The Union transport ministry on Sunday issued cybersecurity advisories to automakers and various agencies after the Computer Emergency Response Team (CERT)-In alerted it about “targeted intrusion activities” with “possible malicious intentions” in the transport sector.
“The ministry of road transport and highways received an alert from CERT-In regarding targeted intrusion activities directed towards the Indian transport sector with possible malicious intentions. The ministry has advised departments and organizations under transport sector to strengthen the security posture of their infrastructure,” the transport ministry said in a statement.
“NIC, NHAI, NHIDCL, IRC, IAHE, state PWDs, testing agencies and automobile manufacturers have been requested to conduct the security audit of the entire IT system by CERT-In certified agencies on a regular basis and take all actions as per their recommendations. The audit report and the ATR is to be regularly submitted to the ministry,” the statement added.
The security scare comes amid a slew of cyber attacks on Indian government domains over the last few months. On 25 February, HT reported on new phishing emails using compromised government accounts to target groups of officials, and attempting to lure them into sharing their passwords on a page that mirrored the government’s official mail server sign-on website. If an official fell for it, the attackers could gain access to sensitive credentials and files. The development prompted the government’s IT department to send out an alert the following day to large groups of officials, according to emails advisories seen by HT. The incident was the latest in a series of cyberattacks that leveraged compromised @gov.in or @nic.in email addresses issued by the National Informatics Centre (NIC), which may be more successful in luring the targets into sharing sensitive information.
On 21 February, HT had also reported that the devices of multiple former defence personnel may have been compromised in a phishing attack launched via similar attacks carried out by government domain email addresses. So far, HT is aware of five NIC domain addresses which were used to launch cyberattacks—four on @gov.in and one on @nic.in.
Earlier this month, American cyber intelligence firm Recorded Future said it had uncovered a suspected China-linked cyber operation that was focussed on India’s electricity grid and other critical infrastructure. While the company did not link the Mumbai incident to the operation (titled RedEcho) it discovered, it did not rule out a link. According to Recorded Future, RedEcho deployed a malware known as ShadowPad, which has been previously linked to Chinese cyber soldiers. ShadowPad has the ability to hand over systems controls to malicious hackers, who can make potentially catastrophic changes to sensitive industrial systems. The Union power ministry said it had received inputs from Indian agencies, first in November 2020 and again in February, about the threat of infection from ShadowPad, which prompted the ministry to take remedial measures.