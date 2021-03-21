The Ministry of Road Transport and Highways on Sunday received an alert from the Indian Computer Emergency Response Team (CERT-In) regarding "targeted intrusion activities" directed towards the Indian transport sector with "possible malicious intentions," a senior official informed HT.

"The Ministry of Road Transport and Highways received an alert from CERT-In regarding targeted intrusion activities directed towards the Indian transport sector with possible malicious intentions. The ministry has advised departments and organisations under the transport sector to strengthen the security posture of their infrastructure," the ministry stated.

"The ministry is issuing an advisory to all departments and organisations under the transport sector to strengthen cybersecurity. Accordingly, NIC, NHAI, NHIDCL, IRC, IAHE, state PWDs, testing agencies and automobile manufacturers have been requested to conduct the security audit of the entire IT system by CERT-In certified agencies immediately and regularly. The audit report and the ATR will be regularly submitted to the government," the officials said.

This comes in the backdrop of a slew of cybersecurity attacks on the Indian government domains over the past few months. HT had previously reported about new phishing emails that used compromised government accounts and targeted groups of officials, attempting to lure them into sharing their passwords on a page that mirrored the government’s official mail server sign-on website - an attack that could have let the attackers gain access to sensitive credentials and files.

The attack prompted the government’s IT departments to send out an alert the following day to large groups of officials, according to emails seen by HT. The incident was the latest in a series of such cyberattacks that leverage compromised @gov.in or @nic.in email addresses issued by the National Informatics Centre (NIC), which may be more successful in luring the targets into sharing sensitive information.

On February 21, HT also reported that the devices of multiple former defence personnel may have been compromised in a phishing attack launched through similar attacks carried out by government-domain email addresses.

Altogether, HT is aware of five NIC domain addresses – four with @gov.in suffixes and the fifth an @nic.in one – that have been used to launch cyberattacks.

Earlier this month, an American cyber intelligence company called Recorded Future also said it had uncovered a suspected China-linked cyber operation that was focussed on India’s electricity grid and other critical infrastructure. While the company did not link the Mumbai incident to the operation (which it titled RedEcho) it discovered, it did not rule out a link. According to Recorded Future, RedEcho deployed malware known as ShadowPad which has been previously linked to Chinese cyber soldiers. ShadowPad has the ability to hand over systems controls to malicious hackers who can then make potentially catastrophic changes to sensitive industrial systems.

Chinese-government linked attackers possibly gained access to computer networks part of India’s power infrastructure, a US-based cybersecurity firm has said, citing technical clues that federal power ministry officials separately said they had been on their radar, fuelling speculation that a blackout in Mumbai last year may have been the result of sabotage.

Hours after the disclosure, the Union power ministry said it had received inputs from Indian agencies — first in November and then again in February this year — about the threat of infection from ShadowPad, prompting remedial measures to be taken.