This could be the biggest breach affecting Indian organizations, Global IT security firm Quick Heal’s Enterprise Security brand Seqrite Cyber Intelligence Labs along with its partner seQtree InfoServices has tracked an advertisement on DarkNet announcing secret access to the servers and database dump of over 6000 Indian businesses – ISPs, Government and private organisations banks and enterprises.
It has identified the affected organisation as India’s National Internet Registry: IRINN(Indian Registry for Internet Names and Numbers) which comes under National Internet Exchange of India (NIXI).
Below is the list of organisations whose services may be at risk are:
|Indian Government||Telecom/ ISPs||Financial Organisations||Technology Firms|
|UIDAI (Aadhaar)||Idea Telecom||Bombay Stock Exchange (BSE)||Flipkart|
|DRDO||Aircel||Mastercard / Visa||Ernst & Young (E&Y)|
|Reserve Bank of India||BSNL||SBI||TCS|
|ISRO Satellite Centre (ISAC)||Spectranet||ICICI Prudential Mutual Fund||VMWare|
|Employees’ Provident Fund Organisation||Hathway||BNY Mellon||eClerx|
|Various Indian state government portals (e.g. Maharashtra Online, MP Online)||Sify||IDBI Bank||Zoho|
|Vikram Sarabhai Space Centre||Tikona||Federal Bank|
|National Centre for Antarctic and Ocean Research||Royal Bank of Scotland|
As a precautionary measure, Seqrite Intelligence Labs has reached out to Government authorities and Asia Pacific Network Information Centre (APNIC) with a strong recommendation to alert all potentially affected organisations and urge them to change passwords and get their servers and systems patched with latest updates.
The advertisement on the Dark net forum posted by the hacker(s) reads:
“As mentioned in the title, selling database of one of the biggest Internet Protocol controller.
In client Database you can get username, email ids, passwords, organisation name, invoices/billing documents, and few more important fields. You can also control IP range of respective organisation. You can entirely shut down that organisation.
Selling it for 15 BTC.”
The hacker as stated above priced the information at 15 Bitcoins and is offering network takedown of affected organizations for an unspecified amount.15 Bitcoins at the current exchange rate comes up to over $64,000 or Rs 41.8 lakh.
If the hacker gets an interested buyer, then an attack on the system could disrupt Internet IP allocation and affect Internet services in India.Along with the access, the hacker is also selling credentials, PII and various contractual business documents and claims to have access to a large database of Asia Pacific Network Information Centre (APNIC).
The company said that on noticing the broadcast advertisement, the team realised that the persona was created recently – an ongoing trend seen with other recent data breaches. They then contacted the actor for further details, posing as an interested buyer, and were finally able to get a sample of the email list.
Seqrite said that if the database was sold, then an attack on the system could disrupt Internet IP allocation and in-turn affect Internet services in India.