Advertisement
Advertisement
India
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Intrusions into Indian networks have escalated in the past year, Recorded Future said. The alleged Chinese hacks follow a rapid deterioration in relations between the two countries. Photo: Shutterstock

Indian government, media giant targeted by Chinese hackers, research firm says

  • Data may have been stolen from a government agency that handles the private biometric information of more than 1 billion Indian citizens
  • The media group that publishes The Times of India also appeared to have been targeted, said the new report by cybersecurity firm Recorded Future Inc
India
Chinese state-sponsored hackers are believed to have infiltrated and stolen data from an Indian government agency and one of India’s largest media conglomerates, according to a new report by cybersecurity firm Recorded Future Inc. Both the government agency and the media company dispute the claims.

The Unique Identification Authority of India, also known as the UIDAI, contains the private biometric information of more than 1 billion Indian citizens. The authority’s networks were believed to have been breached during intrusions tracked between June and July this year, though it is not clear what data was taken, according to Recorded Future. 

The government agency said it had no knowledge of such a breach and that its database was encrypted and only available to users with multi-factor authentication. The agency had a “robust security system in place” that was constantly upgraded to maintain the “highest level of data security and integrity”, an email from the agency said.

02:44

US, Britain and EU accuse China of sponsoring massive Microsoft email server hack

US, Britain and EU accuse China of sponsoring massive Microsoft email server hack

Bennett Coleman & Co., also known as the Times Group, which publishes The Times of India, also appeared to be targeted by the Chinese hackers, according to Recorded Future. Data was exfiltrated from the company between February and August, but it was not clear data was stolen, Recorded Future said.

The company dismissed the report, saying the “alleged exfiltration” was blocked by its cybersecurity defences.

Explainer | What are the hacking accusations against China?

The chief information officer for the Times Group, Rajeev Batra, said an internal security report for the company described the intrusions as “non-serious alerts and false alarms”. 

China’s Foreign Ministry did not immediately respond to a request for comment during a holiday period in the country.

Recorded Future, a cybersecurity firm based near Boston, said it used a combination of detection techniques and traffic analysis data to identify patterns of suspicious network traffic between servers the government agency and media company used and servers used to administer and control the hackers’ malware.

In addition to data supposedly being siphoned away, Recorded Future said it was highly likely that malicious software was embedded inside the agency’s and the media companies’ computer networks, which would allow the hackers to remove data on demand. 

An increase of 120 per cent [in the number of suspected state-sponsored cyber operations] between 2019 and 2020, demonstrates China’s growing strategic interest in India
Recorded Future Inc cybersecurity report

Responding to the Times Group’s comments, Jonathan Condra, the lead analyst on Recorded Future’s report, said he was able to observe “sustained communications across a single session that lasted five days” from the media company’s networks. He said there were also “strong indications” that the communications were coming from within the Times’ computer networks and going out to malicious servers, “which suggests a successful implant communicating outwards”.

The hackers used a type of malware called Winnti, which Condra described as a “pretty old tool that is shared across a large number of Chinese APT groups over the years”. APT stands for advanced persistent threat, a term commonly used to describe state-sponsored hacking groups. 

The other tool deployed was Cobalt Strike, a piece of software typically used for network defence but that “has been adopted by threat actors, not just in China but elsewhere as a means of throwing ambiguity into attribution efforts,” Condra said. “If it’s a commercially available tool it’s a lot harder to say it’s tied back to specific nations.” A representative for Cobalt Strike did not immediately respond to a request for comment. 

Intrusions into Indian networks have escalated in the past year, Recorded Future said in its report. The alleged Chinese hacks follow a rapid deterioration in relations between the two countries. According to its data, Recorded Future said there was a 261 per cent increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian entities through August of this year, compared to 2020. The suspected intrusions track back to the start of a bloody skirmish between Indian and Chinese soldiers at a border post in the Himalayas, Condra said. 

Indonesia denies report of Chinese hacking group breaching intelligence agency

“This follows an increase of 120 per cent between 2019 and 2020, demonstrating China’s growing strategic interest in India over the past few years,” the report said. 

Recorded Future believes the UIDAI was targeted because of its database of biometric information though it’s not clear if the database was breached. The value of such bulk personal identification data is its ability to potentially identify government officials, enable social engineering attacks or add to data already gathered on potential targets, Condra said. 

The Times Group could have been a target because of its reporting on Indian-Chinese tensions, “likely motivated by wanting access to journalists and their sources”, the report said.

This article appeared in the South China Morning Post print edition as: suspected of stealing biometric datahinese Hackers Target Indian Agency, Media Company, Report SaysDenial by ‘victims’ of suspected Chinese hack attacks
2