Chinese state-sponsored hackers are believed to possess infiltrated and stolen data from an Indian agency liable for a national identification database and one among that country’s largest media conglomerates, consistent with a replacement report by cybersecurity firm Recorded Future Inc. Both the govt agency and therefore the media company dispute the claims.
The Unique Identification Authority of India, also referred to as the UIDAI, contains the private biometric information of quite 1 billion Indian citizens. The authority’s networks were believed to possess been breached during intrusions tracked between June and July this year, though it isn’t clear what data was taken, consistent with Recorded Future.
The government agency said it had no knowledge of such a breach which its database was encrypted and only available to users with multifactor authentication. The agency had a “robust security system in place” that was constantly upgraded to take care of the “highest level of knowledge security and integrity,” an email from the agency said.
Bennett Coleman & Co., also referred to as the days Group, which publishes the days of India, also seemed to be targeted by the Chinese hackers, consistent with Recorded Future. Data was exfiltrated from the corporate between February and August, but it wasn’t clear data was stolen, Recorded Future said.
The company dismissed the report, saying the “alleged exfiltration” was blocked by its cybersecurity defenses.
The chief information officer for the days Group, Rajeev Batra, said an indoor security report for the corporate described the intrusions as “non-serious alerts and false alarms.”
China’s Foreign Ministry didn’t immediately answer an invitation for comment during a vacation period within the country.
Recorded Future, a cybersecurity firm based near Boston, said it used a mixture of detection techniques and traffic analysis data to spot patterns of suspicious network traffic between servers the govt agency and media company used and servers wont to administer and control the hackers’ malware.
In addition to data supposedly being siphoned away, Recorded Future said it had been highly likely that malicious software was embedded inside the agency’s and therefore the media companies’ computer networks, which might allow the hackers to get rid of data on demand.
Responding to the days Group’s comments, Jonathan Condra, the lead analyst on Recorded Future’s report, said he was ready to observe “sustained communications across one session that lasted five days” from the media company’s networks. He said there have been also “strong indications” that the communications were coming from within the Times’ computer networks and going bent malicious servers, “which suggests a successful implant communicating outwards.”
The hackers used a kind of malware called Winnti, which Condra described as a “pretty old tool that’s shared across an outsized number of Chinese APT groups over the years.” APT stands for advanced persistent threat, a term commonly wont to describe state-sponsored hacking groups.
The other tool deployed was Cobalt Strike, a bit of software typically used for network defense but that “has been adopted by threat actors, not just in China but elsewhere as a way of throwing ambiguity into attribution efforts,” Mr Condra said. “If it is a commercially available tool it is a lot harder to mention it’s tied back to specific nations.” A representative for Cobalt Strike didn’t immediately answer an invitation for comment.
Intrusions into Indian networks have escalated within the past year, Recorded Future said in its report. The alleged Chinese hacks follow a rapid deterioration in relations between the 2 countries. consistent with its data, Recorded Future said there was a 261% increase within the number of suspected state-sponsored Chinese cyber operations targeting Indian entities through August of this year, compared to 2020. The suspected intrusions track back to the beginning of a bloody skirmish between Indian and Chinese soldiers at a border post within the Himalayas, Mr Condra said.
“This follows a rise of 120% between 2019 and 2020, demonstrating China’s growing strategic interest in India over the past few years,” the report said.
Recorded Future believes the UIDAI was targeted due to its database of biometric information though it isn’t clear if the database was breached. the worth of such bulk personal identification data is its ability to potentially identify officialdom , enable social engineering attacks or increase data already gathered on potential targets, Mr Condra said.
The Times Group could are a target due to its reporting on Indian-Chinese tensions, “likely motivated by wanting access to journalists and their sources,” the report said.