Jono Davis

The Elephant in Many Rooms: Orange Indra’s Consistent Hunt for Access in the Asia Pacific Region

Within the ecosystem of espionage-oriented threat actors, there is often an unspoken hierarchy of intrusion sets; China-based, Russia-based, Iran-based, and North Korea-based threat actors are often regarded as being both tactically and strategically more relevant to Western organisations versus others.

In this talk, we look to shine a light on one of the less-discussed threat, introducing an intrusion set we assess to be based in South Asia that we have observed since at least 2024 conducting substantial credential phishing activity across the Asia Pacific region and beyond. This is a threat actor PwC has dubbed Orange Indra (currently not aligned to any open-source nomenclature), responsible for campaigns targeting defence and government entities of countries that align with foreign policy objectives of the country it is based in. The campaigns include what we assess almost certainly to be legitimate, sensitive documents – likely obtained by the threat actor during the course of their operations – relating to specific policy events between the countries of interest.

In using Orange Indra as an example, we will highlight not just the tools, techniques, and procedures (TTPs) of a prolific, efficient, threat actor, alongside a strategic overview of the South Asia more broadly as it pertains to the wider Asia Pacific, and the potential near-future conflicts for regional hegemony.

Finally, this talk provides a platform to emphasise the strategic imperative for organisations, analysts, and the wider intelligence community, to pay attention to threat actors emanating beyond the “Big 4” outlined above.

Jono Davis is a principal analyst for PwC’s threat intelligence team, specialising in the tracking of both Asia Pacific-based and Crime-oriented actors.