Russian hackers target Indian health ministry's website: Report

A Russian hacker group reportedly targeted the Indian Health Ministry website and infiltrated its Health Management Information System (HMIS). 

According to researchers at cyber-security firm CloudSEK, the pro-Russian hacker group called Phoenix allegedly compromised the HMIS Portal and had access to the data of employees and chief physicians of all the hospitals in the country.  

“The motive behind this target was the sanctions imposed against the Russian Federation where Indian authorities decided not to violate the sanctions as well as comply with the price ceiling for Russian oil approved by G7 countries,” CloudSEK’s contextual AI digital risk platform XVigil data revealed.  

The cyber security firm added that the decision resulted in multiple polls on the telegram channel of the Russian Hacktivist Phoenix asking the followers for their votes.  

According to security researchers, the Russian threat actors may sell exfiltrated license documents and personal identifiable information (PII) on cybercrime forums and conduct document fraud using PII and license documents.  

Phoenix has been seen active since January last year and was observed using social engineering techniques to lure the victims in a phishing scam thereafter stealing the passwords and gaining access to its victims' bank or e-payment accounts. The report further said that the group has conducted a series of distributed denial-of-service (DDoS) attacks against multiple entities in the past one year.  

Phoenix has also been engaged in hardware hacking, unlocking lost or stolen iPhones and reselling them in Kiev and Kharkiv through a network of controlled outlets.  

The Russian Hactivist group has earlier attacked hospitals based in Japan and the UK, along with a US-based healthcare organisation serving the US military, said the report.

An earlier report published by the cybersecurity firm on December 30 mentioned that attacks targeting the government and public sector organisations in India witnessed an astounding 95% in the second half of 2022, as compared to the same period in 2021; USA, India, Indonesia, and China remained the most targeted countries in the past two years and together accounted for about 40% of the total reported incidents of cyber-attacks in the government sector, it said.  

In November 2022, the All India Institute of Medical Sciences (AIIMS) in Delhi became the victim of a massive ransomware attack where Chinese involvement was suspected, leading to the compromise of personal data for at least 40 million patients, including political leaders and other important personalities.  

Weeks later, another top hospital in the national capital, the Safdarjung Hospital, was also hit by cyber-criminals. Authorities said that the hospital servers went down for around 12 hours due to the attack but was able to revive the systems on the same day. In December, India’s second-largest depository, Central Depository Services Limited (CDSL) detected a malware attack on few of its systems.   

Amid an increase in cybersecurity threats, 82% of Indian executives predict an increase in cyber security budgets in 2023, according to PricewaterhouseCoopers (PwC) survey published in November last year. In 2022, 69% of the executives said that their cybersecurity budget was increased, it said.