CERT-In probing potential data breaches at India's PMO and EPFO

By Dwaipayan Roy 02:13 pm Feb 21, 202402:13 pm

What's the story India's government is looking into potential data breaches involving the Prime Minister's Office (PMO) and the Employees' Provident Fund Organisation (EPFO). The Indian Computer Emergency Response Team (CERT-In) is on the case. A social media user claimed that leaked documents from Chinese cyber firms on GitHub, contained data from these organizations. A government official stated, "We are aware of it but need to verify if the claims being made are correct."

Leaked documents on GitHub raise concerns

The GitHub leak reportedly exposed a spyware project by Chinese infosec firm I-Soon, targeting social media platforms, telecom companies, and various global organizations. Cybersecurity experts are working to confirm the authenticity of these claims. One expert said, "The tracker maintained by the attackers claimed to have access to one of the servers. Except for the claims, there is no proof." There are suspicions that the Chinese government may be behind these activities.

China involvement speculated by researchers

According to Taiwanese researcher Azaka Sekai, the leaked docs reveal China's offensive cyber operations, including I-Soon's spyware usage. The documents allegedly show that attackers can target iOS and Android devices, extracting sensitive data like hardware details, media files, GPS data, contacts, and live audio recordings. Devices resembling portable batteries from a well-known Chinese manufacturer are believed to be used for injecting targeted Android phones via WiFi signals.

India faces rising cyberattacks

India has seen a significant increase in cyberattacks on organizations like the Indian Council of Medical Research (ICMR), state-run Bharat Sanchar Nigam (BSNL), and Taj Hotels. State-sponsored cyberattacks against India rose by 278% between 2021 and September 2023. The 2023 India Threat Landscape Report by Singapore-based cybersecurity firm Cyfirma, states that India is the world's most targeted country, accounting for 13.7% of all cyberattacks. US follows at 9.6%, Indonesia at 9.3% and China at 4.5%.