Indian data hacked likely by a Chinese group: US-based cybersecurity report
text_fields
An Indian media conglomerate, a police department and the agency responsible for the country's national identification database are reported to have been hacked by a state-sponsored Chinese group.
Evidence for the hack was shared by Insikt Group, the threat research division of Massachusetts-based Recorded Future.
Two IP addresses belonging to the Bennett Coleman and Co. Ltd. media company were detected to have "sustained and substantial network communications" with two Winnti servers". The cybersecurity firm has found that 500 megabytes of data are being extracted from the network.
Insikt stated that the hack was meant to access "journalists and their sources as well as pre-publication content of potentially damaging articles".
Five megabytes of data were extracted from the police department of Madhya Pradesh. Chief Minister of the state, Shivraj Singh Chouhan had called for a ban on Chinese products after border clashes in June 2020.
From the Unique Identification Authority of India (UIDAI), 10 megabytes of data were downloaded and almost 30 megabytes were uploaded. It indicates that additional malicious tooling was deployed to the network, reported Reuters.
The hackers might use the data to identify high-value targets like government officials. UIDAI said that they have a "well-designed, multi-layered robust security system in place and the same is being constantly upgraded to maintain the highest level of data security and integrity".
The report stated that the data shows a 261% increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian organizations and companies in 2021 compared to 2020.
The hacking group is temporarily being called TAG-28 and it used Winnti malware, which is exclusively shared among several Chinese state-sponsored activity groups. Chinese authorities have consistently denied any such cyber activities, reported Reuters.
India and China have had a strained relationship due to a border dispute. The new allegation of cyberattack may increase friction.
