Leading newspaper Times of India's publisher and country's national identification database were among the targets of TAG-28 group which used Winnti malware to extract data, says US-based cyber security firm Insikt Group.

Reports of hacking come as China and India are still at loggerheads over a border dispute.
Reports of hacking come as China and India are still at loggerheads over a border dispute. (AP Archive)

An Indian media conglomerate, a police department and the agency responsible for the country's national identification database have been hacked, likely by a state-sponsored Chinese group, a cyber security firm said. 

The hacking group, given the temporary name TAG-28, made use of Winnti malware, which is exclusively shared among several Chinese state-sponsored activity groups, said Insikt Group on Wednesday.

Insikt Group is the threat research division of Massachusetts-based Recorded Future. 

READ MORE: China govt contracts criminal hackers, says US

Friction between two Asian giants

Chinese authorities have consistently denied any form of state-sponsored hacking and said China itself is a major target of cyberattacks.

The allegation has the possibility of increasing friction between the two regional giants, whose relations have already been seriously strained by a border dispute that has led to clashes this year and last year. 

In its report, the Insikt Group suggested the cyberattack could be related to those border tensions.

"As of early August 2021, Recorded Future data shows a 261percent increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian organisations and companies already in 2021 compared to 2020," the organisation said in a report.

Times of India 'hacked'

The Insikt Group said it detected four IP addresses assigned to the Bennett Coleman media company in "sustained and substantial network communications" with two Winnti servers between February and August. 

It said is observed approximately 500 megabytes of data being extracted from the network of the privately-owned Mumbai company, whose publications include The Times of India

Insikt said it could not identify the content of that data, but noted that the company frequently publishes reports on China-India tensions, and that the hack was likely motivated by “wanting access to journalists and their sources as well as pre-publication content of potentially damaging articles.”

The Times of India did not answer repeated calls for comment.

The Insikt Group said it also observed about 5 megabytes of data transferred in a similar fashion from the police department of Madhya Pradesh state, whose chief minister, Shivraj Singh Chouhan, called for a boycott of Chinese products after June 2020 border clashes with India. 

Group says India's UID targeted

The police department did not immediately respond to an email seeking comment.

As the group was investigating the Bennett Coleman hack, it said it also identified a compromise in June and July of the Unique Identification Authority of India, or UIDAI, the government agency that oversees the national identification database. 

Source: TRTWorld and agencies