Watchdog alerts transport ministry over ‘intrusions’
- This comes after a slew of cyber security attacks on Indian government’s domains over the past few months.
The Union transport ministry on Sunday received an alert from the Indian Computer Emergency Response Team (Cert-IN) regarding “targeted intrusion activities” directed towards the country’s transport sector with “possible malicious intentions”, a senior official said.
This comes after a slew of cyber security attacks on Indian government’s domains over the past few months. On February 25, HT reported about new phishing emails using compromised government accounts to target groups of officials, attempting to lure them into sharing their passwords on a page that mirrored the government’s official mail server sign-on website.
“The Ministry of Road Transport and Highways received an alert from CERT-In regarding targeted intrusion activities directed towards Indian Transport sector with possible malicious intentions. The Ministry has advised departments and organisations under transport sector to strengthen the security posture of their infrastructure,” the transport ministry said in a statement.
The ministry requested NIC, National Highways Authority of India (NHAI), National Highways and Infrastructure Development Corporation (NHIDCL), Indian Road Congress (IRC), Indian Academy of Highway Engineers (IAHE), state PWDs, testing agencies and automobile manufacturers to conduct the security audit of the entire IT system by CERT-In certified agencies. “The audit report and the ATR will be regularly submitted to the government,” the government said.
The previous attack prompted the government’s IT departments to send out an alert to large groups of officials, according to emails seen by HT. The incident leverage compromised @gov.in or @nic.in email addresses issued by the National Informatics Centre (NIC), which may be more successful in luring the targets into sharing sensitive information.
On February 21, HT also reported that the devices of multiple former defence personnel may have been compromised in a phishing attack launched through similar attacks carried out by government domain email addresses.
Earlier this month, American cyber intelligence company Recorded Future also said it uncovered a suspected China-linked cyber operation that was focused on India’s electricity grid and other critical infrastructure. While the company did not link a wide power outage in Mumbai to the operation (which it titled RedEcho), it did not rule out a link. According to Recorded Future, RedEcho deployed a malware known as ShadowPad, which has been previously linked to Chinese cyber soldiers.
Last year, NHAI reported a cyber attack on its email server and said prompt action resulted in no data loss. It shut down its server then as a precaution