In a phishing attempt, several government officials were targeted by a malicious web link asking them to update their vaccination status, The Hindu reported on Wednesday. These links were sent by WhatsApp, SMS, and email and Defence Ministry officials were among those targeted, the report added.
The messages on WhatsApp and on SMS were formatted in a manner that made it seem that it was sent by the Ministry of Health and Family Welfare. It read, “As per directives of MoHFW, confirm your COVID status on https://covid19india.in and generate your vaccination certificate.”
When clicked on the link, it directed users to a “@gov.in” website that resembled the official government website “mygov.in.” On the fake page, users were asked to entire their official e-mail and password, the report stated.
Defence Ministry officials targeted
In an email to a Defence Ministry official, a Google drive link was shared in the pretence that the information was being collected regarding post-vaccination measures as part of an awareness drive. However, the link was actually a phishing attempt to access official e-mails and correspondence, the report stated.
Some officials also received phone calls from someone claiming to be from an Army Hospital and asked the official to update vaccination status by clicking on the link shared on WhatsApp, the report stated. However, phishing attempts were thwarted because the officials were sensitised to not click on the link, the report added.
Adding to the list of cyber attacks targeting the government
Last month, Air India (AI), the government’s erstwhile jewel in the sky, reported a massive data breach that compromised the personal details and information of 4.5 million customers. It is one of the most significant data breaches in recent history given that customer information stored for nearly a decade was compromised.
Earlier in March, the Indian Computer Emergency Response Team (CERT-In) issued an alert to the Ministry of Road Transport and Highways on Sunday regarding “targeted intrusion activities” with “possible malicious intentions” aimed at the Indian transport sector. This alert came a few days after CERT-In revealed that it received 26,121 reports of Indian websites being hacked in 2020, of which 59 websites belonged to central ministries/departments or to state governments.
In the months before this alert, there were several cybersecurity incidents on Indian government domains. Attackers previously used compromised government emails ending in @gov.in or @nic.in to carry out phishing scams targeting officers and luring them into sharing sensitive information. The devices of multiple former defence personnel were found to be compromised by this attack.
In February, Recorded Future, an American company that studies the use of the internet by state actors, uncovered a Chinese state-sponsored cyberattack that was targeting India’s electricity grid and power distribution systems. According to Recorded Future, Red Echo, the organization behind the attack, deployed malware known as ShadowPad. The attack was linked to the unexpected power outage that hit Mumbai in October 2020, but the government has denied any connection. The government, however, said that it is aware of ShadowPad, and has taken appropriate steps against it.
Last June, the National Highway Authority of India (NHAI) suffered a ransomware attack, although NHAI said that the attack was foiled and no data was lost.
- 52% Of Indian Companies Fell Victim To Cyber Attack Last Year: Sophos
- Nearly 12 lakh cybersecurity incidents observed in 2020: MHA
- What we know about National Cyber Coordination Centre from IT Committee report
- The Policy Changes The US Government Has Initiated To Overhaul Its Cybersecurity
- Biggest Capability Differential Between India China Lies In Cyber, Says Chief Of Defence Staff Bipin Rawat