Antiy Labs first detected the activities of 'baby elephant' in 2017

Last week, a bipartisan panel of the US Congress submitted an annual report on the economic and military threats posed by China. The latest report of the U.S.-China Economic and Security Review Commission (USCC) mentioned activities of Chinese hackers, including references to cyber attacks against India since the standoff in Ladakh started.

Interestingly, Chinese state media on Saturday played up references to activities of Indian hackers. Global Times referred to a report by Antiy Labs, a Chinese cyber security company, which apparently mentioned the activities of an organisation called 'You Xiang (baby elephant)'. Antiy Labs claimed 'baby elephant' “was suspected to be from India” and the company first detected its activities in 2017.

Antiy Labs claimed to have noticed 'baby elephant' while investigating “large-scale targeted cyberattacks on the government, military and defence departments of South Asian countries”.

Li Bosong, a vice chief engineer with Antiy Labs, told Global Times “Since 2017, the number of 'baby elephant' attacks has doubled each year, and the attack methods and resources have gradually become richer, and the target has started to cover more areas in South Asia... In 2021, the group began targeted attacks on Chinese institutions for intelligence theft.”

Global Times described the attacks of 'baby elephant' as including “setting up phishing websites, attacking mobile phones with malicious Android applications, and Trojans written in languages such as Python to steal various documents, browser cache passwords and other host system environment information from computers”.

The report claimed the targets of the attack typically included institutions in countries like Nepal, Pakistan and Afghanistan. “Li also pointed out the similarity of their domain names, which all tend to imitate the official domain names of government organs and state-owned enterprises in Pakistan, Nepal and Sri Lanka. They also tended to adopt the dynamic domain names under the US network service provider No-IP, such as hopto.org and myftp.org,” Global Times reported.

Li warned 'baby elephant' was “likely to become the main attack group in South Asia in the future”.

Chinese state media has previously reported that India-based hackers were targeting government, defence and military units in China and Pakistan.