Dragon Force, a Malaysian hacktivist group, has called upon hackers around the world to target the Indian government’s information technology (IT) infrastructure with cyber attacks. On June 10, the group expressed its intent via a post on its Twitter, terming this move as a “special operation”.
The hacktivist group’s move seemingly comes after members of India’s Bharatiya Janata Party (BJP), Nupur Sharma and Naveen Kumar Jindal, made comments against Islam, and the religion’s leader Prophet Muhammad. While Sharma has since been suspended, Jindal has been expelled.
A hacktivist group such as Dragon Force seeks to use cyber attacks as a way to raise awareness and protest against a party, buoyed by a motive. Anonymous is by and large one of the most popular examples of hacktivism.
Since its announcement, Dragon Force has posted multiple instances of what they claim are breaches of various websites and departments in India. The company claims to have taken down the services of a popular web hosting company in India, called Hostnet India, which in turn have led to multiple companies’ websites being brought down.
Some of these websites include Nagpur’s Institute of Science, as well as other educational institutes and organizations – mostly from the Maharashtra region. While these sites were hacked and replaced with a message from the group, the latter has since been taken down – although the websites remain unavailable at the time of publishing.
Dragon Force also published a list on Twitter, which it claimed was a database containing information belonging to members of the Indian government. However, the email addresses listed on the purported database appeared to contain personal addresses – and no official ones.
Nagpur City Police cyber inspector, Nitin Phatangare, said in a report with the Press Trust of India that more such incidents have been reported – including ones in Mumbai over the weekend.
Darshit Ashara, principal threat researcher at Singapore-based cyber security firm CloudSEK, said that the Indian government should not take the Dragon Force threat lightly, and urged official departments to “nullify the low-hanging fruit that threat actors typically use as initial vectors to initiate attacks.”
These vectors, as Ashara said, include “malware logs, misconfigured applications, default passwords, unpatched or outdated servers and other assets, and previously leaked databases being sold on the dark web.”