THIRUVANANTHAPURAM: The cyber attack earlier this year on the servers of the Thiruvananthapuram-based Regional Cancer Centre (RCC) could have originated from the Russia-Ukraine border, the theatre of action in the war between the two countries, investigation has found.
The investigators had earlier suspected that the attack could have been carried out by Russians, which was reported by TNIE. The latest assessment of the cyber sleuths is that the attack using ransomware could not have emerged from any major Russian cities, but from the volatile border areas which have been witnessing high-intensity clashes.
It was the identification of IP addresses involved in the cyber crime and the location of the terminal of cryptocurrency wallet belonging to the hackers that reinforced suspicion that the act could have been carried out from the restive border regions, sources with the cyber investigation wing of the state police said. Eight IP addresses and the terminal were located to a Russia-Ukraine border area, a source said.
“We are now trying to get more specific details. We had written to the cryptocurrency exchange, seeking details of the customers who had used the wallet, but they declined. They have hosted the server outside the country. Also, the entity is not registered with us. There are some technical issues that are crippling our efforts to reach the root of the case. But we have some potent methodology that was successfully used in some other critical cases. We are planning to take a similar route in this case too,” the source said.
Given the location, geopolitical reasons could also have played a role in the ransomware attack, sources said. “Cyber attacks have consistently been linked to geopolitical positions of the countries. There could be people who have strong reservations regarding India’s stance on the Russia-Ukraine war. We feel the attack could have something to do with our foreign policy,” the source added.
