A US-based private cybersecurity company said it has uncovered evidence that an Indian media conglomerate, as well as a police department and the agency responsible for the country”s national identification database have been hacked, likely by a state-sponsored Chinese group.
The Insikt Group, the threat research division of Massachusetts-based Recorded the hacking group, given the temporary name TAG-28, made use of Winnti malware, which it said is exclusively shared among several Chinese state-sponsored activity groups.
The group says it detected four IP addresses assigned to the Bennett Coleman And Co. Ltd. media company in “sustained and substantial network communications” with two Winnti servers between February and August.
It said is observed approximately 500MB of data being extracted from the network of the privately owned Mumbai company, whose publications include The Times of India.
The Insikt Group said it also observed some 5MB of data transferred in a similar fashion from the police department of Madhya Pradesh state.
As the group said it also identified a compromise in June and July of UIDAI, detecting some 10MB of data downloaded from the network and almost 30MB uploaded, possibly indicating the deployment of additional malicious tooling from the attacker infrastructure.
UIDAI has a well-designed, multi-layered robust security system in place and the same is being constantly upgraded to maintain the highest level of data security and integrity. UIDAI Strongly denied