India’s National Internet Registry hacked, 6000 entities are at risk

This could be the biggest breach affecting Indian organizations, Global IT security firm Quick Heal’s Enterprise Security brand Seqrite Cyber Intelligence Labs along with its partner seQtree InfoServices has tracked an advertisement on DarkNet announcing secret access to the servers and database dump of over 6000 Indian businesses – ISPs, Government and private organisations banks and enterprises.

It has identified the affected organisation as India’s National Internet Registry: IRINN(Indian Registry for Internet Names and Numbers) which comes under National Internet Exchange of India (NIXI).

Below is the list of organisations whose services may be at risk are:

Indian Government Telecom/ ISPs Financial Organisations Technology Firms
UIDAI (Aadhaar) Idea Telecom Bombay Stock Exchange (BSE) Flipkart
DRDO Aircel Mastercard / Visa Ernst & Young (E&Y)
Reserve Bank of India BSNL SBI TCS
ISRO You Broadband HDFC Wipro
ISRO Satellite Centre (ISAC) Spectranet ICICI Prudential Mutual Fund VMWare
Employees’ Provident Fund Organisation Hathway BNY Mellon eClerx
Various Indian state government portals (e.g. Maharashtra Online, MP Online) Sify IDBI Bank Zoho
Vikram Sarabhai Space Centre Tikona Federal Bank
National Centre for Antarctic and Ocean Research Royal Bank of Scotland
Edelweiss Tokio
Dena Bank
Canara Bank

As a precautionary measure, Seqrite Intelligence Labs has reached out to Government authorities and Asia Pacific Network Information Centre (APNIC) with a strong recommendation to alert all potentially affected organisations and urge them to change passwords and get their servers and systems patched with latest updates.

The advertisement on the Dark net forum posted by the hacker(s) reads:

As mentioned in the title, selling database of one of the biggest Internet Protocol controller.

In client Database you can get username, email ids, passwords, organisation name, invoices/billing documents, and few more important fields. You can also control IP range of respective organisation. You can entirely shut down that organisation.

Selling it for 15 BTC.”

The hacker as stated above priced the information at 15 Bitcoins and is offering network takedown of affected organizations for an unspecified amount.15 Bitcoins at the current exchange rate comes up to over $64,000 or Rs 41.8 lakh.

If the hacker gets an interested buyer, then an attack on the system could disrupt Internet IP allocation and affect Internet services in India.Along with the access, the hacker is also selling credentials, PII and various contractual business documents and claims to have access to a large database of Asia Pacific Network Information Centre (APNIC).

The company said that on noticing the broadcast advertisement, the team realised that the persona was created recently – an ongoing trend seen with other recent data breaches. They then contacted the actor for further details, posing as an interested buyer, and were finally able to get a sample of the email list.

Seqrite said that if the database was sold, then an attack on the system could disrupt Internet IP allocation and in-turn affect Internet services in India.


Jahnavi M

Vulnerability analyst, Technical Writer, Security Blogger, Co-founder—SecKurity

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: