A Russian hacktivist group has claimed to have breached the well being administration info system of India, which might include well being knowledge of hundreds of thousands of Indian residents.
“On 15 March 2023, CloudSek’s contextual AI digital threat platform XVigil found a risk actor group claiming to have focused an Indian authorities web site,” cybersecurity agency CloudSek stated in a put up. “An evaluation of the samples shared concluded that the affected entity is the Well being Administration Info system belonging to the Indian Ministry of Well being.”
The Well being Administration Info System is a web-based portal that gives info on well being indicators in India. It compiles knowledge from state and district-level well being authorities, together with knowledge from the Nationwide Household Well being Survey (NFHS), the District Degree Family Survey (DLHS), and the Workplace of the Registrar Common & Census Commissioner.
The Ministry of Well being web site was not accessible on the time of posting the story.
Phoenix group claims accountability for the assault
The Russian risk actor Phoenix group has claimed accountability for the assault on a Telegram channel.
“India determined to impose sanctions towards the Russian Federation. As everyone knows, happening the assault whereas not taking good care of your protection is a somewhat silly and dangerous transfer. Particularly when your enemy is such a strong state because the Russian Federation,” the hacktivist group wrote of their message.
The cryptic message from the group signifies that the assault is a consequence of India’s settlement over the oil worth cap and sanctions of G20 over the Russia-Ukraine conflict, CloudSek stated.
India is ready to host a Group of Twenty (G20) assembly in September. The G20 is an intergovernmental discussion board comprising 19 nations and the European Union (EU) that work in direction of addressing main points associated to the worldwide financial system.
Final month, India declared that it could not breach the Western sanctions on Russia, which features a worth cap of $60 imposed on oil from Moscow.
“Phoenix didn’t approve of the actions of the Indian authorities and threw his firebird feather into probably the most painful and unprotected place of the enemy – his medication. On this means, we simply bought entry to the Indian Ministry of Well being,” the hackers wrote of their put up.
“We’ve entry to each hospital, its workers and chief physicians. Phoenix can simply cease their actions at any second,” the Phoenix group added. The hacker group has posted a number of samples from the HMIS web site on its Telegram channel.
The hacktivist group had additionally carried out a number of polls on the telegram channel asking if they need to retaliate on India’s determination as effectively, CloudSek stated. The cyberattack might end in additional assaults by related hacktivist teams underneath the pretext of India’s geopolitical stances, it might result in hackers promoting exfiltrated licenses, paperwork, and personally identifiable info on cybercrime boards or the knowledge can be utilized for conducting doc fraud utilizing personally identifiable info and license paperwork, CloudSek stated.
Phoenix is part of Killnet
Phoenix is a pro-Russian hacktivist group. It joined forces with Killnet, probably the most well-liked and lively pro-Russian hacktivist teams, final September and supported them in assaults towards Japan. These teams have been concentrating on a number of nations that assist Ukraine within the conflict.
Phoenix has focused hospitals based mostly in Japan and the UK earlier than. It additionally focused a US-based healthcare group serving the US navy, the Ministry of Well being, the Federal Public Procurement Regulatory Authority, the Ministry of Meals Management, the Supreme Court docket, the Ministry of Dwelling Affairs, and quite a few different departments of Pakistan, CloudSek stated.
Russian government-backed attackers ramped up cyberattacks in 2021 in the course of the run-up to the invasion of Ukraine, in response to a report from Google’s Menace Evaluation Group. In 2022, Russia elevated the concentrating on of customers in Ukraine by 250% in comparison with 2020, and the concentrating on of customers in NATO nations elevated by over 300% in the identical interval, Google stated.
As a precautionary measure, CloudSek is advising authorities companies to observe for anomalies in person accounts, which might point out potential account takeovers, utilizing load balancer and DDoS safety providers, and blocking pointless IP addresses and geolocations.
Copyright © 2023 IDG Communications, Inc.
