1.ATTACK ON AIIMS DEHLI
13 Cyber Attacks on India PRESENTED BY RIDA SUGHRA The server of AIIMS Delhi is Hacked since 23 November. Now, 13 Cyber Attacks on India PRESENTED BY RIDA SUGHRA have demanded Rs. 200 CRORE to be paid through #Cryptocurrency.
Services of the hospital are getting widely affected due to this Cyber Attack.
6:32 PM · Nov 28, 2022
2.WazirX Crypto Exchange Breach
WazirX, a leading Indian crypto exchange, experienced a data breach in early 2024. The WazirX cyberattack targeted one of the platform’s ‘multisig’ wallets and resulted in the theft of over $230 million. Managed by Liminal’s custody services, the wallet was compromised due to discrepancies between Liminal’s interface and actual transaction data.
Despite having robust security measures, including Gnosis Safe multisig and whitelisting policies, the attackers exploited these vulnerabilities to gain unauthorized control. WazirX has started to recover the stolen funds and halted deposits to resolve the incident.
3.BSNL Data Breach
Bharat Sanchar Nigam Limited (BSNL) experienced a major data breach, revealing sensitive information of millions of Indian users. The attack, claimed by a hacker known as ‘kiberphant0m,’ compromised over 278 giga bytes of data, including International Mobile Subscriber Identity (IMSI) numbers, SIM card details, Home Location Register (HLR) information, DP Card Data, and snapshots of BSNL’s SOLARIS servers.
4.Hyundai Motor India Data Leak
Hyundai Motor India recently fixed a data breach caused by a vulnerability in web links shared via WhatsApp messaging platform after vehicle service check is complete. The exposed data included customers’ personal information such as phone numbers, addresses, and vehicle details like registration numbers and mileage.
The flaw was in system-generated links sent to customers, which were inadvertently compromised. Hyundai’s spokesperson, Siddhartha Saikia, acknowledged the breach and assured that the company is committed to safeguarding customer data.
5.UP Marriage Assistance Scheme Fraud
A cyber fraud of over Rs.1 crore [approximately US$120,000] occurred after unidentified individuals hacked the Uttar Pradesh Marriage Assistance Scheme website. Using the ID of the Additional Labour Commissioner, the fraudsters made unauthorized payments through the Uttar Pradesh Building and Other Construction Workers Welfare Board’s web portal. This breach involved accessing the scheme’s data from the UPLMIS.in and sna.uplmis.in portals.
The hackers fraudulently disbursed funds to ineligible candidates, resulting in a loss exceeding Rs. 1,07,80,000. They submitted over 250 applications within two days and transferred money from the accounts of 196 individuals. A complaint was filed at the Cyber Crime Police Station, and instructions were given to investigate the workers and recover the stolen funds.
The Additional Labour Commissioner’s mobile number received OTPs during payments, which were likely exploited during the breach. CERT-In has responded to the breach and is investigating the incident.
6.Motilal Oswal Cyber Incident
Motilal Oswal Financial Services experienced a cyber incident that was claimed by the LockBit group, a cybercrime gang known for extorting victims by stealing and threatening to release data unless a ransom is paid. Despite the attack that involved malicious activity observed on some employees’ computers, Motilal Oswal reported that its operations remained unaffected.
7.National Disaster Management Authority (NDMA) Data Breach
A threat actor (TA), using the alias “infamous,” claimed to have breached the National Disaster Management Authority (NDMA) of India and accessed the personal data of 93,000 volunteers. The compromised data includes names, phone numbers, and other critical information. The hacker reportedly put this data up for sale on the dark web for $1,000.
The breach was first reported on June 25 on a popular hacker forum called BreachForums. Sample records dated June 2024 were provided as evidence. Despite the claims, NDMA’s website showed no visible signs of a breach. Volunteers were advised to remain vigilant against potential identity theft and fraud, given that their personal information could be misused.
8.Tamil Nadu’s Facial Recognition Portal Data Breach
Tamil Nadu police’s Facial Recognition Software (FRS) portal was breached by hackers using a Teams password and ID. Launched in October 2021, the FRS portal contains over 6 million records, including photos, names, FIR numbers, and police details, and is used by more than 46,000 department personnel across the state.
The breach was reported by an individual identified as Valerie, who demonstrated access to a sample face recognition report. The hacker used a sub-inspector’s credentials, which provided limited access, such as verifying involvement in cases. The portal’s data was not directly compromised as it interfaces with the Crime and Criminal Tracking Network & Systems (CCTNS) for verification
9.Burger Singh Website Hack
On February 27, Burger Singh’s website was compromised by ‘Team Insane PK,’ a Pakistan-siding hacker group. The attackers not only infiltrated the site but also defaced it with digital graffiti. The breach was triggered by a controversial promo code, ‘FPAK20’. In a unique response, Burger Singh chose to keep the graffiti for a day, humorously referring to it as an “open mic night for hackers.”
10.Telangana Police’s Hawk Eye App Data Breach: 2023
The Telangana police’s Hawk Eye app experienced a data breach, exposing sensitive information of approximately 200,000 citizens. The breach, attributed to hacker “Adm1nFr1end[1],” involved personal data such as phone numbers and addresses. The police were able to track the hacker and make an arrest, highlighting the importance of proactive cybersecurity measures.
11.Sun Pharma Cyber Attack: 2023
Sun Pharmaceutical Industries, a major player in the Indian pharmaceutical sector, faced a cyberattack that disrupted its operations. While the company disclosed the breach to stock exchanges, details regarding the perpetrator and extent of the data compromised remain unclear. This incident marked the third significant attack on an Indian drugmaker, raising concerns about the security of critical healthcare infrastructure and the potential impact on patient safety and data integrity.
12.Polycab Ransomware Attack: 2023
Polycab India Limited, a leading wires and cables manufacturer, reported a ransomware attack targeting its IT infrastructure. Compliant with SEBI regulations, Polycab confirmed that while the attack occurred, its core systems and manufacturing operations remained unaffected. The company is collaborating with cybersecurity experts and law enforcement to enhance its security measures and investigate the incident further.
13.Zivame Data Breach: 2022
Zivame, a popular online platform for women’s wear in India, experienced a major data breach affecting around 1.5 million customers. The personal information, including names, email addresses, and phone numbers, was offered for sale online for $500 in cryptocurrency. Investigations revealed the seller provided a sample dataset as proof of the breach, emphasizing the risks associated with personal data exposure in e-commerce platforms.
14.CloudSEK Data Breach: December 2022
In December 2022, CloudSEK, an Indian cybersecurity firm, suffered a targeted breach aimed at damaging its reputation within the cyber threat intelligence community. The attackers claimed to have accessed sensitive information, including source codes and client data, although CloudSEK denied these allegations. The breach revealed vulnerabilities in the company’s internal security practices and served as a reminder of the constant threats faced by organizations in the cybersecurity sector.
OVERALL RATIO OF CYBER ATTACK IN INDIA COMPARED TO OTHER COUNTRIES
