Two senior officials involved with the country’s cyber security said such attacks are not new or uncommon. “No government data has been compromised since sensitive systems are sequestered,” said one of these officials. (via social media/ twitter )
Two senior officials involved with the country’s cyber security said such attacks are not new or uncommon. “No government data has been compromised since sensitive systems are sequestered,” said one of these officials. (via social media/ twitter )

Ex-defence personnel hit by phishing attack

No government data has been compromised since sensitive systems are sequestered, officials said.
By Binayak Dasgupta, Anisha Dutta, Hindustan Times, New Delhi
PUBLISHED ON FEB 21, 2021 01:54 AM IST

The devices of multiple former defence personnel may have been compromised in a phishing attack launched through a government domain email address, according to technical evidence accessed by HT and disclosures by some of the victims, the latest in a string of attacks that have exploited privileged @gov.in and @nic.in email addresses.

The new attack, which was through an email from an @gov.in address sent on Thursday afternoon, targeted a group of 43 former officers of the army, navy and air force who were part of the 56th course of the National Defence Academy. The sender lured some of them into clicking on a purported invitation for a dinner, which led to a set of malware.

“Some 15-20 people said in our WhatsApp group that they had clicked on the link and were honest about it,” said one of the 43 people, who asked not to be named. Two other persons who clicked on the links themselves told HT that they had, and found suspicious files being downloaded.

HT reported on Thursday that at least two government ministries — external affairs and defence — have sent out alerts this month to their employees, warning about the use of two specific email addresses that belong to the official nic.in and gov.in domains run by the National Informatics Centre (NIC). NIC runs the official email service, handing out accounts to departments, ministries and public sector units run by state and central governments.

Also read: US still unraveling 'sophisticated' hack of 9 government agencies

The people targeted on Thursday said they were not sure how their details may have leaked. One of the people HT spoke to said the 56th course alumni included some people who were also in senior positions in private companies. The three services chiefs, general MM Naravane, admiral Karambir Singh and air chief marshal Rakesh Kumar Singh Bhadauria too belong to the same NDA batch, although their email addresses were not among those targeted.

If accessed through a mobile phone, the link that was sent in the latest attempt prompts users to install a malware disguised as an app for armed forces personnel. In the background, the programme links up with a ‘command and control’ server, and begins uploading any data — photos, documents, audio and video files — stored on the device.

“It also sends WhatsApp files and documents and activates the microphone, records calls and uploads those as well as calls logs,” said Yash Kadakia, the founder of Security Brigade, after he and his team analysed the link and the malware at HT’s request. Kadakia said the malware appeared to only target Android phones, although another set of engineers HT reached out to said people who visited the link using a desktop computer too would be compromised, with anything they type being recorded.

“This malware appears to be new and tailor-made for targets who are associated with the Indian military. None of the commercially available anti-malware products appears to flag it as yet,” Kadakia said, explaining that this was likely to be the first time this hacking tool was spotted in the wild.

On Friday, a government official who asked not to be named said a third alert has been issued about a separate compromised @gov.in email address. It is not yet clear how these email addresses have been breached, and how many more there may be. Altogether, HT is aware of four NIC domain addresses – three with @gov.in suffixes and the fourth an @nic.in one – which are not being disclosed in order to protect any investigations there may be.

When contacted by HT, NIC said phishing attacks “originate from spoofed or compromised accounts,” without responding directly to the specific cases. “State-of-the-art Security controls and measures are deployed to detect and mitigate phishing attacks at NIC. Additional measures such as mandatory multifactor authentication are being deployed to mitigate unauthorised access to user email,” it said in a statement.

“Security measures for authentication of senders to avoid spoofing and to block malicious emails are deployed as per global best practices in NIC / government networks,” it said, adding that security measures “are continuously reviewed and steps are taken to mitigate emerging cyber-attacks”.

The Indian Computer Emergency Response Team (Cert-IN), which investigates incidents of cyber breaches, did not respond to requests for a comment.

Two senior officials involved with the country’s cyber security said such attacks are not new or uncommon. “No government data has been compromised since sensitive systems are sequestered,” said one of these officials.

The second person added that these incidents are the result of poor cyber hygiene and people fall victims to such methods the world over.

The use of compromised government domain accounts also offers hackers the ability to appear more authentic to their targets and bypass system filters that typically divert suspicious emails to junk folders or label them as risky.

“Any attack impersonating a government official is worrying. There is a greater chance that someone will click on a link that looks like it came from an official, increasing the likelihood of such campaigns being successful,” said Gunjan Chawla, programme manager, technology and national security, at Centre for Communication Governance, National Law University Delhi. “Such attacks also risk undermining trust in government’s digital infrastructure,” she added.

SHARE THIS ARTICLE ON
Close
Police line tape. Crime scene investigation. Forensic science.(Getty Images)
Police line tape. Crime scene investigation. Forensic science.(Getty Images)

Mumbai man dies by suicide after killing father, grandfather, say police

By Vijay Kumar Yadav
PUBLISHED ON MAR 06, 2021 02:29 PM IST
  • Police said the young man who murdered his father and grandfather was mentally unstable.
Close
HP chief minister Jai Ram Thakur addressing during the budget session of the state assembly in Shimla on Tuesday. (ANI)
HP chief minister Jai Ram Thakur addressing during the budget session of the state assembly in Shimla on Tuesday. (ANI)

HP MLAs to get full salary from April, MLALAD fund fully restored

PTI
PUBLISHED ON MAR 06, 2021 02:27 PM IST
  • The state government had last year decided to cut 30 per cent salaries of its MLAs and suspend the MLALAD fund for two years to fight the COVID-19 pandemic.
Close
The ruling CPI(M)’s state secretary, Kodiyeri Balakrishnan, Monday said nobody attempted to settle the rape allegation levelled against his son.(PTI File Photo)
The ruling CPI(M)’s state secretary, Kodiyeri Balakrishnan, Monday said nobody attempted to settle the rape allegation levelled against his son.(PTI File Photo)

CPI (M) leader Kodiyeri’s wife summoned by Customs for builder’s smartphone gift

PUBLISHED ON MAR 06, 2021 02:11 PM IST
  • The smartphone gift has links to the gold smuggling case that the Customs busted last July.
Close
Supreme Court. (HT Archive.)
Supreme Court. (HT Archive.)

Supreme Court to commence hybrid physical hearings from March 15

PTI, New Delhi
PUBLISHED ON MAR 06, 2021 01:53 PM IST
The apex court has issued the standard operating procedure (SOP) for the hybrid physical hearings.
Close
India's total COVID-19 active cases have reached 1,80,304, comprising 1.61 per cent of the country’s total number of infections.(Reuters)
India's total COVID-19 active cases have reached 1,80,304, comprising 1.61 per cent of the country’s total number of infections.(Reuters)

15 lakh people vaccinated against Covid-19 on March 5, highest in a day: Centre

Posted by Joydeep Bose | PTI, New Delhi
UPDATED ON MAR 06, 2021 02:00 PM IST
The countrywide Covid-19 vaccination drive was rolled out on January 16 with healthcare workers (HCWs) getting inoculated. The vaccination of frontline workers (FLWs) had started on February 2.
Close
Farmers block Western Peripheral Expressway near Rohtak on 100th day of protest, in Haryana.(Sanjeev Verma/Hindustan Times)
Farmers block Western Peripheral Expressway near Rohtak on 100th day of protest, in Haryana.(Sanjeev Verma/Hindustan Times)

100 days of farm laws protest: Farmers block major expressways. See pictures

By hindustantimes.com | Written by Deepali Sharma, Hindustan Times, New Delhi
UPDATED ON MAR 06, 2021 01:25 PM IST
To mark the 100th day of the landmark protest, protesting farmers' unions decided to observe March 6 as the 'Black Day'.
Close
A police team which rushed to scene of fighting between the two group also came under attack. (Representational photo/Getty Images)
A police team which rushed to scene of fighting between the two group also came under attack. (Representational photo/Getty Images)

3 killed, 9 injured as dispute over land turns violent in Bihar’s Munger

PUBLISHED ON MAR 06, 2021 01:07 PM IST
  • Two groups had been trying to build a wall around a plot of land that is said to belong to a mutth.
Close
Farmers block Western Peripheral Expressway near Rohtak on 100th day of protest, in Haryana.(HT photo)
Farmers block Western Peripheral Expressway near Rohtak on 100th day of protest, in Haryana.(HT photo)

Farmers gather at western peripheral expressway as agitation completes 100 days

By hindustantimes.com | Written by Shivani, Hindustan Times, New Delhi
UPDATED ON MAR 06, 2021 01:06 PM IST
As the capital braces for scorching summers and the harvesting season begins, farmers gathering on Saturday asserted that they had no plans to turn back until their demands were met.
Close
Rajya Sabha MP and Shiv Sena leader Sanjay Raut(HT file)
Rajya Sabha MP and Shiv Sena leader Sanjay Raut(HT file)

News updates from HT: Mumbai police capable of probing Mansukh Hiren's death

PUBLISHED ON MAR 06, 2021 12:56 PM IST
Here are today’s top news, analysis and opinion. Know all about the latest news and other news updates from Hindustan Times.
Close
Dinesh Trivedi joined the BJP on Saturday in Delhi in the presence of party chief JP Nadda and Union minister Piyush Goyal. (ANI)
Dinesh Trivedi joined the BJP on Saturday in Delhi in the presence of party chief JP Nadda and Union minister Piyush Goyal. (ANI)

Dinesh Trivedi joins BJP, 'Now, he is in the right party,' says JP Nadda

UPDATED ON MAR 06, 2021 02:25 PM IST
The former Trinamool MP said it was the golden moment he had been waiting for. BJP president J P Nadda said Trivedi was the right person in the wrong party
Close
Twenty-five nations across the world have already received Made-in India vaccines and forty-nine more countries will be supplied in the coming days, ranging from Europe, Latin America and the Caribbean to Africa, South-East Asia and the Pacific Islands. (Representative Image)(AFP)
Twenty-five nations across the world have already received Made-in India vaccines and forty-nine more countries will be supplied in the coming days, ranging from Europe, Latin America and the Caribbean to Africa, South-East Asia and the Pacific Islands. (Representative Image)(AFP)

India airlifts Covid-19 vaccines to Somalia

ANI
PUBLISHED ON MAR 06, 2021 12:36 PM IST
Under the Vaccine Maitri initiative, India has been providing coronavirus vaccines to its neighbouring countries.
Close
Shiv Sena Rajya Sabha MP Sanjay Raut. (HT File Photo)
Shiv Sena Rajya Sabha MP Sanjay Raut. (HT File Photo)

Mumbai police capable of probing Mansukh Hiren's death, says Shiv Sena

PUBLISHED ON MAR 06, 2021 12:22 PM IST
  • Shiv Sena's Sanjay Raut dismissed the opposition's demand for an investigation into Mansukh Hiren's death by the NIA
Close
It is being speculated that Mithun Chakraborty and Sourav Ganguly may attend PM Modi's Brigade rally tomorrow.
It is being speculated that Mithun Chakraborty and Sourav Ganguly may attend PM Modi's Brigade rally tomorrow.

PM Modi's Brigade rally: BJP clarifies about Mithun Chakraborty, Sourav Ganguly

By hindustantimes.com | Edited by Poulomi Ghosh
UPDATED ON MAR 06, 2021 12:17 PM IST
West Bengal BJP has neither denied nor accepted the speculations, which intensifies the suspense.
Close
Actor Taapsee Pannu is currently shooting for her film Loop Lapeta.(HT_PRINT)
Actor Taapsee Pannu is currently shooting for her film Loop Lapeta.(HT_PRINT)

'According to our finance minister': What Taapse Pannu said on 2013 I-T raids

By hindustantimes.com | Edited by Poulomi Ghosh
UPDATED ON MAR 06, 2021 12:58 PM IST
The raids were also to search her memories of the 2013 raid that happened at her properties, Taapsee Pannu said on Saturday.
Close
Odisha Chief Minister Naveen Patnaik.(HT photo)
Odisha Chief Minister Naveen Patnaik.(HT photo)

Odisha: State govt to increase funds for MSMEs, says CM Patnaik

ANI
PUBLISHED ON MAR 06, 2021 10:45 AM IST
While inaugurating the MSME Trade fair 2021 through Video conferencing, the Chief Minister said "In the next financial year, the budget of MSME Department is being substantially increased.
Close
SHARE
Story Saved
OPEN APP