Form of words:
Hong Kong: Chinese state-sponsored hackers are believed to have accessed data from a national identity database and an Indian government agency responsible for one of that country’s largest media groups, according to a new report by cybersecurity firm Recorded Future Inc. infiltration and theft. Both the government agency and the media company dispute the claims.
The Unique Identification Authority of India, also known as UIDAI, holds the personal biometric information of over 1 billion Indian citizens. The authority’s network is believed to have been breached during a tracked intrusion between June and July this year, though it is not clear what data was captured, according to Recorded Future.
The government agency said it had no knowledge of such breach and that its database was encrypted and available only to users with multifactor authentication. An email from the agency said the agency had a “robust security system” that was continuously upgraded to maintain the “highest level of data security and integrity.”
According to Recorded Future, Bennett Coleman & Company, also known as the Times Group, which publishes the Times of India, was also targeted by Chinese hackers. Recorded Future said data was extracted from the company between February and August, but it was unclear if the data had been stolen.
The company dismissed the report, saying the “alleged boycott” had been blocked by cybersecurity protections.
Times Group chief information officer Rajiv Batra said an internal security report for the company described the intrusion as “non-serious alerts and false alarms”.
China’s foreign ministry did not immediately respond to a request for comment during the holiday period in the country.
Recorded Future, a cybersecurity firm based near Boston, said that it has developed a system to identify suspicious network traffic patterns between the servers of a government agency and a media company and the servers used by hackers to try and control the malware. used a combination of detection techniques and traffic analysis data.
In addition to the supposed data, Recorded Future said it was highly likely that malicious software was embedded inside the agency and media companies’ computer networks, which would allow hackers to extract the data on demand.
Responding to the Times Group’s comments, Recorded Future report principal analyst Jonathan Kondra said he was able to observe “continuous communication over a session lasting five days” from the media company’s network. He said there were also “strong indications” that communications were coming from within the Times’ computer network and going to malicious servers, “which suggests a successful implant communicating outward.”
The hackers used a type of malware called Vinty, which Kondra described as a “very old tool that has been shared among a large number of Chinese APT groups over the years.” APT stands for Advanced Persistent Threat, a term commonly used to describe state-sponsored hacking groups.
Kondra said the other tool was the cobalt strike, a piece of software commonly used for network defense but “has been adopted by threat actors not only in China but elsewhere.” “If it’s a commercially available device it’s very hard to say if it’s tied to specific nations.” A representative for Cobalt Strike did not immediately respond to a request for comment.
Recorded Future in its report said that infiltration into Indian networks has increased in the last one year. Relations between the two countries have deteriorated sharply after the alleged Chinese hacking. According to its data, Recorded Future said there was a 261% increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian entities during August of this year compared to 2020. The suspected infiltration tracks back to the beginning of a bloody skirmish. Between Indian and Chinese troops at a border post in the Himalayas, Kondra said.
“This follows a 120% increase between 2019 and 2020, reflecting China’s growing strategic interest in India over the past few years,” the report said.
Recorded Future believes UIDAI was targeted because of its database of biometric information, although it is not clear whether the database was breached. The value of such bulk personal identification data is its ability to potentially identify government officials, enable social engineering attacks or add to previously collected data on potential targets, Kondra said.
The report said the Times Group could have been a target because of its reporting on Indo-Chinese tensions, “potentially driven by a desire to have access to journalists and their sources”. –bloomberg
Read also: India’s IPO frenzy sees bankers trade work-life balance for a hefty fee
subscribe our channel youtube And Wire
Why is the news media in crisis and how can you fix it?
India needs independent, unbiased, non-hyphenated and questionable journalism even more as it is facing many crises.
But the news media itself is in trouble. There have been brutal layoffs and pay-cuts. The best of journalism are shrinking, yielding to raw prime-time spectacle.
ThePrint has the best young journalists, columnists and editors to work for it. Smart and thinking people like you will have to pay a price to maintain this quality of journalism. Whether you live in India or abroad, you can Here.