SUMMARY
The group, RedAlpha, has also consistently spoofed login pages for India’s NIC, which manages wider IT infrastructure and services for the Indian government: Report
Cybersecurity firm Recorded Future also found a fake email login page resembling the webpage of the NIC’s email service
The group targeted organisations across the globe, including Taiwan’s Democratic Progressive Party and ministries of foreign affairs of multiple countries
Chinese government-backed hackers allegedly targeted India’s National Informatics Centre (NIC) in a cyberattack, according to a report released by cybersecurity firm Recorded Future.
NIC manages the information technology (IT) infrastructure of the Indian government.
“The group has also consistently spoofed login pages for India’s National Informatics Centre (NIC), which manages wider IT infrastructure and services for the Indian government,” the report said.
The cybersecurity firm also found a fake email login page resembling the webpage of the NIC’s email service. NIC’s webmail service is reserved for all union ministers, parliamentarians as well as key officials of the central government.
The attack was allegedly the handiwork of a group called RedAlpha and targeted a slew of humanitarian and government organisations including Amnesty International, Taiwan’s Democratic Progressive Party and ministries of foreign affairs in multiple countries.
The attacks were largely marked by the use of large numbers of domains typosquatting as the web addresses of these organisations. Typosquatting refers to deliberate use of misspelling of uniform resource locators (URLs) to enable hackers to undertake theft of confidential user login data.
NIC was the seventh largest victim of the spoofing attacks. More than 10 typosquat domains deployed by RedAlpha were uncovered by the firm.
“Since at least 2015, RedAlpha has consistently registered and weaponised large amounts of domains for use in credential-theft campaigns. These domains typically imitate well-known email service providers and spoof specific organisations that are either directly targeted in RedAlpha activity or that can be used to impersonate those organisations in activity targeting proximate organisations and individuals,” the report said, underlining the modus operandi of the group.
A user unaware of the spoofing could enter his credentials, thereby, compromising the security of the overall system.
The report adds to the growing hostilities between India and China. In the recent past, Chinese state-backed hackers have also tried to break into critical government installations. In April, it was reported that Chinese cyber attackers broke into a network of seven power grid hubs in north India, including Ladakh. The government then claimed that the ploy was foiled by the authorities.
In December last year, it was reported that the Intelligence Bureau (IB) warned authorities that hackers from China, Pakistan and North Korea were on the lookout to hack systems related to India’s nuclear and defence production.
Last month, the union government informed the Parliament that the Indian Computer Emergency Response Team (CERT-In) reported more than 6.74 Lakh cybersecurity incidents till June this year.
In April this year, authorities also stated that more than 600 social media accounts of the central government were hacked in the last five years.
