India downplays Chinese hacking report targeting its media, national identification database


(, Sep23’21) – While India has downplayed it, a US-based private cybersecurity company has said Sep 22 that it had uncovered evidence that an Indian media conglomerate, a police department, and the agency responsible for the country’s national identification database had been hacked, likely by a state-sponsored Chinese group.

The Insikt Group, the threat research division of Massachusetts-based Recorded Future, said the hacking group, given the temporary name TAG-28, had made use of Winnti malware, which it said is exclusively shared among several Chinese state-sponsored activity groups, reported Reuters Sep 23.

Nothing that relations between China and India already remain seriously strained by a border dispute that has led to clashes this year and last year, the report cited the Insikt Group as suggesting in its report that the cyberattack could be related to those border tensions.

The group was quoted as saying in its report, “As of early August 2021, Recorded Future data shows a 261% increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian organizations and companies already in 2021 compared to 2020.”

It has spoken of having detected four IP addresses assigned to the Bennett Coleman And Co. Ltd., India’s largest media conglomerate best known for the Times of India daily newspaper and the Times Now TV channel, in “sustained and substantial network communications” with two Winnti servers between February and August. Approximately 500 megabytes of data had been extracted from the network, the group has said.

But Rajeev Batra, chief information officer for Bennett Coleman, has said the company’s own investigation of the hack classified the incident as “non-serious alerts and false alarms.”

The group has also spoken of having detected about 5 megabytes of data transferred in a similar fashion from the police department of Madhya Pradesh state, whose chief minister, Shivraj Singh Chouhan, had called for a boycott of Chinese products after the Jun 2020 border clashes with India.

The group has also spoken of having identified a compromise in June and July of the Unique Identification Authority of India, or UIDAI, the government agency that oversees the national identification database.

In that case, the group has detected about 10 megabytes of data downloaded from the network and almost 30 megabytes uploaded, “possibly indicating the deployment of additional malicious tooling from the attacker infrastructure,” the report said.

However, the UIDAI has told the Associated Press that it had no knowledge of a “breach of the nature described.”

“UIDAI has a well-designed, multi-layered robust security system in place and the same is being constantly upgraded to maintain the highest level of data security and integrity,” the agency has said.


Please enter your comment!
Please enter your name here