NEW DELHI: Data amounting to 8.81 GB was exfiltrated by the hackers from Indian computer systems, according to analysts with EclecticIQ.
Last year, Government of India announced its decision to buy additional Sukhoi fighter jets to augment its Air Force capabilities in wake of the volatility along its northeastern borders.
This announcement started a malevolent chain reaction that was initiated by entities that are yet not identified, in which, among other things, Indian Air Force officials were deceived by hackers which led to compromise and stealing of critical data.
According to analysts with EclecticIQ, a Netherlands-based company that operates in the field of threat intelligence technology, this cyber espionage, which was first identified by the company in the first week of March, data to the amount of 8.81 GB was exfiltrated by the hackers from Indian computer systems.
These include emails of CERT-In, credentials and server details from various Indian government entities, cover letters, personal details of Army personnel, and corporate documents from various Indian energy companies.
Computer Emergency Response Team-India (CERT-In), which works under the command of Ministry of Electronics and Information Technology, is the nodal agency to deal with cyber security incidents in India and is tasked with strengthening security-related defence of the Indian Internet domain.
Speaking to The Sunday Guardian, Arda Büyükkaya, Senior Threat Intelligence Analyst at EclecticIQ, said that the company, which investigated the cyber espionage incident suo-moto, has notified CERT-In and National Critical Information Infrastructure Protection Centre (NCIIPC) about the incident and their findings prior to releasing their report.
The hackers employed phishing emails to distribute their malware. Following the execution of the malware, classified data was stolen. EclecticIQ found that the hackers compromised the personal device of a CERT-in contractor, which indicates that personal devices were not able to stop the malware attack.
The company has found that the hackers have stolen data maintained by agencies responsible for electronic communications, IT governance, and national defence. The hackers also stole data stored by private Indian energy companies including their financial documents, personal details of employees and details about drilling activities in oil and gas.
Some of the Indian companies engaged in drilling activities in oil and gas include—Oil and Natural Gas Corporation (ONGC), Oil India Limited (OIL), Reliance Industries Limited (RIL), Cairn India (now part of Vedanta Limited), Hindustan Oil Exploration Company (HOEC), Essar Oil Limited, Bharat Petroleum Corporation Limited (BPCL), Indian Oil Corporation Limited (IOCL) and GAIL (India) Limited.
As per the analysts, the attack employed the same modus operandi that was used by unidentified hackers in an attack that was discovered in January this year.
During the present attack, the hackers used a decoy PDF document, pretending it was an invitation letter from the Indian Air Force, to infiltrate into the computer systems of their victims. The said letter was signed by “Wing Commander Aryan Singh”’ and contained an invitation on an all-expenses paid trip to a purported event of Indian Air Force in Bengaluru on 17 January.
Another cyber threat intelligence company, Cyble Research and Intelligence Labs (CRIL), based in Atlanta, United States has uncovered a similar cyberattack that targeted Indian Air Force officials earlier this year by sending malware through a ZIP file named “SU-30_Aircraft_Procurement”.
However, the file, when unzipped opens a 16-page pdf file named, “Air HQ PR policy” that was related to availing premature retirement from the India Air Force which was signed by “Air Marshal Arvind Kumar Nagalia”, whose designation was given as Air Officer-in-Charge. The name was a work of fiction.
On Wednesday, General Timothy Haugh, who heads the US military’s cyber command and is Director of the National Security Agency, said that China was working to gain access to critical infrastructure in the United States so that it can threaten those systems in the event of a conflict. Last year, the US officials found that China was using cyber related efforts to gain access to information related to US military bases. This was being done to secure access to critical information that will prove useful in the times of a direct confrontation between the two countries. This information and access to critical systems can and will be used to disrupt or shut down systems leading to chaos and slower response time in the time of crisis.
Despite India facing unprecedented cyberattacks in the last one decade including on civil infrastructure, that have been identified to originate from China, officials took a long time to fully wake up to the massive repercussions of these cyberattacks. They not just impact strategic topics but also discourage allies from sharing of critical information due to the fear that it might be stolen from Indian systems.