BCCL, UIDAI, MP Police were targets of state-sponsored Chinese hackers: Insikt Group

Earlier this year, Insikt Group documented a RedEcho campaign targeting India’s critical national infrastructure following India's skirmish with China at Galwan

e4m by exchange4media Staff
Updated: Sep 24, 2021 1:04 PM
Insikt Group

The Insikt Group, the threat research division of Massachusetts-based Recorded Future, has said that media conglomerate Bennett Coleman and Company Limited (BCCL),  Madhya Pradesh Police department, and the Unique Identification Authority of India (UIDAI), which is responsible for the country’s national identification database, have targets of Chinese state-sponsored hacking groups.
The US-based private cybersecurity company noted that India continues to bear the brunt of hostile cyber operations from Chinese state-sponsored groups. Earlier this year, Insikt Group documented a RedEcho campaign targeting India’s critical national infrastructure following a rapid deterioration in bilateral relations after both countries clashed on the China-India border. They also recently identified renewed RedFoxtrot operations targeting an Indian state-owned enterprise involved in the nuclear, space, and defence sectors.

“Following this theme of Chinese targeting of Indian entities, we have identified further suspected intrusions targeting the Indian media conglomerate Bennett Coleman And Co Ltd (BCCL), commonly known as “The Times Group”; the Unique Identification Authority of India (UIDAI); and the Madhya Pradesh Police department. The UIDAI is the Indian government agency responsible for the national identification database, more commonly called “Aadhaar”, which contains private biometric information for over 1 billion Indian citizens. These intrusions were conducted by an activity group we track using a temporary designation, TAG-28,” the Insikt Group said in a report.

The report further stated that Chinese state-sponsored intrusions targeting news outlets is not a recent phenomenon. In 2013, the New York Times, the Washington Post, and Bloomberg News were targeted by a Chinese group in a widespread intelligence-gathering operation following a series of published articles that were perceived as presenting China unfavourably. Subsequently, in 2014, pro-democracy news outlets in Hong Kong were targeted during the Umbrella Movement protests. TAG-28’s Winnti campaign targeting BCCL is the latest in a long line of targeted intrusions against international media outlets.

TAG-28, the report said, is highly likely targeted UIDAI due to its ownership of the Aadhaar database. “Bulk personally identifiable information (PII) data sets are valuable to state-sponsored threat actors. Likely uses of such data include, but are not limited to, identifying high-value targets such as government officials, enabling social engineering attacks, or enriching other data sources,” it added.

Given the reach of The Times Group publications and their consistent reporting on the “India China war”, TAG-28’s targeting of BCCL is likely motivated by wanting access to journalists and their sources as well as pre-publication content of potentially damaging articles focusing on China or its leadership, the report added.

“It is less likely that TAG-28 would gain access to media entities to interfere with publishing platforms by changing or disrupting articles supporting Chinese information operations,” it noted.

As of early August 2021, Recorded Future data shows a 261% increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian organizations and companies already in 2021 compared to 2020. This follows an increase of 120% between 2019 and 2020, demonstrating China’s growing strategic interest in India over the past few years.

The Insikt Group observed about 5 megabytes of data transferred from the police department of Madhya Pradesh state. Pertinently, MP CM Shivraj Singh Chouhan had called for a boycott of Chinese products after June 2020 border clashes with India.

BCCL detected about 10 megabytes of data downloaded from the network and almost 30 megabytes uploaded, possibly indicating the deployment of additional malicious tooling from the attacker infrastructure.

The Associate Press quotes Rajeev Batra, chief information officer for Bennett Coleman, as saying that the company also received information on the suspected hack from CERT-In, the government agency that deals with cybersecurity threats, and responded to it several weeks ago. He further stated that Most of the data was in the “DNS queries category, which got blocked/dropped at our defence infrastructure, said in an emailed comment. The company’s own investigation of the hack classified the incident as “non-serious alerts and false alarms,” he said.

The group has also identified a compromise in June and July of the Unique Identification Authority of India, or UIDAI, the government agency that oversees the national identification database. It suggested such a database could be used by hackers to identify “high-value targets, such as government officials, enabling social engineering attacks or enriching other data sources.”

UIDAI told The Associated Press that the organisation has a well-designed, multi-layered robust security system in place and the same is being constantly upgraded to maintain the highest level of data security and integrity.

Read more news about (internet advertising India, internet advertising, advertising India, digital advertising India, media advertising India)

For more updates, be socially connected with us on
Instagram, LinkedIn, Twitter, Facebook & Youtube