BANGKOK: A US-based private cyber security company said on Wednesday that it has revealed that an Indian media group, a police department and the agency responsible for the country’s national identity database have been hacked, possibly from a state Sponsored by Chinese Group.
Insect Group, the threat research division of Massachusetts-based Recorded Future, said the hacking group, which has been tentatively named TAG-28, used Winnti malware, which it said was specifically linked to several Chinese state-sponsored activities. shared between groups.
The Chinese regime has consistently denied any form of state-sponsored hacking, saying China itself is a major target of cyberattacks.
The allegation is likely to increase friction between the two regional giants, whose relations are already severely strained by a border dispute that has led to clashes this year and last year.
In its report, the Insect Group suggested that the cyberattacks may be related to those border tensions.
The organization said in a report, “As of early August 2021, recorded future data suggests that there was a higher number of suspected state-sponsored Chinese cyber operations targeting Indian organizations and companies already in 2021 than in 2020. The numbers have increased by 261 percent.”
Insikt Group said it traced four IP addresses assigned to the Bennett Coleman & Co Ltd media company in “continuous and substantial network communication” with two Winnti servers between February and August.
It is said that about 500 megabytes of data is being extracted from the network of the privately owned Mumbai company, whose publications include The Times of India.
Insight said it could not identify the content of that data, but noted that the company frequently publishes reports on Sino-India tensions, and that the hack was likely “to journalists and their sources as well as to pre-publication material”. Was motivated by a desire to access potentially harmful articles.”
Bennett Coleman’s chief information officer Rajiv Batra said the company also received information about the suspected hack from CERT-In, the government agency that deals with cyber security threats, and responded several weeks ago.
Most of the data was “in the DNS query category, which was blocked/dropped in our defense infrastructure,” he said in an emailed comment. The company’s own investigation of the hack classified the incident as a “non-serious alert and false alarm,” he said.
Insect Group said it also observed about 5 megabytes of data transferred in a similar manner from the Madhya Pradesh state police department, whose Chief Minister Shivraj Singh Chouhan called for boycotting Chinese products in June 2020 following a border clash with India. called upon.
The Police Department did not immediately respond to an email seeking comment.
As the group was investigating the Bennett Coleman hack, it said it identified a compromise in June and July between the Unique Identification Authority of India, or UIDAI, the government agency that oversees the national identity database.
In that case, it detected about 10 megabytes of data downloaded from the network and about 30 megabytes uploaded, “possibly indicating the deployment of additional malicious tooling from the attacking infrastructure.”
It suggested that such databases could be used by hackers to identify “high-value targets, such as government officials, enabling social engineering attacks or enriching other data sources”.
UIDAI told the Associated Press that it had no knowledge of “violations of the nature described.”
“UIDAI has a well-designed, multi-layered robust security system and is continuously being upgraded to maintain the highest level of data security and integrity,” the agency said.
Recorded Future said all victims of the hack were notified prior to publication of the report and provided its full findings.
by David Rising
This News Originally From – The Epoch Times