A private cybersecurity firm based in the US, the Insikt Group, said on Wednesday that it has found evidence that the data of an Indian media conglomerate has been hacked, possibly by a state-sponsored Chinese group, . The firm also said that a police department and the agency responsible for the country’s national identification database were also affected by the hack.
The Insikt Group, which is the threat research division of a Massachusetts-based company called Recorded Future, said in its report that it detected four IP addresses assigned to Bennett Coleman And Co. Ltd in “sustained and substantial network communications” with two Winnti servers between February and August this year.
Inskit said that the hacking group, which is being called TAG-28 for now, used the Winnti malware, which is believed to be shared exclusively in several Chinese state-sponsored activity groups.
Associated Press reported: "Insikt said it could not identify the content of that data, but noted that the company frequently publishes reports on China-India tensions, and that the hack was likely motivated by 'wanting access to journalists and their sources as well as pre-publication content of potentially damaging articles.'" Insikt said the hack could be related to "border tensions" between India and China.
Rajeev Batra, the chief information officer of BCCL, told Associated Press that the company received information about the "hack" from CERT-In, a government agency dealing with cybersecurity threats. He told the news agency that most of the data was in the "DNS queries category" and that the company's investigation had classified the incident as "non-serious alerts and false alarms".
The Inskit report said the hacking group also transferred 5 megabytes from the Madhya Pradesh police department in a similar manner. It also detected a compromise of data of the Unique Identification Authority of India, or UIDAI, which oversees the Aadhaar database.