Political turmoil over remarks made on Prophet Mohammed has now reached cyberspace, with foreign hacktivist groups making a call for hacking Indian government websites, a report by cybersecurity company CloudSEK said.
As a result of the call made by Malaysian hacktivist group DragonForce, several Indian government websites including that of Indian Embassy in Israel (indembassisrael[.]gov[.]in), National Institute of Agricultural Extension Management (manage[.]gov[.]in) and others were hacked, the report said. Servers of Host Net India, web hosting company, were also hacked, it added.
The company directly linked the cyber attack to a June 10 tweet by DragonForce, who called on hackers all over the world to target Indian government websites through a campaign called Operation Patuk. CloudSEK said that it has also discovered other threat actor groups joining this operation.
Image depicting hacked Time8 YouTube live stream with Pakistani flag as the image. Source: CloudSEK
“In response to DragonForce’s clarion call, Team Revolution Pakistan has already hacked Time8, an Assam-based digital news channel. During a live news stream, the channel’s transmission was interrupted and replaced by Pakistan’s flag and background hymn praising Prophet Muhammad,” the report said.
The group is also planning to target Bharatiya Janata Party’s official website and an Indian government website for Army veterans by undertaking large-scale DDOS attacks, wherein an attacker floods a server with internet traffic to prevent users from accessing connected online services and sites, the report added.
The modus operandi
To help other groups who are participating in the campaign for launching attacks, the report said that DragonForce has shared social media credentials of Indian nationals, especially that of Facebook with its allies. It has also shared, what it claims to be username and password combos to accounts of a nationalised bank.
To mainly target victims, CloudSEK said that attackers have been password spraying compromised accounts on social media sites, targeting hosting providers to gain unauthorised access to hosted websites, perpetrating local file inclusion attacks on web applications and also leveraging tools for DDOs attacks.
Alleged Facebook credentials of Indian users shared by Malaysian hacktivists | Source: CloudSEK
For instance, their analysis on the hack on HostNetIndia, the web hosting provider, said, “Further research suggests that the initial attack seems to be on web servers compromised using shared hosting exploits. The attackers could have also exploited and bypassed admin SQL or abused Google dork index to upload a reverse shell to the system.”
The groups have also been targeting users using Microsoft document exploits, malwares and ransomwares, and phishing campaigns using SMS and WhatsApp messages with malicious files, the report added.
Mitigation
Commenting on the campaign Darshit Ashara, Principal Threat Researcher, CloudSEK said, “As we have seen during the Russia-Ukraine conflict, hacktivists are persistent and resourceful. So, it’s imperative for the Indian government and private organisations to take this campaign seriously.
“We need to start by nullifying the low-hanging fruit that threat actors typically use as initial vectors to initiate attacks. This includes malware logs, misconfigured applications, default passwords, unpatched or outdated servers and other assets, and previously leaked databases being sold on the dark web,” he added.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
