NEW DELHI: THE cyber-security researchers on Thursday reported a cyber attack on the website of the Ministry of Health and Family by a Russian hacker group.
According to a report from cyber security firm CloudSEK, the Russian hacker group which goes by the name Phoenix, claimed to have targeted MoH&FW’s website, infiltrating its Health Management Information System portal and securing access to data of employees and chief physicians of all hospitals in the country.
The report stated the motive behind the attack was to avenge ‘the sanctions imposed against the Russian Federation where Indian authorities decided not to violate the sanctions as well as comply with the price ceiling for Russian oil approved by G7 countries.’
“This decision resulted in multiple polls on the telegram channel of the Russian Hacktivist Phoenix asking the followers for their votes,” it added. In a message broadcasted on its telegram channel with snapshots of the HMIS portal, the hacker group wrote that it has full access to HMIS.
“India decided to impose sanctions against the Russian Federation. Going on the attack while not taking care of your defence is a rather stupid and risky move, especially when your enemy is such a powerful state as the Russian Federation,” the text originally written in Russian read. It added, “Phoenix did not approve of the actions of the Indian government and threw his “firebird feather” into the most painful and unprotected place of the enemy-his medicine.”
The newspaper tried to contact the Union Health Ministry’s officials and the personal secretary of Union Health Minister Mansukh Mandaviya for comment but got no response. According to security researchers, the Russian threat actors may sell exfiltrated license documents and personally identifiable information (PII) on the dark web and conduct document fraud using PII and license documents.
According to CloudSEK, Phoenix has been active since January 2022. The modus of the Russian hacker group is using social engineering techniques to lure the victims into a phishing scam thereafter stealing the passwords and gaining access to its victims’ bank or e-payment accounts.
The report mentioned that the Russian hackers have earlier attacked hospitals based in Japan and the UK, along with a US-based healthcare organization serving the US military. Last year, the All India Institute of Medical Sciences in Delhi became the victim of a massive ransomware attack that paralysed the digital patient care delivery services for over two weeks. Sensitive data of at least 40 million patients were potentially compromised in the hacking.