Bringing cybersecurity globally to critical and complex key activities
> Countries List :
India, Pakistan, Bangladesh, Nepal, Sri Lanka, Maldives, Bhutan
South Asia is a geographic and geopolitical zone that is still fragmented due to current and historic tensions and conflicts.
South Asia News
See moreSouth Asia is shaped by significant regional tensions, most notably between the three giants, namely India, Pakistan and Afghanistan, but also by a desire for rapprochement and integration in order to protect from the influence of neighbouring powers.
_INDO-PAKISTANI TENSIONS AND KASHMIR
The conflict between India and Pakistan began in 1947, when the two countries gained independence and the British Raj was split in two. Pakistan is a predominantly Muslim country that was formed as the Islamic Republic of Pakistan. India, conversely, is a secular state that inherited much of the territory of the Raj.
Shortly after independence, the First Indo-Pakistani war took place in Kashmir. The Kashmir region, independent since 1947, spans territories claimed by India, Pakistan and China. Pakistan and India lay claim to all of these territories. Reflecting this complex heritage, the population of Kashmir is now predominantly Muslim, but it is ruled by a Hindu Maharaja.
This first war ended in 1949 after the United Nations brokered a ceasefire agreement based on a future Line of Control (LoC). Since the LoC was established, Kashmir has been a region in two parts: Indian Kashmir and Pakistani Kashmir. The Line of Control has become a militarised zone, with the Indian and Pakistani armies facing off across the divide. The Indo-Pakistani conflict remains crystallized on the Kashmir issue. Today, the border between India and Pakistan is considered one of the most dangerous in the world.
On 14 February 2019, tensions between Pakistan and India reignited when a suicide attack claimed by Pakistan-based Islamist group Jaish-e-Mohammed (JeM) killed 41 Indian soldiers. The attacker was a 20-year-old Kashmiri rebel, whose act led to a resurgence of military activism in the region. Narendra Modi, Prime Minister of India since 2014, condemned the attack and announced that there would be a response. On 18 February, in retaliation, India conducted an armed raid in the area where the attack had taken place. Nine people were killed in the town of Balakot, where a JeM training camp is located. The resurgence of terrorist attacks in the region is worrisome for the Indian government, which is using all possible means to protect against them. Since both countries are nuclear powers, and the border between them is one of the most militarised in the world, an open conflict would be devastating for the region.
_FOR THIS REASON, THE CYBER LEVER APPEARS THE BEST WAY FOR EACH SIDE TO ASSERT ITS CLAIMS
Indo-Pakistani tension is mostly latent, with no open and direct confrontation since 1971. Nonetheless, current tensions are high, and groups of cyberattackers, suspected to be from both countries, regularly conduct operations against each other’s security forces. After the February 2019 suicide attack, the number of cyberattacks increased. On the Pakistan side, ATK64 (alias Mythic Leopard) is a Pakistan-based group whose operations are most likely conducted from Karachi. It uses social engineering and spear phishing to target Indian military and defence entities.
On the Indian side, ATK11 (alias Patchwork) is a cyber espionage group active since at least 2010. One of its specific techniques is the use of code copied and pasted from multiple online forums combined with high-quality social engineering. It began with Operation Hangover, the purpose of which seemed to be surveillance of targets of national security interest to India, such as Pakistan and the Nagaland movement. The group was also involved in the Monsoon campaign, which targeted various sectors in India’s neighbouring countries.
_AFGHANISTAN: THE UNSTABLE STATE
India and Pakistan have different relationships with Afghanistan. Historically, each country’s bilateral relations with its Afghan neighbour have oscillated between long-term support projects and containment actions linked to the presence of the Taliban.
India was the only South Asian country to recognise the Soviet-backed Democratic Republic of Afghanistan in the 1980s. In turn, Pakistan suffered destabilisation attempts perpetrated by the Soviets and implemented by the Afghan government with the objective of arming Pakistan’s Pashtun independence fighters so they could overthrow the regime of the time. Since then, Pakistan has continued to treat its westerly neighbour with suspicion.
With the rise of the Taliban movement, both countries have maintained their course of action. India supported the then regime, helping overthrow the Taliban, while Pakistan has been regularly accused by Afghanistan of funding the mujahideen through its Inter-Services Intelligence (ISI).
Before the Taliban came to power, India provided Afghanistan with substantial aid (it was the fifth largest contributor in 2017 with $3 billion) and maintained its stance toward the Taliban. However, the summer 2021 was marked by a formal meeting between Taliban leaders and an Indian delegation in Qatar.
Relations between Pakistan and the Taliban are more complex, especially since the Taliban announced that it does not recognise the Durand Line, which marks the border between the two countries. Furthermore, Pakistan, like Afghanistan, has suffered Taliban attacks on its soil, which has prompted the two countries to cooperate more closely in recent years.
Despite Afghanistan’s instability and this historic context, both India and Pakistan are trying to cooperate with their neighbour. Notably, Pakistan has reached a Memorandum of Understanding with Afghanistan for the establishment of the Afghanistan-Pakistan Transit Trade Agreement (APTTA) and the construction of a rail link between the two countries. This cooperation may extend to joint defence and intelligence sharing operations.
In turn, India, which historically has a stronger relationship with Afghanistan, has set up agricultural development projects on Afghan territory and, in the last decade, several hundred Afghan soldiers have been trained at Indian institutions.
_DESPITE THESE PARALLEL BILATERAL COOPERATIONS, WHICH REMAIN IN PLACE TODAY, CYBER OPERATIONS ARE STILL BEING CONDUCTED
For example, the ATK64 group (Transparent Tribe, APT36), suspected of being sponsored by Pakistan, has repeatedly targeted Afghanistan in espionage operations. The most recent attacks were in July 20211.
Another attacker group known as SideCopy APT, affiliated with Pakistan, has led attack campaigns against public and private organizations in South Asia, including ministries in India and Afghanistan. In 2021, some of the most notorious victims included Afghanistan’s ministries of finance and foreign affairs, the administrative office of the Afghan president, and a computer containing the credentials of the Indian government and education departments. In the case of the attacks against Afghanistan, the attacker was able to exfiltrate numerous personal documents including diplomatic visas as well as the IDs of Afghan government officials. SideCopy APT uses fake documents as well as Trojan Horses distributed via spear-phishing techniques.
_SOUTH ASIAN ASSOCIATION FOR REGIONAL COOPERATION
At the regional scale, the eight South Asian countries created the South Asian Association for Regional Cooperation (SAARC) in 1985 to promote cooperation between member states and drive economic development.
This regional organisation has permanent links with the United Nations as an observer. It has also developed ties with other regional organisations such as the European Union. In 2006, SAARC created the South Asian Free Trade Area (SAFTA) encompassing 1.6 billion people.
At the local level, cooperation projects are emerging. In 2015, the gas pipeline project linking four South Asian countries, namely Turkmenistan, Afghanistan, Pakistan and India, was born. This project, which allows the countries to achieve greater energy autonomy, strengthens the ties between the South Asian states.
These various cooperation projects, aimed at better regional integration and economic development, are also intended to give the countries in the region greater autonomy with respect to neighbouring powers. The region is surrounded by China to the north and east and by Iran to the west. It should also be noted that Russia, further north, has a historic influence in the region. This influence has been achieved by cyberthreat actors suspected of being sponsored by these neighbouring powers.
The region is surrounded by China to the north and east and by Iran to the west. It should also be noted that Russia, further north, has a historic influence in the region. This influence has been achieved by cyberthreat actors suspected of being sponsored by these neighbouring powers.
A COMPLEX SINO-INDIAN RELATIONSHIP, SOURCE OF POLITICAL TENSIONS AND CYBER OPERATIONS
China and India are states that share many similarities. Formerly under colonial rule, both countries have experienced exceptional economic and demographic growth that has allowed them to assert themselves as major powers at the regional and global levels. The two governments maintain close relations, particularly at the economic level, marked by bilateral partnerships and their leading role in the Shanghai Cooperation Organization (SCO). In spite of this collaboration, tensions remain between the two political regimes as they clash over their common frontier as well as over the trade routes developed in recent years.
CONFLICT AROUND THE SINO-INDIAN BORDER ZONE
June 15, 2020 is an important date in the evolution of the border conflict between the two countries. For the first time in 45 years, the frontier zone was the scene of violent clashes leading to the death of Indian and Chinese soldiers in the mountainous Galwan River valley. This historic conflict is based on divergent views between the two regimes, with India considering the frontier region to be nearly 3500 km long, compared to an estimate repeated by the Chinese media of around 2000 km. While the likelihood of an open conflict between India and China remains low, the intensification of tensions related to the frontier regions could lead both sides to resort more frequently to the cyber tool.
SILK ROAD AND FREEDOM ROAD: A SYMBOL OF SINO-INDIAN RIVALRY
In 2013, Xi Jinping gave a speech in Astana in which he unveiled the comprehensive project to build infrastructure along the ancient Silk Roads. This project called «The New Silk Roads» shows the Chinese hegemonic ambition to create a new strategic paradigm along land and sea routes. In order to compete with this ambition, India and Japan have developed an infrastructure and transport project that is supposed to revitalize the trade routes between the Asian and African continents: the «Freedom Road». The rivalry between both projects tends to intensify tensions between Beijing and New Delhi. The port of Gwadar, a symbol of the «New Silk Roads», has to face competition from the port of Chabahar, inaugurated in 2017 by an Indo-Iranian alliance wishing to challenge the grip of Chinese influence in Central Asia.
THE RISE IN SINO-INDIAN TENSIONS HAS LED TO A SHARP INCREASE IN CYBER ESPIONAGE ACTIVITIES BY CHINESE-BASED ATTACKER GROUPS ON INDIAN TERRITORY
The energy sector has been particularly affected, as have port facilities. TTPs analysis seems to correlate these actions to the activity of Chinese attacker groups, including APT41, Tonto Team or even RedEcho.
In 2013, India announced its desire to compete with the «New Silk Roads.» That same year, a group known as Wet Panda, operating since 2010 launched massive campaigns against the country. The government, the Indian Informatic Centre, the defence industry, telecom providers and even NGOs were targeted. An IP address of one of the attackers was associated with a university based in Chengdu, China. The same targets were attacked in 2018 by operations attributed to ATK2 (Wicked Panda). This campaign appears to be related to the inauguration of the port of Chabahar, Iran, a competitor to Gwadar, a few months earlier.
SEVERAL GROUPS POTENTIALLY SUPPORTED BY CHINA HAVE TARGETED THE REGION
They include ATK2 (APT17), ATK13 (Turla), ATK23 (Icefog), ATK34 (APT30) and ATK41 (APT10). Among the groups suspected of being linked to Russia are ATK5 (APT28) and ATK116 (CloudAtlas). Lastly, groups believed to be of Iranian origin, such as ATK19 (RocketKitten), ATK51 (MuddyWater) and ATK229 (APT-C-50), have also targeted countries in the region.
South Asia is a geographic region that tends to move towards closer unity despite the dissensions and diversities. It is physically permeated by contradictory geopolitical issues, culturally shaped by beliefs, which are hard to reconcile, and historically marked by a heritage of conflict. Tensions between India and Pakistan, the instability of Afghanistan and the great difference in development and wealth between the countries make regional integration unlikely. This is reflected in the many cyberattacks between groups in these countries.
However, the states in question are trying to overcome the difficulties through development projects, bilateral and multilateral cooperation and the creation of a free trade area.
These challenging attempts are motivated by an awareness of a broader contextual dimension. Regional integration, albeit imperfect, should help the countries in the region protect from neighbouring influences and gain significance on the international stage in an autonomous manner. As we have seen, cyberattacks from neighbouring countries occur regularly and often focus on destabilisation and espionage by exploiting these historic, cultural and physical animosities.