and Trojans written in languages such as Python to steal various documents, browser cache passwords and other host system environment information from computers.