Mumbai The National Informatics Centre (NIC), a central government agency which provides Information Technology (IT) infrastructure to all government agencies, is the latest target of Chinese hackers.
A research report by a private cybersecurity agency revealed that the hackers were spoofing NIC portals to steal login credentials of Indian government employees.
Apart from a wide range of cyber and IT related functions, the NIC is the default email service provider for all government agencies, with an ‘nic.in” email id.
Last week, Recorded Future, a US-based cyber intelligence firm, released its report on the activities of RedAlpha, a hacker group said to be backed by Chinese state actors.
According to the report, RedAlpha has been targeting government agencies across Asia over the last three years, and one of their chief targets is India.
“Since at least 2015, RedAlpha has consistently registered and weaponised large amounts of domains for use in credential-theft campaigns. These domains typically imitate well-known email service providers and spoof specific organisations that are either directly targeted in RedAlpha activity or that can be used to impersonate those organisations in activity targeting proximate organisations and individuals. In 2021, we noted a significant uptick in the volume of domains registered by the group, totalling over 350,” the report states.
It goes on to explain how RedAlpha has been creating spoofed web pages imitating the NIC portal, which Indian government employees use to log in to their official emails. As soon as a target enters their ID and password, it is captured and sent to the Command-and-Control server. These same login credentials are then used to hack into the targets’ email accounts and steal information as well as further disseminate links to spoofed pages. Coming from legitimate email accounts, the spoof links carry more credibility and hence have a higher chance of netting more targets.
RedAlpha is likely attributable to contractors conducting cyber-espionage activity on behalf of the Chinese state. This assessment is based on the group’s consistent targeting in line with the strategic interests of the Chinese Communist Party (CCP), historical links to personas and a private company situated in the People’s Republic of China (PRC), and the wider regularly documented use of private contractors by Chinese intelligence agencies,” Recorded Future has stated in their report.
Call and text messages to deputy director general Manoj Mishra of the NIC did not yield any response.