PUNE (TIP): In what could be the biggest breach affecting Indian organizations, Seqrite Cyber Intelligence Labs along with its partner Qtree InfoServices has tracked an advertisement on DarkNet announcing secret access to the servers and database dump of over 6000 Indian businesses – ISPs, Government and private organizations.
It has identified the affected organization as India‘s National Internet Registry: IRINN (Indian Registry for Internet Names and Numbers) which comes under National Internet Exchange of India (NIXI).
As a precautionary measure, Seqrite Intelligence Labs has reached out to Government authorities and Asia Pacific Network Information Centre (APNIC) with a strong recommendation to alert all potentially affected organizations and urge them to change passwords and get their servers and systems patched with latest updates.
The hacker has priced the information at 15 Bitcoins and is offering network takedown of affected organizations for an unspecified amount.
According to the researchers, the seller claims to have the ability to tamper the IP allocation pool, which could result in a serious outage or Denial of Service (DoS) like condition. This could impact various CDN and hosting providers as well. If the hacker gets an interested buyer, then an attack on the system could disrupt Internet IP allocation and affect Internet services in India. Along with the access, the hacker is also selling credentials, PII and various contractual business documents and claims to have access to a large database of Asia Pacific Network Information Centre (APNIC).
Seqrite Cyber Intelligence Labs is the DarkNet monitoring division of Seqrite, the enterprise security solutions brand of cyber security firm Quick Heal Technologies.
The company said that on noticing the broadcast advertisement, the team realized that the persona was created recently – an ongoing trend seen with other recent data breaches. They then contacted the actor for further details, posing as an interested buyer, and were finally able to get a sample of the email list.
The sample shared included the email address of a prominent Indian technology firm and another from the Indian government; eventually, a list of about 6000 emails was shared which led them to believe that the compromised database was frim IRINN. Seqrite said that if the database was sold, then an attack on the system could disrupt Internet IP allocation and in-turn affect Internet services in India.
(Source: PTI)