Intelligence agencies flag major cyber-security breach in Indian military

Intelligence agencies have reportedly exposed a major cyber-security breach in the Indian military setup allegedly involving military officials with suspected links to enemy countries. 

The defence sources told ANI that the breach has been reported on certain WhatsApp groups. The sources added that immediate action has been taken against the officials facing the allegations after the breach was found and an inquiry, which has been promptly ordered, is in progress. 

“Acts of infringements to existing orders especially involving counterintelligence matters, by military officials, are dealt with strictest possible manner, as they are subject to Official Secrets Act,” it said. 

Cyber espionage, especially involving military and politicians, is one of the biggest threats that Indian government is currently dealing with from some of the hostile neighbouring countries. India has climbed to the top five cyber hit targets for cyber espionage in APAC region as per a recent Kaspersky Research. 

“Similar to the US Govt, Indian Govt should also implement Zero trust, multi-factor authentication (MFA) and other authentication mechanisms to safeguard from unauthorised access. All public assets and critical digital infrastructure should be covered under zero trust approach to avoid lateral movement of cyberattacks which can minimize the spread of attack,” said Sandip Panda, CEO at Instasafe. 

“Due to sensitivities involved and the nature of the investigation, we would request to avoid speculation on the nature of the breach or seeking out personnel involved as it would compromise the ongoing investigations into the case,” said the sources, adding that the strictest possible action would be taken against all the officials who are found guilty in the ongoing investigations. 

In recent times, suspected Pakistani and Chinese intelligence operatives have been attempting to engage with military personnel on social media platforms in an effort to gain sensitive information from them on the military and its activities. Even though the majority of their attempts fail, they have been able to extract information from some of the military personnel who fall into their trap. 

Panda advised, “Often these state sponsored hackers use social engineering tactics which lure users to download malicious file attachments or click malicious links to install spyware within their mobile devices. It is always advisable to not to click unknown links or download any unknown files from any untrusted source. Also, using different devices for personal and professional use can greatly reduce the attack probability.” 

According to a report published this month by VPN firm Surfshark, over 18 million users were breached worldwide in Q1 2022.

Russia had the most breaches in the first quarter, the study showed. It was likely because internet activist group Anonymous declared a cyberwar on the country as a response to its invasion of Ukraine. India too remained remains among the top five target nations for hackers. The study revealed that 6,75,000 Indian users were breached this quarter while 1.77 million users’ data was hacked in Q4 2021.

This includes pools of leaked emails, passwords, and even more sensitive data from corporate and government agencies. These are sold on the dark web to be later used in phishing attacks, ransomware, or even identity theft.