Thursday , October 10 2024

Russian hacktivist group targets India’s health ministry

Russian hacktivist group has claimed to have breached the health management information system of India, which could contain the health data of millions of Indian citizens.

“On 15 March 2023, CloudSek’s contextual AI digital risk platform XVigil discovered a threat actor group claiming to have targeted an Indian government website,” cybersecurity firm CloudSek said in a post. “An analysis of the samples shared concluded that the affected entity is the Health Management Information System belonging to the Indian Ministry of Health.”

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Patches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its...
Read More
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Patches

Palo Alto Networks issues fix for security flaws, Including CVE-2024-9463

Palo Alto Networks released a security advisory (PAN-SA-2024-0010) about several high-severity vulnerabilities in its Expedition migration tool, with CVSS scores...
Read More
Palo Alto Networks issues fix for security flaws, Including CVE-2024-9463

Microsoft October 2024 Patch: 5 Zero-Days, 118 flaw

In its recent Patch Tuesday release, Microsoft fixed 118 vulnerabilities, including five zero-day flaws, two of which are currently being...
Read More
Microsoft October 2024 Patch: 5 Zero-Days, 118 flaw

BD CIRT alert
Lumma C2 malware attack Bangladeshi several websites

The Cyber Threat Intelligence (CTI) Unit at BGD e-GOV CIRT has discovered a malware campaign involving the Lumma Stealer family....
Read More
BD CIRT alert  Lumma C2 malware attack Bangladeshi several websites

Qualcomm Patched Multi Flaws, Including 0-day

Qualcomm's October 2024 Security Bulletin reveals critical vulnerabilities in several chipsets, including the popular Snapdragon mobile platforms and FastConnect solutions....
Read More
Qualcomm Patched Multi Flaws, Including 0-day

BD CIRT announce “Cyber Drill 2024”: Registration open

BGD e-GOV CIRT is excited to announce the Financial Institutions and Critical Information Infrastructure (CII) Cyber Drill 2024, designed for...
Read More
BD CIRT announce “Cyber Drill 2024”: Registration open

First Half Of 2024 Report
Bangladeshi 32.4% government websites face cyber attack: NAS report

National Attack Surface (NAS) report for the first half of 2024 reveals that 56.6% of cyberattacks in Bangladesh targeted educational...
Read More
First Half Of 2024 Report  Bangladeshi 32.4% government websites face cyber attack: NAS report

Prince Ransomware Hits UK and US

A new ransomware campaign is targeting individuals and organizations in the UK and US. The "Prince Ransomware" attack uses a...
Read More
Prince Ransomware Hits UK and US

CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns

CISA has issued an urgent alert about critical vulnerabilities being exploited in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM)....
Read More
CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns

A summary of “2024 State of Cybersecurity survey” by ISACA

ISACA 2024 survey report reveals that 66% of cybersecurity professionals find their jobs more stressful now than five years ago....
Read More
A summary of “2024 State of Cybersecurity survey” by ISACA

The Health Management Information System is an online portal that provides information on health indicators in India. It compiles data from state and district-level health authorities, along with data from the National Family Health Survey (NFHS), the District Level Household Survey (DLHS), and the Office of the Registrar General & Census Commissioner.

The Ministry of Health website was not accessible at the time this story was posted.

Phoenix group claims responsibility for the attack

The Russian threat actor Phoenix has claimed responsibility for the attack.

“India decided to impose sanctions against the Russian Federation. As we all know, going on the attack while not taking care of your defense is a rather stupid and risky move. Especially when your enemy is such a powerful state as the Russian Federation,” the hacktivist group wrote in a message on the Telegram encrypted messaging service.

The message from the group indicates that the attack is a consequence of India’s agreement over the oil price cap and sanctions of the Group of Twenty (G20) industrialized nations over the Russia-Ukraine war, CloudSek said.

India is set to host a G20 meeting in September. The G20 intergovernmental forum comprises 19 countries and the European Union (EU) that work toward addressing major issues related to the global economy.

Last month, India declared that it would not breach the Western sanctions on Russia, which includes a price cap of $60 imposed on oil from Moscow.

“Phoenix did not approve of the actions of the Indian government and threw his firebird feather into the most painful and unprotected place of the enemy— his medicine. In this way, we easily got access to the Indian Ministry of Health,” the hackers wrote in their post.

“We have access to every hospital, its staff and chief physicians. Phoenix can easily stop their activities at any moment,” the Phoenix group added. The hacker group has posted several samples from the HMIS website on its Telegram channel.

The hacktivist group had also conducted several polls on the Telegram channel, asking if they should retaliate on India’s decision, CloudSek said. The cyberattack could result in further attacks by similar hacktivist groups under the pretext of protesting India’s geopolitical positions, and could lead to hackers selling exfiltrated licenses, documents, and personally identifiable information on cybercrime forums. Stolen information can also be used for conducting document fraud that uses personally identifiable information and license documents, CloudSek said.

Phoenix is a part of Killnet

Phoenix is a pro-Russian hacktivist group. It joined forces with Killnet, one of the most popular and active pro-Russian hacktivist groups, last September and supported them in attacks against Japan. These groups have been targeting several countries that support Ukraine in the war.

Phoenix has targeted hospitals based in Japan and the UK before. It also targeted a US-based healthcare organization serving the US military, the Ministry of Health, the Federal Public Procurement Regulatory Authority, the Ministry of Food Control, the Supreme Court, the Ministry of Home Affairs, and a number of other departments of Pakistan, CloudSek said.

Russian government-backed attackers ramped up cyberattacks in 2021 during the run-up to the invasion of Ukraine, according to a report from Google’s Threat Analysis Group. In 2022, Russia increased the targeting of users in Ukraine by 250% compared to 2020, and the targeting of users in NATO countries increased by over 300% in the same period, Google said.

As a precautionary measure, CloudSek is advising government agencies to be on the alert for anomalies in user accounts, which could indicate possible account takeovers, using load balancer and DDoS protection services, and blocking unnecessary IP addresses and geolocations.

Check Also

Malware

Researchers detected 31 new Malware in September

In September, cybersecurity experts discovered 31 new ransomware variants that threaten individuals and businesses. These …

Leave a Reply

Your email address will not be published. Required fields are marked *