Emails and passwords of hundreds of Union government officials have been exposed to hackers due to the recent data breaches of Air India, Domino’s and Big Basket, the government has warned officials.
The internal communication, accessed by The Hindu, said the compromised emails on government domains such as @nic.in and @gov.in are potential cyber threats as they are being used by “adversaries” to send malicious mails to all government users.
Days after the alert was sent on June 10, several government offices, including Defence Ministry officials, were targeted by a malicious web link sent on WhatsApp and SMS, asking them to update their vaccination status.
The message asked officials to click on https://covid19india.in to generate a digital certificate of COVID-19 inoculation, redirecting them to a page “@gov.in” that resembles the government website mygov.in, and asked for the official e-mail and password.
According to Rajshekhar Rajaharia, cyber researcher, the website was hosted in Pakistan in June. “The page mentioned @nic.in email IDs to make the official believe it is a government page. The purpose seemed to be getting the e-mails and passwords of only government officials and get unauthorised access to government systems, the page does not accept any other domain such as gmail.com,” said Mr. Rajaharia.
Air India informed passengers on May 15 that its passenger service system, provided by multi-national IT company SITA, was subjected to a sophisticated cyber attack in the last week of February which affected around 45 lakh “data subjects” in the world registered between August 26, 2011 and February 3, 2021. Government officials are frequent Air India flyers.
The alert sent to officials said, “It is intimated that recent data breaches of Air India and other companies like Domino’s, Big Basket etc. have resulted in exposure of e-mail ID and passwords of many users, which includes lots of government email IDs as well. All such compromised gov. domain emails are potential cyber threats as they are being used by the adversaries to send out malicious mails to all gov email users. It may please be noted that largely these are name based email IDs which are available with the malicious actors.”
A government official said while such phishing attempts were common, in the past one year it has intensified.
The Union Power Ministry on March 1 said “State-sponsored” Chinese hacker groups had targeted various Indian power centres. U.S. cyber security and intelligence firm, Recorded Future, discovered that Chinese state-sponsored actors may have deployed malware into Indian power grids and seaports after border tensions between India-China began escalating in May last.
The alert said that it was observed that compromised e-mail IDs of NIC mail are being used to target Government of India officials. It said common users were not able to identify these phishing attacks as they originated from e-mail IDs of NIC domain and as a result, “they fall prey to such attacks and click on malicious attachments/ web links.”
The Air India breach involved details like name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data but no passwords or CVV/CVC numbers were affected.
The airline has said that it is “in liaison with various regulatory agencies in India and abroad, and has apprised them about the incident in accordance with its obligations”.