The ministry of home affairs (MHA) has issued an advisory to all banks regarding hacker groups targeting the banking and finance sector in light of the G20 summit in New Delhi on September 9 and 10. The ministry has said that as the event approaches, malicious threat actors are likely to target the banking sector.
Authorities have observed that various cyber threat actor groups have been claiming credit for Distributed Denial-of-Service (DDoS) attacks on the banking sector. On Thursday, a DDOS strike was attempted on a major Indian bank by a foreign group.
“In view of the above, Banks are requested to closely monitor their IT infrastructure for such attempts as they are likely to intensify in the coming days,” MHA’s advisory said.
Agencies are monitoring cyberspace and have found that a full-fledged operation has been initiated by various hacker groups, mainly those that have religious inclinations.
During the analysis it has been found that these groups are also taking support from various other hacktivist groups and countries, attacking government-private websites, leaking data of government websites, stealing data, making websites unavailable, sending huge traffic packets, DDoS attacks, defacement attacks, and user account takeover, etc.
The groups are using various hashtags to target Indian cyberspace, such as #OPINDIA, #CYBERERRORSYSTEM, #JAMBICYBERTEAM, #GARUDASECURITY, etc.
Sources said that multiple agencies are working together to protect India’s cyber infrastructure, and so far nothing major has been done by these groups except attacking a few government websites.
Multiple media reports have indicated that Indian agencies are on high alert to secure cyberspace, with a particular emphasis on protecting government websites from potential cyberwarfare, including threats from China-Pakistan cyber warriors. But apparently, the G20 event is attracting more cybercriminals, including those from Indonesia.
Recent developments have added a new layer of concern to the New Delhi event. Indonesian hacktivist groups, including Ganonsec and Jambi Cyber Team, have announced their intentions to target Indian organisations and launched a campaign named ‘OpIndia’, pledging to disrupt India’s digital infrastructure. The announcement of the cyberattack was made by the Indonesian hacktivists on their Telegram channel.
FalconFeedsio, a cyber threat intelligence platform, has reported on this escalating threat on social media site X. In a post on September 7, they shared the screenshot of the Telegram message. It reads: “We invite all Muslim hackers and hacktivists. You join our Operation India. Are you ready to join #OpIndia? Date:- 9 and 10 September 2023. “Same Date on G20 summit”. Great #Team_Herox #ACEH_ABOUT_HACKED_WORLD #GanoSec_Team. Soon….”
Another post from the same source on September 6 reads, “Religious hacktivist groups from Indonesia to start campaign against India in context of upcoming G20 event. The campaign named opIndia claims to target Indian websites on 9th and 10th of September.”
The screenshot shared by FalconFeedsio included a poster for this campaign and a text that stated: “ARE YOU READY TO PARTY IN INDIAN EVENT KTT G20? Note: Don’t blame us because this is the answer to your challenges who want to target Indonesia. Look this time it will be more lively than before. #OPINDIA #HacktisitIndonesia”.
The X handle on September 5 alerted the Indian Computer Emergency Response Team (CERT-In) by posting a threat alert, which included a screenshot of another Telegram message, stating: “Hacktivist Indonesia – Ganonsec – Jambi Cyber Team #OpIndia 9 September 2023 sampai waktu tidak ditentukan (which roughly translates to ‘until time is not specified’).”
CERT-In is at the forefront of India’s cybersecurity efforts for the G20 summit. As reported, one key cybersecurity approach being adopted is the “zero trust” principle, which involves continuous monitoring of all IT assets. The home ministry’s cyber unit has strongly advocated for this model, emphasising stringent authentication and authorization for every device and individual accessing private networks.
Additionally, this approach is not limited to individuals within a private network, such as an employee working remotely or on a mobile device at an off-site conference. It also extends to any person or endpoint outside of the network, regardless of whether they have previously accessed it. This strategy shifts away from the traditional “trust but verify” mindset to a more cautious “never trust, always verify” stance.
Similarly, a few more decisions have been taken to ensure cyber safety such as limiting the number of simultaneous management connections in hotels, firewall-based login to access the network, and restrictions in connecting external devices to the internet in respective locations.
The G20 summit is an annual meeting of the heads of state and government of the world’s 20 largest economies and these meetings are major targets for cyberattacks, as they provide an opportunity for attackers to disrupt or gain access to sensitive information. Some notable cyberattacks occurred during previous G20 events.
For example, a spear phishing attack was launched during the Paris G20 summit in 2011, targeting French government officials. Then, in 2014, the personal data of some attendees at the Brisbane G20 summit was leaked online, which included their names, email addresses, and phone numbers. Also, hackers targeted the computer systems in Germany in the weeks leading up to the 2017 Hamburg G20 summit. Indian authorities are taking all such threats seriously and are actively monitoring the situation.