Chinese group claimed to have hacked secret documents of the Indian government, Air India and Reliance were also on target
A Chinese hacker group has claimed to have hacked documents of important departments related to the Indian government. These include the Prime Minister’s Office (PMO) and companies like Reliance Industries and Air India. India Today’s Open-Source Intelligence (OSINT) team has reviewed the leaked data.
What is isoon leak?
The Chinese government-linked hacking group iSoon recently posted thousands of documents, photos and chat messages on GitHub. Two employees of this hacking group told AP that iSoon and China police have started investigating how these files were leaked. An employee said that a meeting of iSoon was held on February 21 regarding this leak issue. It was told in this meeting that this development will not have any impact on the business and the work will continue as normal.
Translated version of leaked documents surfaced
The leaked internal documents are originally in Mandarin language. This reveals the modus operandi and target of the hackers. The targets of hackers included private institutions ranging from NATO to European governments and China’s allies like Pakistan. However, the target of cyber espionage operation is also mentioned in these leaked documents. But India Today did not find samples of stolen data in these leaked documents. However, it is not known which people have been individually targeted in the hacking.
What is the target in India?
Leaked data has revealed that departments like Finance Ministry, Foreign Ministry and ‘Presidential Ministry of Interior’ were the target. This probably means the Home Ministry.
During the height of tension on the India-China border between May 2021 and October 2021, 5.49 GB data related to various offices of the ‘Presidential Ministry of Interior’ came into the hands of a hacker group.
EPFO, BSNL are also in the target list
Translation of the India-related part of the internal report prepared by iSoon shows that the main targets of the hacker group in India are the Ministry of External Affairs, Finance Ministry and other related departments. We are investigating this in more depth. Along with this, the data of Government Pension Fund Manager, Employees Provident Fund Organization (EPFO), Government Telephone Operator Bharat Sanchar Nigam Limited (BSNL), Private Healthcare Apollo Hospitals has allegedly been breached. The leaked data of Air India is related to the daily check-in information of passengers.
Immigration details also leaked
The leaked documents include approximately 95GB of India’s immigration details from 2020, described as “entry and exit point data”. Especially since tension was seen in India-China relations after the Galwan Valley clash in 2020.
Taiwanese researcher Ajaka, who was the first to expose the GitHub leak, told India Today that India has always been at the center of China APT. The leaked data includes some organizations of India including Apollo Hospital, people coming and going to India in 2020, PMO and population records.
John Hultquist, chief analyst at Google Cloud-owned Mendiant Intelligence, says this is authentic data from hackers associated with global and Chinese cyber espionage operations. We very rarely get access to the inner workings of any kind of intelligence operation.
From friend to enemy, everyone is on China’s target
Apart from India, China’s evergreen friend Pakistan is also in its target list. Its other targets include Nepal, Myanmar, Mongolia, Malaysia, Afghanistan, France, Thailand, Kazakhstan, Turkey, Cambodia and Philippines. According to the leaked data, China’s hacker group accessed 1.43 GB postal service data of the Anti-Terrorism Center of Pakistan’s Punjab province between May 2021 and January 2022.
China has been involved in burglary for many years
The US recently launched an operation to fight a widespread Chinese hacking operation that compromised thousands of internet-connected devices.
The big data of Nepal Telecom, Mongolia’s Parliament and Police Department, France University and Kazakhstan’s Pension Authority have reportedly been breached. Hackers allegedly breached Tibet’s government-in-exile and its official systems and domains. For several years, the hacker group Mustang Panda or APT41, affiliated with the Communist Party of China, has been attempting to break into many countries and their organizations, including the United States. America recently started an operation to counter China’s hacking operation.
This is not the first time China’s cyber attack
This is not the first time that China is in the headlines for cyber attacks in India. In 2022, hackers linked to China reportedly targeted seven power hubs of India. Even in 2021, hackers tried to break into India’s power infrastructure.
