Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Indian government and media company ‘targeted by Chinese hackers’

Cybersecurity group suggests attack could be related to China-India border tensions

Tom Batchelor
Wednesday 22 September 2021 13:30 EDT
Comments
An Indian man gets his retina scanned to register for Aadhar, India’s unique identification project, in Calcutta. The agency responsible for India’s national identification database is among the organisations to have been hacked
An Indian man gets his retina scanned to register for Aadhar, India’s unique identification project, in Calcutta. The agency responsible for India’s national identification database is among the organisations to have been hacked (AP)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A state-sponsored Chinese group has been accused of hacking an agency responsible for India’s national identification database as well as a police department and media company, sparking fears over a potentially massive data breach.

Cybersecurity company Insikt Group, part of US-based Recorded Future, claimed the hacking group, given the temporary name TAG-28, made use of Winnti malware to steal hundreds of megabytes of data, including from a Mumbai company whose publications include The Times of India.

Experts said Winnti malware is exclusively shared among several Chinese state-sponsored activity groups.

However Chinese authorities have consistently denied any form of state-sponsored hacking.

Recorded Future said its data showed a 261 per cent increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian organisations and companies in 2021 so far, compared to the whole of 2020.

The action was thought to be politically motivated, with Insikt suggesting the cyberattack could be related to border issues.

Insikt said it could not identify the content of the 500 megabytes of data taken from the Bennett Coleman And Co Ltd media company between February and August, but noted that the company frequently publishes reports on China-India tensions, and that the hack was likely motivated by “wanting access to journalists and their sources as well as pre-publication content of potentially damaging articles”.

The Insikt Group said it also observed about 5 megabytes of data transferred from the police department of Madhya Pradesh state, whose chief minister, Shivraj Singh Chouhan, called for a boycott of Chinese products after June 2020 border clashes with India.

And the group also identified a breach in June and July of the Unique Identification Authority of India, or UIDAI, the government agency that oversees the national identification database.

In that case, it detected about 10 megabytes of data downloaded from the network and almost 30 megabytes uploaded, “possibly indicating the deployment of additional malicious tooling from the attacker infrastructure”.

UIDAI told the Associated Press that it had no knowledge of a “breach of the nature described”.

Additional reporting by agencies

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in