CloudSEK Report Highlights Recent Cyberattacks Targeting Indian Government Entities

Hacktivist groups from Pakistan and Indonesia targeted India's G20 Summit in September 2023, as part of the #OpIndia campaign that launched coordinated cyberattacks against government websites, a recent report by cybersecurity company CloudSEK has revealed.

During the G20 Summit, coordination efforts were initiated on Telegram for planned attacks, subsequent to which DDoS attacks, website defacement attempts and data leak claims were observed targeting various Indian government and G20-related websites, according to the report.

These include websites of Bureau of Indian Standards, Directorate General of Training, Cyber Conference G20 India website, Indian citizen database, Ministry of Electronics and Information Technology, and Ministry of Information and Broadcasting, among others.

Hacktivists claimed to possess and distribute sensitive data obtained from government websites, with potential sources of data including compromised credentials or misconfigurations.

The Threat Intelligence landscape report also provided an analysis of other recent cybersecurity incidents impacting Indian government entities.

Health And Aadhar Data Breached

On Oct. 9, 2023, health and Aadhaar data of approximately 815 million Indian citizens were breached and advertised for sale on a cybercrime forum, as identified by CloudSEK. Four samples of Aadhaar data were shared in the forum post and subsequent comments were believed to have contained over 3,00,000 data records.

Following this initial advertisement, approximately 5 million records of sample data were released in November 2023, with the stated count of breached records at approximately 795.4 million.

Also in November, samples of health data from the Indian Council of Medical Research were posted on Telegram and Aadhaar data on Cybercrime Forum. These included Covid data, with details such as email addresses, lab ID, patient ID and more.

Indian Mobile Network Consumer Database For Sale

In January, threat actors advertised an extensive Indian Mobile Network Consumer Database for sale, which reportedly included data of 750 million individuals. The information leaked included customer names, mobile numbers, secondary contact numbers, residential addresses, national identification numbers (e.g., Aadhaar), government-issued photo ID numbers and family member names.

According to the CloudSEK report, with compressed data totalling 600 GB and uncompressed data at 1.8 TB, this dataset exposes 85% of India's population to malicious activities, including social engineering attacks, identity theft and scam campaigns.

Access To India’s Election Duty Management System

In February, CloudSEK’s platform XVigil discovered a threat actor selling access to the Election Duty Management System of India. The actor claimed that this access provides the capability to manipulate critical processes within the system.

CloudSEK also discovered multiple stealer log credentials on dark web forums for multiple state election bodies of the Election Commission.

BJP Free Recharge Yojana Scam

On March 13, CloudSEK’s XVigil platform discovered a malicious link posing as the BJP Free Recharge Yojana. Scammers falsely claimed that Prime Minister Narendra Modi was offering three months of free phone recharge to all Indians to garner votes for the BJP in the 2024 elections.

The scammers enticed people to click on a link, which was aimed at collecting phone numbers from unsuspecting individuals. The scam also required users to click the green WhatsApp button and share the offer with five groups or 10 friends, thus involving the user in spreading the scam.

Threat Mitigation

Based on the report findings, CloudSEK recommended the following mitigation strategies for Indian government entities:

• Implementing multi-factor authentication and encryption to protect sensitive data.

• Conducting regular security audits and penetration testing to identify and remediate vulnerabilities.

• Enhancing employee training programmes to raise awareness of common cyber threats and best practices for cybersecurity hygiene.

• Collaborating with cybersecurity providers to deploy advanced threat detection and incident response capabilities.

• Engaging with regulatory authorities and industry partners to stay abreast of regulatory requirements and industry standards.