Currently, there is no further information regarding the methods and motivations used by Indonesian hacktivists to carry out attacks against Indian sites. The amount of information and data released by this group of hackers is also unknown, as is the full list of sites attacked.
This attack by a group of hackers is not the first time this has happened. In April 2023, the same group claimed to have carried out attacks on more than 12,000 Indian websites, including one of the country’s largest financial services banks, ICICI Bank.
According to a cybersecurity notification issued by the Centre, a group of Indonesian hackers allegedly targeted 12,000 government websites in India. The Indian Cyber Crime Coordination Center (I4C), part of the Ministry of Home Affairs, issued an alert on Thursday, as reported by Moneycontrol.
The guidelines encourage concerned officials to take precautionary measures and state that they “recognize that state and central government websites are potential targets”.
The All India Institute of Medical Science (AIIMS) system suffered severe damage due to a massive ransomware attack last year, which made its central records inaccessible outside other hospital departments.
A total of 19 ransomware attacks against various government organizations were reported to the Indian government in 2022, approximately three times more than the previous year.
According to the I4C notification, an Indonesian “hacktivist” organization carried out distributed denial of service (DDoS) and denial of service (DoS) attacks. A DDoS attack occurs when a computer network is intentionally brought down by flooding with data sent simultaneously from many different computers.
The hacktivist group, which involves state and central government websites, has reportedly published a list of websites it claims to target, as per the advisory.
Government employees should be careful to avoid social engineering scams after receiving this warning; They should also be careful not to click on unknown links or emails as this could compromise the security of sensitive websites. Additionally, they need to ensure that all software updates are up to date, according to Anand Prakash, founder and CEO of cybersecurity company Pingsafe.
Malaysian hacktivist groups also targeted Indian government websites last year due to political unrest sparked by statements directed against the Prophet Muhammad. Many official Indian websites, including the Indian Embassy in Israel (indembassisrael[.]government[.]in) and the National Institute of Agricultural Extension Management, were hacked by a Malaysian hacker group called DragonForce (manage[.]government[.]In). The attack took place in response to problems arising from statements by an Indian Hindu priest considered insulting to Islam.
Hacking of government sites by hacker groups is irresponsible and unacceptable. Such hacks can cause serious damage, both to governments and to society as a whole. This violates data privacy and security, disrupts government operations, and creates instability in the digital environment.
Governments and cybersecurity agencies must take serious measures to prevent such attacks and track down and punish their perpetrators. Cybersecurity must be considered a top priority in the digital age. Collaboration between countries and significant efforts to strengthen prevention and enforcement measures are necessary to protect digital infrastructure from hacking attacks.
Additionally, it is important for governments and related entities to continually improve the security of their systems and protect sensitive data using strict security measures. This includes updating software, securing the network, enforcing strict security policies, and hiring competent cybersecurity experts.