A U.S.-based private cybersecurity company said Wednesday it’s uncovered evidence that an Indian media conglomerate, also as a police department and also the agency responsible for the country’s national identification database are hacked, likely by a state-sponsored Chinese group.
The Insikt Group, the threat research division of Massachusetts-based Recorded Future, said the hacking group, given the temporary name TAG-28, made use of Winnti malware, which it said is exclusively shared among several Chinese state-sponsored activity groups.
Chinese authorities have consistently denied any sort of state-sponsored hacking and said China itself could be a major target of cyberattacks.
The allegation has the possibility of accelerating friction between the two regional giants, whose relations have already been seriously strained by a border dispute that has led to clashes this year and last year.
In its report, the Insikt Group suggested the cyberattack might be related to those border tensions.
“As of early August 2021, Recorded Future data shows a 261% increase within the number of suspected state-sponsored Chinese cyber operations targeting Indian organizations and corporations already in 2021 compared to 2020,” the organization said in its report.
The Insikt Group said it detected four IP addresses assigned to the Bennett Coleman And Co. Ltd. media company in “sustained and substantial network communications” with two Winnti servers between February and August.
It said is observed approximately 500 megabytes of knowledge are being extracted from the network of the privately-owned Mumbai company, whose publications include the Times of India.
Insikt said it couldn’t identify the content of that data, but noted that the corporate frequently publishes reports on China-India tensions, which the hack was likely motivated by “wanting access to journalists and their sources also as pre-publication content of potentially damaging articles.”
The Times of India didn’t answer repeated involves comments.
The Insikt Group said it also observed some 5 megabytes of data transferred during a similar fashion from the police department of Madhya Pradesh state, whose chief minister, Shivraj Singh Chouhan, involved a boycott of Chinese products after June 2020 border clashes with India.
As the group was investigating the Bennett Coleman hack, it said it also identified a compromise in June and July of the Unique Identification Authority of India, or UIDAI, the govt agency that oversees the national identification database.
In that case, it detected some 10 megabytes of data downloaded from the network and almost 30 megabytes uploaded, “possibly indicating the deployment of additional malicious tooling from the attacker infrastructure.”
It suggested such a database could be employed by hackers to spot “high-value targets, such as government officials, enabling social engineering attacks or enriching other data sources.”
The UIDAI told The Associated Press that it had no knowledge of a “breach of the character described.”
“UIDAI has a well-designed, multi-layered robust security system in situ and the same is being constantly upgraded to take care of the highest level of data security and integrity,” the agency said.