In the course of a recent phishing attack, several employees of various central ministries received mysterious emails including one from a government domain email address (nic.in) claiming an “internal hand” in General Bipin Rawat’s death. This is part of phishing attempts against central government officials through some compromised government domain email IDs (gov.in and nic.in), which are increasingly getting more targeted and sophisticated, The Indian Express has learnt.
The National Informatics Centre (NIC) runs the official email service, handing out email accounts to departments, ministries and public sector units of the central and state governments.
This latest round of cyber attempts was launched earlier this month following the deaths of Chief of Defence Staff General Bipin Rawat, his wife Madhulika Rawat and 11 others in the crash of an Indian Air Force helicopter near Coonoor in Tamil Nadu on December 8. Group Captain Varun Singh who was also aboard the helicopter succumbed to his injuries on December 15.
The phishing email with the subject, “Internal report: Gen Bipin Rawat’s incident-inside job”, reviewed by the Express, was sent to employees of a ministry department through a malicious email ID with the domain name nic.in. It asks the recipients to click a phishing link that claimed to be an internal report.
Another cyber attack bid was made through a compromised gov.in email ID targeting the central government employees in October soon after Prime Minister Narendra Modi’s September visit to the United States. This email, also reviewed by the Express, was sent with the subject, “Viral Video PM Narendra Modi slapped in USA Visit”, attempting to lure the recipients into clicking a link to view the so-called video. Soon afterwards, the NIC unit of the ministry concerned issued a security alert, telling the users not to open and click on the phishing emails from at least five such compromised email IDs.
Sources within the NIC and the Union Ministry of Electronics and Information Technology (MeitY) confirmed that the breaches in the servers were “discovered” last year, but insisted that it had now been “fixed”, and that the “situation…