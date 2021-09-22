According to a US cybersecurity firm, Chinese hackers are likely to have infiltrated some Indian organizations.

An Indian media conglomerate, a police department, and the organization in charge of the country’s national identification database were likely attacked by state-sponsored Chinese hackers, according to the Insikt Group, a threat research division of Massachusetts-based Recorded Future.

The hacking outfit, dubbed TAG-28 for the time being, deployed Winnti malware, which the Insikt Group claims is only used by state-sponsored Chinese groups.

“Data from Recorded Future reveals a 261 percent rise in the number of suspected state-sponsored Chinese cyber operations targeting Indian organizations and companies in 2021 compared to 2020,” the company claimed in a report.

China’s government has always denied any type of state-sponsored hacking, claiming that the country is a significant victim of cyberattacks.

The claim has the potential to exacerbate tensions between the two regional powerhouses, which are already strained by a border issue that has resulted in skirmishes this year and last year.

The Insikt Group claimed in its assessment that the cyberattack could be linked to the border tensions.

Between February and August, the Insikt Group discovered four IP addresses associated with the Bennett Coleman and Co. Ltd. media organization in “sustained and considerable network communications” with two Winnti servers.

Approximately 500 megabytes of data were retrieved from the network of the privately owned Mumbai company, which publishes The Times of India, according to the report.

The nature of the data was not identified by Insikt, but the business stated that it routinely publishes reports on China-India tensions and that the hack was likely motivated by “wanting access to journalists and their sources as well as pre-publication content of potentially harmful articles.”

Bennett Coleman’s chief information officer, Rajeev Batra, said the company received information about the alleged intrusion from CERT-In, a government body that deals with cybersecurity risks, and responded to it many weeks ago.

In an emailed statement, he stated the majority of the data was in the “DNS requests category, which got blocked/dropped at our defense infrastructure.” The intrusion was labeled as “non-serious alerts and false alarms” by the company’s own investigation. This is a condensed version of the information.