Transport ministry asks departments to step up IT security after alert on ‘targeted intrusion activities’

The Ministry of Road Transport and Highways received an alert from the Indian Computer Emergency Response Team (CERT-In) on Sunday regarding “targeted intrusion activities” directed at the Indian transport sector with “possible malicious intent,” a senior official informed HT.

“The Ministry of Road Transport and Highways has received an alert from CERT-In regarding targeted intrusion activity directed at the Indian transport sector with possible malicious intent. The ministry advised departments and organizations in the transport sector to strengthen the security of their infrastructure, ”the ministry said.

“The ministry is issuing a notice to all departments and organizations in the transport sector to strengthen cybersecurity.” As a result, the NIC, NHAI, NHIDCL, IRC, IAHE, State Disabled Persons, Testing Agencies, and Automotive Manufacturers were requested to conduct the Safety Audit of the Entire System. IT by CERT-In certified agencies immediately and regularly. The audit report and the ATR will be submitted to the government on a regular basis, ”officials said.

This comes against the backdrop of a series of cybersecurity attacks against Indian government domains in recent months. HT previously reported new phishing emails that used compromised government accounts and targeted groups of officials, attempting to trick them into sharing their passwords on a page that mirrored the official mail server login website of the government – an attack that could have given attackers access to sensitive files and credentials.

The attack prompted government IT departments to send an alert the next day to large groups of officials, according to emails viewed by HT. The incident was the latest in a series of such cyberattacks that exploit compromised @ or @ email addresses issued by the National Computing Center (NIC), which may be more effective at encourage targets to share sensitive information.

On February 21, HT also reported that the devices of several former defense personnel may have been compromised in a phishing attack launched by similar attacks carried out by email addresses in the government domain.

In total, HT is aware of five NIC domain addresses – four with the suffixes @ and the fifth a @ – which have been used to launch cyber attacks.

Earlier this month, a U.S. cyber intelligence firm called Recorded Future also said it had uncovered a suspected China-related cyber operation focused on India’s power grid and other critical infrastructure. While the company has not linked the Mumbai incident to the operation (which it titled RedEcho) it discovered, it has not ruled out a link. According to Recorded Future, RedEcho deployed malware known as ShadowPad that was previously linked to Chinese cyber soldiers. ShadowPad has the ability to turn system controls over to malicious hackers who can then make potentially catastrophic changes to sensitive industrial systems.

Attackers linked to the Chinese government may have gained access to computer networks that are part of India’s power infrastructure, a US-based cybersecurity firm said, citing technical clues that ministry officials Federal Energy officials have separately said they are on their radar, fueling speculation that a power outage in Mumbai last year may have been the result of sabotage.

Hours after the disclosure, the Union Department of Energy said it had received contributions from Indian agencies – first in November and then again in February this year – on the threat of ShadowPad infection, which prompted corrective action.