VIF Cyber Review: October 2022
Anurag Sharma, Senior Research Associate, VIF

NATIONAL

Tata Power’s IT infrastructure suffered a cyber-attack; critical systems were not disrupted

On 14 October 2022, Tata Power announced that their IT infrastructure dealt with a cyber-attack and some systems were impacted. The cyber-attack targeted its IT infrastructure, but the critical systems have not been disrupted. “The Company has taken steps to retrieve and restore the systems. All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer-facing portals and touchpoints,” said Tata Power’s spokesperson.

India’s Power Minister R K Singh informed the Press in April 2022 that Chinese hackers had twice failed to target electricity distribution centres near Ladakh. A Chinese state-sponsored hacking group targeted at least seven Indian State Load Despatch Centres (SLDCs) responsible for real-time grid control and electricity dispatch near the disputed India-China border in Ladakh.[1]

CERT-In and Power-CSIRT jointly organised a cyber security exercise— “PowerEX-2022”.

On 12 October 2022, the Indian Computer Emergency Response Team (CERT-In) and Power-CSIRT (Computer Security Incident Response Teams in the Power sector) jointly organised a cyber security exercise— PowerEX-2022 and invited 193 Power sector utilities. The objective of the exercise was to “Recognise, Analyse and Respond to cyber incidents in IT and OT (Operational Technology) Systems”.

CERT-In hosted PowerEX-2022 on its exercise simulation platform with the theme "Defending Cyber-Induced Disruption in IT & OT Infrastructure." The cyber security exercise involved over 350 officials from various Power sectors.[2]

CBI-led ‘Operation Chakra’ dismantled cybercrime networks operating in India.

In a joint operation— ‘Operation Chakra’ launched in collaboration with State police, Interpol, and various agencies of other nations, the Central Bureau of Investigation (CBI) dismantled cyber-crime networks operating in India and arrested 16 cyber-criminals. Acting upon the inputs shared by the Interpol, the US’ Federal Bureau of Investigation (FBI), Canada’s Royal Canadian Mounted Police (RCMP), and Australian Federal Police (AFP), the CBI, in coordination with State police, carried out search operations at 115 locations across India.

Out of 115 locations, the CBI carried out searches at 87 locations, including 16 States, whereas 28 locations were searched by various State police, including 02 locations by Assam police, 04 locations by Andaman & Nicobar Police, 03 locations by Chandigarh police, 05 places by Delhi police, 12 locations by Karnataka police, and 02 locations by Punjab police. “The operation intends to dismantle the infrastructure of these international cyber-crime gangs in India and bring these perpetrators to justice. India’s fight against transnational organised cyber-crime has thus achieved a major milestone,” read the statement released by the CBI.

During the searches, the CBI unearthed 02 Call Centres in Pune & Ahmedabad and recovered cash worth ₹ 1.8 crores (approx.) and 1.5 kg gold (approx.).[3]

For a free, open, trustworthy, and accountable internet, the Government of India (GoI) announced amendments to the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021.

While addressing the media members on 28 October 2022, the Minister of State for Electronics & Information Technology— Rajeev Chandrasekhar, said that protecting the Constitutional rights of Indian citizens is a must and that Indian Prime Minister Narendra Modi is a trustee of the rights of citizens and Digital Nagriks. The minister addressed the media members about the amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021.

The Ministry of Electronics and Information Technology (MeitY) notified these amendments aimed at protecting the rights of Digital Nagriks as part of a significant push toward an Open, Safe, Trusted, and Accountable Internet. It also strengthens due diligence requirements while holding accountable social media and other intermediaries. They were notified in light of complaints about the intermediaries’ actions or inactions on user complaints about objectionable content or the suspension of their accounts. Intermediaries will now be expected to ensure that no content is uploaded that intentionally communicates misinformation or information that is patently false or untrue, entrusting intermediaries with significant responsibility. The rules also make it clear that the intermediary must respect the rights guaranteed to Indian citizens under Articles 14, 19, and 21 of the Indian Constitution. [4]

The amended rules are hosted on the Ministry’s website and are available at: Click here to read...

UNCTC adopted the Delhi Declaration on Countering the Use of New and Emerging Technologies for Terrorist Purposes.

On 29 October 2022, the Delhi Declaration on the use of the Internet and other technologies for terrorist objectives was unanimously endorsed by the UN Counter-Terrorism Committee (UNCTC). According to the proclamation, one of the biggest challenges to global peace and security is terrorism, in all of its expressions and forms. As one of the essential takeaways, India now intends to carry out the recommendations based on the three Counter-Terrorism Committee (CTC) special meeting themes. These include:

  • Threats and opportunities related to new payment technologies and fundraising methods,
  • Countering terrorist exploitation of ICT and emerging technologies, and
  • Threats posed by terrorist misuse of Unmanned Aerial Systems (UAS).

As a result of terror infiltration on its soil from neighbouring Pakistan, India reaffirmed its commitment to combat terrorism in collaboration with key global players at the summit. Terrorists have stepped up their use of the internet and other IC technologies, including social media platforms. India also recognised the risks and difficulties of financial technology developments, like crowdfunding platforms, being misused to fund terrorism.[5]

INTERNATIONAL

Cyber-attack on Chile’s astronomical observatory raised concerns about the security of space tech.

On 29 October 2022, the Atacama Large Millimetre Array (ALMA), a Chilean astronomical observatory, was the victim of a cyber-attack and had to halt operations. The attack had affected the observatory’s computer systems and targeted its public website. The attack did not affect ALMA's scientific data or antennas, but it prevented space observations and limited access to its email servers. Around 66 Radio Telescopes (RTs) make up the ALMA observatory, which is estimated to be worth USD 1.4 billion. These RTs can record high-definition (HD) photos of the extremely faint radio waves generated by far-off celestial objects that are 13 billion light years away.

“Beating one of the world’s most powerful observatories offline demonstrates that cyber-attackers are dogged in their pursuit to disrupt, run reconnaissance efforts, or lift valuable data or IP addresses,” said Josh Lospinoso, the CEO of a cyber security firm— Shift5. Space is another frontier for cyber-attacks, with hackers targeting the space industry for geopolitical and militaristic reasons.[6]

A cyber-attack disrupted Bulgarian government websites over ‘betrayal to Russia’.

According to Bulgaria’s Prosecutor-General Ivan Geshev, on 15 October 2022, pro-Russian hackers carried out a ‘large-scale’ DDoS (Distributed Denial-of-Service) attack on Bulgarian government websites. The websites of the Presidential Administration, the Defense Ministry, the Interior Ministry, the Justice Ministry, and the Constitutional Court were all taken down by the DDoS attack.

Killnet, a pro-Russian hacking group, claimed responsibility for the attack and wrote on its official group on the Telegram app that “the government of Bulgaria is sentenced to network collapse and shame. It was a punishment for betrayal to Russia and the supply of weapons to Ukraine.” Since the beginning of the Russia-Ukraine conflict, the Killnet group has been active. Numerous government networks in Europe, including those in Romania, Italy, Lithuania, Norway, Poland, Finland, and Latvia, were among the dozens of targets the group previously targeted. Although the DDoS attack on the Bulgarian websites had no lasting effects and no private information was exposed, it still sparked a significant response from Bulgarian government officials. The Prosecutor-General Geshev described it as “a severe issue” and “an attack on the state of Bulgaria.”[7]

Chinese cyber-espionage group “WIP19” targeted telecoms and IT service providers in West Asia and Asia.

According to the reports of a cyber security firm— SentinelOne, a new Chinese cyber-espionage group identified as WIP19 has been targeting telecoms and IT service providers based in West Asia and Asia by using stolen certificates to sign several malicious components. To date, the APT (Advanced Persistent Threat) group WIP19 uses malware families such as ScreenCap, SQLMaggie, and a credential dumper. “The stolen certificate was used to sign all of the threat actor's credential harvesting tools, including a password dumper that relied on open-source code to load an SSP to LSASS and dump the process.

WIP19 was also observed loading a keylogger and a screen recorder using DLL search order hijacking. The keylogger primarily targets the victim's browser to collect credentials and other sensitive data,” read the statement released by SentinelOne. The backdoor was masked as a legitimate DLL registered to the MSSQL Server in SQLMaggie attacks to provide the attackers with control over the server machine and to perform network reconnaissance.[8]

Turkey’s new law against disinformation raised deep concerns over free speech.

On 13 October 2022, the Turkish parliament adopted a new law proposed by President Tayyip Erdogan, which would jail journalists and social media users for up to three years for spreading ‘disinformation’. In parliament, President Erdogan’s AK Party (AKP) and its allies MHP voted to approve the bill, whereas MPs in opposition and media rights activists opposed it.

Article 29 of the law state that “those who spread false information online about Turkey’s security to create fear and disturb public order will face a prison sentence of one to three years.”[9] However, the law did not define the nature of false or misleading information.

Turkey ‘secretly’ assisted Pakistan in establishing a cyber army against India and the US.

According to Nordic Monitor's findings, Pakistan established a cyber army with the assistance of Turkey in order to influence public opinion and the views of Muslims living in South/South-East Asia, attack India and the United States (US), and undermine criticism levelled against Pakistan establishment. Further, the findings revealed that the proposal to form such an army was raised during private talks between visiting Turkish Interior Minister Suleyman Soylu and his Pakistani counterpart— former Minister of State for Interior— Shehryar Khan Afridi, on 17 December 2018. On the same day, Minister of State for Interior— Afridi met former Pakistan Prime Minister (PM) Imran Khan, who later green-lighted the project.

According to sources acquainted with the project, the covert activity was disguised under the bilateral agreement on cooperation against cyber-crime, whereas in reality, it was against perceived influence operations pursued by India, the US, and other foreign countries. Responding to Pakistan’s request to set up the cyber army, Turkey sent five police chiefs from various departments in the Security General Directorate (Emniyet). The five-member team spent months in Pakistan getting the project off the ground and eventually finishing it. The cooperation has since continued under successive governments, with Turkey training approximately 6,000 Pakistani police officers for this and other related projects.[10]

Japan and Australia strengthen their security pact in response to China’s threat.

On 22October 2022, Japan and Australia signed a new bilateral agreement covering military, intelligence, and cyber security cooperation. The agreement also referred to cooperation in resisting economic coercion and disinformation, which China is widely accused of. The bilateral agreement is the first of its kind where Japan signed with any country other than the United States (US). The agreement covers military interoperability, intelligence, cyber security, operations in space, law-enforcement, logistics and protecting telecommunications. “This new declaration…will chart the direction of our security and defence cooperation in the next 10 years,” said Japanese Prime Minister Fumio Kishida.[11]

Endnotes :

[1] Greig, Jonathan. “Indian energy company Tata Power announces cyberattack affecting IT infrastructure”, The Record, 14 October 2022, accessed on 02 November 2022, available from: https://therecord.media/indian-energy-company-tata-power-announces-cyberattack-affecting-it-infrastructure/
[2] “CERT-In and Power-CSIRTs jointly conduct Cyber Security Exercise ‘PowerEX-2022”, Press Information Bureau- Ministry of Electronics & IT, 13 October 2022, accessed on 01 November 2022, available from: https://pib.gov.in/Pressreleaseshare.aspx?PRID=1867348
[3] “Press Release”, Central Bureau of Investigation, 04 October 2022, accessed on 02 November 2022, available from: https://cbi.gov.in/press-detail/NTI3Ng==
[4] “Press Release”, Ministry of Electronics and IT, 29 October 2022, accessed on 01 November 2022, available from: https://www.pib.gov.in/PressReleasePage.aspx?PRID=1871840
[5] “Press Release”, Ministry of External Affairs, 29 October 2022, accessed on 01 November 2022, available from: https://mea.gov.in/bilateral-documents.htm?dtl/35840/Delhi_Declaration_on_countering_the_use_of_new_and_emerging_technologies_for_terrorist_purposes ; Majeed, Zaini. “UN Counter-Terrorism Committee Adopts Delhi Declaration; Key Takeaways Here”, Republic World, 29 October 2022, accessed on 01 November 2022, available from: https://www.republicworld.com/world-news/rest-of-the-world-news/united-nations-counter-terrorism-committee-adopts-delhi-declaration-articleshow.html
[6] Antoniuk, Daryna. “cyberattack on observatory in Chile raises concerns about security of space tech”, The Record, 07 November 2022, accessed on 10 November 2022, available from: https://therecord.media/cyberattack-on-observatory-in-chile-raises-concerns-about-security-of-space-tech/?utm_source=substack&utm_medium=email ; “Chilean astronomical observatory hit by cyberattack”, SC Media, 08 November 2022, accessed on 10 November 2022, available from: https://www.scmagazine.com/brief/breach/chilean-astronomical-observatory-hit-by-cyberattack
[7] Antoniuk, Daryna. “cyberattack disrupts Bulgarian government websites over ‘betrayel to Russia’”, The Record, 18 October 2022, accessed on 02 November 2022, available from: https://therecord.media/cyberattack-disrupts-bulgarian-government-websites-over-betrayal-to-russia/
[8] Arghire, Ionut. “New Chinese cyberespionage group WIP19 targets telecos, IT service providers”, SecurityWeek, 13 October 2022, accessed on 09 November 2022, available from: https://www.securityweek.com/new-chinese-cyberespionage-group-wip19-targets-telcos-it-service-providers
[9] “Turkey’s parliament adopts media law jailing those spreading ‘disinformation’”, Reuters, 14 October 2022, accessed on 08 November 2022, available from: https://www.reuters.com/world/middle-east/law-that-would-jail-those-spreading-disinformation-progresses-turkey-2022-10-13/
[10] Bozkurt, Abdullah. “Turkey helped Pakistan set up a secret cyber army for influence operation against US, India”, Nordic Monitor, 24 October 2022, accessed on 31 October 2022, available from: https://nordicmonitor.com/2022/10/turkey-helped-pakistan-set-up-a-secret-cyber-army-for-influence-operation-against-us-india/
[11] “Japan, Australia upgrade security pact against China threat”, CNBC, 23 October 2022, accessed on 16 November 2022, available from: https://www.cnbc.com/2022/10/23/japan-australia-upgrade-security-pact-against-china-threat.html

Contact Us