Hundreds of Union government officials' emails and passwords have been exposed to hackers as a result of recent data breaches of Air India, Domino's, and Big Basket, according to the government. The Hindu obtained a copy of an internal document that stated that compromised emails on government domains such as @nic.in and @gov.in are potential cyber threats because they are being exploited by "adversaries" to send malicious emails to all government users.
A malicious web link provided on WhatsApp and SMS days after the alert was sent on June 10 targeted many government offices, including Defence Ministry officials, requesting them to update their vaccination status. The message directed officials to https://covid19india.in to generate a digital certificate of COVID-19 inoculation, forwarding them to a page called "@gov.in," which looks similar to the government website mygov.in, and asking for their official e-mail and password.
According to cyber expert Rajshekhar Rajaharia, the website was hosted in Pakistan in June. “The page mentioned @nic.in email IDs to make the official believe it is a government page. The purpose seemed to be getting the e-mails and passwords of only government officials and get unauthorised access to government systems, the page does not accept any other domain such as gmail.com,” said Mr. Rajaharia.
On May 15, Air India informed passengers that its passenger service system, which is provided by multi-national IT company SITA, was the target of a sophisticated cyber-attack in the last week of February that affected nearly 45 lakh “data subjects” worldwide who registered between August 26, 2011 and February 3, 2021. Officials from the government are frequent travellers on Air India.
The alert sent to officials said, “It is intimated that recent data breaches of Air India and other companies like Domino’s, Big Basket etc. have resulted in exposure of e-mail ID and passwords of many users, which includes lots of government email IDs as well. All such compromised gov. domain emails are potential cyber threats as they are being used by the adversaries to send out malicious mails to all gov email users. It may please be noted that largely these are name based email IDs which are available with the malicious actors.”
On March 1, the Union Power Ministry announced that multiple Indian power centres had been targeted by “state-sponsored” Chinese cyber gangs. Recorded Future, a cyber security and intelligence organization based in the United States, determined that Chinese state-sponsored actors may have infiltrated Indian power grids and seaports with malware.