Hacktivists 'targeted' over 1,000 India sites during I-day celebrations

Government and BFSI sectors bore the brunt of organised cyberattacks, says report by company

An organised cyberattack campaign by hacktivists targeted more than a 1,000 Indian websites during the country’s Independence Day celebrations, said a report on Friday.

The campaign was driven by political and religious motives and targeted websites and digital infrastructure across sectors that included government departments, education, BFSI (banking, financial services, and insurance), and small businesses, said the report by CloudSEK, a digital risk management company.

Government and BFSI sectors bore the brunt of distributed denial-of-service (DDoS) attacks, which work by directing high volumes of internet traffic towards targeted servers. Education and small businesses suffered bulk defacement attacks that typically alter the appearance of a website or web page and access panel takeovers whereby cyber criminals take ownership of online accounts.

The campaign by hacktivist groups in various countries used DDoS attacks, defacement, and user account takeovers under hashtag 'OpIndia', said CloudSEK.

Hacktivism, a form of cyberattack carried out in support of a social cause, is becoming a proxy for state-sponsored cyberattacks. Hacktivists use their technical skills and cyber tools to protest and raise awareness about causes they support. Hacktivist attacks increased during the first quarter of 2023 and India was their primary target. Israel, Poland, Australia, and Pakistan were other major targets.

“Despite their current limitations, these (hacktivist) groups could become a significant threat to countries in the near future. The rise in collaboration and easy access to attack tools and data, combined with potential support from state-sponsored hackers, might amplify their impact,” said Abhinav Pandey, cyber threat researcher at CloudSEK.

Hacktivist groups in Pakistan, Bangladesh, and other nations targeted Indian websites, but CloudSEK's research indicated that claims of DDoS attacks and user account takeovers were exaggerated for attention and fame. These claims, often made in internal communication channels, have not been fully verified by CloudSEK.

“On popular days, like Independence Day, hacktivists resort to such activities to gain fame or spread propaganda. On most occasions, it is also done for scare mongering and spread of misinformation,” said the report.

CloudSEK said hacktivist groups used methods like using open-source HTTP flooding tools and proxy services to temporarily overwhelm website servers in DDoS-like scenarios. Other methods were sourcing compromised credentials from publicly available information and exploiting websites with weak security.

CloudSEK said it has informed all organisations and companies in India targeted by hacktivists.