Security News

India's government last week issued confidential information security guidelines to the 30 million plus workers it employs - and as if to prove a point, the document quickly leaked on a government website. The document, and the measures it contains, suggest infosec could be somewhat loose across India's government sector.

A Malaysia-linked hacktivist group has attacked targets in India, seemingly in reprisal for a representative of the ruling Bharatiya Janata Party making remarks felt to be insulting to the prophet Muhammad. The BJP has ties to the Hindu Nationalist movement that promotes the idea India should be an exclusively Hindu nation. According to Indian threat intelligence vendor CloudSEK and US-based security and application delivery vendor Radware, Sharma's remarks caught the attention of a Malaysia-linked group called DragonForce that has launched attacks against Indian targets and sought assistance from others to do likewise under the banner "#OpsPatuk".

The Unique Identification Authority of India has backtracked on advice about how best to secure the "Aadhaar" national identity cards that enable access to a range of government and financial serivces. Privacy concerns have also been raised over whether biometric data is properly secured stored and secured, if surveillance of individuals is made possible through Aadhaar, and and possible data mining of the schemes' massive data store.

Indian budget airline SpiceJet on Wednesday attributed delayed flights to a ransomware attack. SpiceJet said the attack was quickly contained and rectified with flights again operating normally.

Low-cost Indian airline SpiceJet has informed its customers today of an attempted ransomware attack that has impacted some of its systems and caused delays on flight departures. ImportantUpdate: Certain SpiceJet systems faced an attempted ransomware attack last night that impacted and slowed down morning flight departures today.

Indian IT shops have been handed another extraordinarily short deadline within which to perform significant infosec work. MII boards must sign off on lists of critical systems.

India's computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. "Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents to CERT-In within six hours of noticing such incidents or being brought to notice about such incidents," the government said in a release.

China-linked adversaries have been attributed to an ongoing onslaught against Indian power grid organizations, one year after a concerted campaign targeting critical infrastructure in the country came to light. Most of the intrusions involved a modular backdoor named ShadowPad, according to Recorded Future's Insikt Group, a sophisticated remote access trojan which has been dubbed a "Masterpiece of privately sold malware in Chinese espionage."

China has been accused of conducting a long-term cyber attack on India's power grid, and has been implicated in cyber attacks against targets in Ukraine. Cybersecurity firm Insikt Group found network intrusions at seven Indian State Load Dispatch Centers that conduct real-time operations for grid control and electricity dispatch, according to a report released Wednesday.

A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021. "Their primary targets have been government and military personnel in Afghanistan and India. This campaign furthers this targeting and their central goal of establishing long term access for espionage."