Posted on February 7, 2021 at 3:41 PM
Recent reports have revealed that a hacking group has compromised the data of Indian military men using the Bharti Airtel in Kashmir and Jammu.
The hacking group, called Red Rabbit Red Team, also compromised some Indian websites to post the stolen data on their web pages.
The group also put up some links to the web pages on Twitter while tagging several media organizations below a tweet of cybersecurity researcher Rajshekhar Rajaharia.
When the army was contacted for comments about the situation, there was no indication that it was aware of the breach.
Also, Bharti Airtel was contacted for comments, but the company’s spokesperson denied any infiltration of its server.
“We can confirm there is no hack or breach of any Airtel system as claimed by this group,” the spokesperson stated.
The hacking group has been around for over 15 months
He added that due to regulatory requirements, several stakeholders have access to some of its data. The spokesperson further stated that the company has engaged with the various stakeholders to find out more about any breach and take appropriate action.
However, the spokesperson said the company’s security team has known the group for more than 15 months, as the group has been in touch since then. He said the group has made different claims about a breach and posted inaccurate data to make the security team believe their claims.
Although the links sent by the threat actors were initially accessible via mobile number, they stopped working when they were accessed for the second time.
In a message sent by the Red Rabbit, the group claimed it has pan-India data of Bharti Airtel.
According to the group, it was uploaded via a shell on Airtel’s server and plans to expose more data very soon.
Security researcher Rajaharia stated that the hackers have not presented any concrete evidence to show they compromised the data. He added that it’s not clear how the data got into their hands if what they said is true.
“The hacker group failed to show evidence that they have a whole India database,” he stated.
However, the SDR video appears to be genuine even though the whole Kashmir and Jammu data could not have been leaked through this way.
Threat actors are possibly Pakistani hacking group
Indian telecom operators are mandated by law to provide access to data provided by users on the network. They provide the details of the subscriber data registration (SDR) for the verification of phone numbers.
However, Rajaharia stated that the hacking group could be from Pakistan. The site the hacker used to upload the supposed leaked Airtel data was compromised by a Pakistani hacker group known as TeamLeets in December. It’s a good indication that the group could also be behind the army data leak, he stated.
Military organizations all over the world use the most sophisticated tools to protect their servers from unauthorized access. This is because the compromise of certain data could lead to security issues. But it has not prevented cyber criminals from attempting to compromise their servers.
A cause of global concern
A senior officer in India’s army recently stated that cyberattacks are a cause of global concern with the world increasingly getting networked. The sourcing of hardware, as well as its storage with third parties, can open the door for threat actors to compromise systems, the officer stated.
This time, it seems the Indian army is in a defensive state against the Pakistani intelligence unit. Army Chief Gen Manoj Mukund recently stated that while India is preoccupied with the fight against COVID-19, Pakistan is busy exploiting its organizations with series of cyberattacks.
Last year, the Indian Army accused the Pakistani group of trying to hack the phones of Indian military personnel using a malicious app similar to the AarogyaSetu app.
Some senior army officers also revealed that Pakistani agencies are targeting Indian military personnel using social media accounts with Indian names.