Malaysian Hacktivists Target Indian Websites as PaybackDragonForce Malaysia's Alleged Victim List Comprises Government, Private Entities
A hacktivist group calling itself DragonForce Malaysia is taking credit for attacking and defacing at least 70 Indian government and private sector websites between Wednesday and Sunday last week.
See Also: 2022 Unit 42 Incident Response Report
On Friday, the hacktivist group responded to a June 5 apology by Nupur Sharma on Twitter by writing that "Words & apologies don't seems to have enough effect. Your apology means nothing to us."
Greetings The Government of India.— DragonForceIO (@DragonForceIO) June 10, 2022
We Are DragonForce Malaysia.
This is a special operation on the insult of our Prophet Muhammad S.A.W.
India Government website hacked by DragonForce Malaysia. We will never remain silent.
Come Join This Operation !#OpsPatuk Engaged pic.twitter.com/sPSpxFznDl
Operators of DragonForce Malaysia's Telegram channel on Friday posted a recruitment message for Operation Patuk or "OpsPatuk."
DragonForce Malaysia made a similar announcement on Twitter on Saturday, listing about 70 websites that it claimed to have attacked. The alleged victims include educational institutions such as Delhi Public School and Nagpur's Institute of Science, travel and logistics companies S.M. Transport Services and R.R. Logistics, and government websites such as the Indian Embassy of Israel. Information Security Media Group's analysis of the Internet Archive Wayback Machine shows a message published by the group on Twitter appeared on the Indian Embassy of Israel's website on Friday.
This is an urgent call for all Muslim Hackers All Over The World, Human Right Organisations and Activists all around the world to unite again and start campaign against India, share what is really going on there, expose their Terrorist,Criminal War activity to the world. pic.twitter.com/t46XMfk23C— DragonForceIO (@DragonForceIO) June 11, 2022
More Alleged Victims
The group, in a video published through Telegram on Friday, says it hacked and exfiltrated data from Bharathidasan University Entrepreneurship, Innovation and Career Hub. The university did not immediately respond to ISMG's request to verify the claim. Its website currently appears to be under maintenance and displays a countdown timer and a message that the website will be back online in about two days.
On Sunday, the group tweeted that it had hacked into an unnamed Indian government database, posting screenshots of what appear to be full names, passwords and email IDs of individuals.
The Indian Computer Emergency Response Team and the Ministry of Electronics and Information Technology did not respond to ISMG's request seeking verification of the claim.
Six-Hour Reporting Mandate
None of the organizations, including those in the public sector, have confirmed the attacks. Starting later this month, organizations must report data breaches within six hours of their detection to Indian Computer Emergency Response Team (see: India to Set 6-Hour Breach Reporting Requirement).
Critics including Google, Apple and Facebook have raised concerns over the reporting requirement, writing to CERT-IN in May to express concerns over the tight reporting timeline and a requirement for organizations to maintain detailed log data for 180 days.
Hon’ble MOS E&IT chaired a meeting today on CERT-In Cyber Security Directions issued on 28 April 2022— CERT-In (@IndianCERT) June 10, 2022
wherein queries of various industry bodies were clarified and all agreed to work towards Open, Safe & Trusted and Accountable Internet. pic.twitter.com/r1ihhT6wOc