wordpress blog stats
Connect with us

Hi, what are you looking for?

Government officials targeted by malicious web link seeking vaccination status: Report

In a phishing attempt, several government officials were targeted by a malicious web link asking them to update their vaccination status, The Hindu reported on Wednesday. These links were sent by WhatsApp, SMS, and email and Defence Ministry officials were among those targeted, the report added.

The messages on WhatsApp and on SMS were formatted in a manner that made it seem that it was sent by the Ministry of Health and Family Welfare. It read, “As per directives of MoHFW, confirm your COVID status on https://covid19india.in and generate your vaccination certificate.”

When clicked on the link, it directed users to a “@gov.in” website that resembled the official government website “mygov.in.” On the fake page, users were asked to entire their official e-mail and password, the report stated.

Defence Ministry officials targeted

In an email to a Defence Ministry official, a Google drive link was shared in the pretence that the information was being collected regarding post-vaccination measures as part of an awareness drive. However, the link was actually a phishing attempt to access official e-mails and correspondence, the report stated.

Some officials also received phone calls from someone claiming to be from an Army Hospital and asked the official to update vaccination status by clicking on the link shared on WhatsApp, the report stated. However, phishing attempts were thwarted because the officials were sensitised to not click on the link, the report added.

Adding to the list of cyber attacks targeting the government

Last month, Air India (AI), the government’s erstwhile jewel in the sky, reported a massive data breach that compromised the personal details and information of 4.5 million customers. It is one of the most significant data breaches in recent history given that customer information stored for nearly a decade was compromised.

Earlier in March, the Indian Computer Emergency Response Team (CERT-In) issued an alert to the Ministry of Road Transport and Highways on Sunday regarding “targeted intrusion activities” with “possible malicious intentions” aimed at the Indian transport sector. This alert came a few days after CERT-In revealed that it received 26,121 reports of Indian websites being hacked in 2020, of which 59 websites belonged to central ministries/departments or to state governments.

In the months before this alert, there were several cybersecurity incidents on Indian government domains. Attackers previously used compromised government emails ending in @gov.in or @nic.in to carry out phishing scams targeting officers and luring them into sharing sensitive information. The devices of multiple former defence personnel were found to be compromised by this attack.

In February, Recorded Future, an American company that studies the use of the internet by state actors, uncovered a Chinese state-sponsored cyberattack that was targeting India’s electricity grid and power distribution systems. According to Recorded Future, Red Echo, the organization behind the attack, deployed malware known as ShadowPad. The attack was linked to the unexpected power outage that hit Mumbai in October 2020, but the government has denied any connection. The government, however, said that it is aware of ShadowPad, and has taken appropriate steps against it.

Last June, the National Highway Authority of India (NHAI) suffered a ransomware attack, although NHAI said that the attack was foiled and no data was lost.

Also Read

You May Also Like

News

Russia on Thursday passed legislation that obliges foreign tech giants to either set up a local branch or open a legal entity in the country by...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ