Chinese state-sponsored hackers infiltrated and stole data from an Indian government agency responsible for a national identification database.
- According to Recorded Future, the network was breached between June and July this year.
- The Times Group also appeared to be targeted by Chinese hackers.
- Intrusions into the Indian Network have escalated in the past year.
Chinese state-sponsored hackers infiltrated and stole data from an Indian government agency responsible for a national identification database.
The Unique Identification Authority of India (UIDAI) comprises the private biometric information of more than 1 billion Indian citizens.
According to Recorded Future, the authority’s networks we're assumed to have been breached during intrusions traced between June and July this year, though it is not evident what data was taken.
The government agency explained it had no knowledge of such a breach and that its database was encrypted and only accessible to users with multi-factor authentication. The agency had a "robust security system in place" that was continuously upgraded to retain the "highest level of data security and integrity," said an email from the agency.
Times group
According to Recorded Future, Bennett Coleman & Co., also known as the Times Group, which publishes the Times of India, was also targeted by Chinese hackers.
Data between February and August was exfiltrated from the company, but it wasn’t clear that data was stolen.
The company dismissed the report, saying its cybersecurity defences blocked the "alleged exfiltration".
Rajeev Batra, the chief information officer for the Times Group, said that an internal security report for the company defined the intrusions as “non-serious alerts and false alarms.”
What Recorded Future claims?
Recorded Future, a cybersecurity firm based near Boston, said it utilised a combination of detection techniques and traffic analysis data to identify patterns of uncertain network traffic between servers the government agency and media company used and servers used to administer and control the hacker’s malware.
In addition to data supposedly being siphoned away, Recorded Future said malicious software might have been embedded inside the agency’s and the media companies computer networks, which would permit the hackers to wipe out data on demand.
Responding to the Times Group’s comments, Jonathan Condra, the lead analyst on Recorded Future’s report, said he could observe “sustained communications across a single session that lasted five days” from the media company’s networks. He added there were “strong indications” that the communications were coming from within the Times’ computer networks and going out to malicious servers, “which implies a successful implant communicating outwards.”
Winnti and Cobalt Strike
The hackers deployed a type of malware called Winnti, which Condra defined as a “pretty old tool that is shared across a large number of Chinese APT groups over the years.”
The other tool used was Cobalt Strike, a piece of software generally used for network defence but that “has been adopted by threat actors, not just in China but elsewhere, as a means of throwing ambiguity into attribution efforts, ” said Condra. “If it’s a commercially available tool, it’s a lot harder to say it’s tied back to specific nations.”
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?