Tag Archive for: NIA

Hacked AIIMS Server Partly Restored After Two Weeks, Ransomware Attack Deliberate, Finds NIA


The National Investigation Agency (NIA) is investigating the “deliberate and targeted” ransomware attack on the servers of AIIMS Delhi, Minister of State for IT Rajeev Chandrasekhar has said.

“I can’t comment on that as it is a subject matter of an investigation by the NIA…It is pretty clear that it is a deliberate and targeted effort…a ransomware attack on AIIMS’ system… and NIA is investigating it,” Chandrasekhar said on Thursday.

Hacked AIIMS Server Partly Restored After Two Weeks, Ransomware Attack Deliberate, Finds NIABCCL

Multi-agency investigation  

The All India Institute of Medical Sciences, Delhi allegedly faced a cyber attack on November 23, paralysing its servers. A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.

In a ransomware attack, cybercriminals lock access to data or a device and promise to unlock it after they are paid the desired ransom.

Following the massive outage that crippled the functioning of the country’s top medical facility a multi-agency investigation comprising of Indian Computer Emergency Response Team within the Ministry of Electronics and Information Technology, Delhi cybercrime special cell, Indian Cybercrime Coordination Centre, Intelligence Bureau, Central Bureau of Investigation (CBI), National Forensic Sciences University, National Critical Information Infrastructure Protection Centre and NIA, among others were launched.

Hacked AIIMS Server Partly Restored After Two Weeks, Ransomware Attack Deliberate, Finds NIABCCL

AIIMS back to near normal 

After nearly two weeks, the server was restored on Tuesday and near-normal service resumed on Wednesday. 

The online registration of patients resumed on Tuesday after the hospital was able to access its server and recover lost data.

Last week the AIIMS had issued a statement saying that the e-Hospital data has been restored.

AIIMS, tip of the iceberg

It is not just AIIMS Delhi that has been targetted by cybercriminals.

There are also reports that the Indian Council of Medical Research (ICMR) faced around 6,000 hacking attempts within 24 hours on November 30.

Hacked AIIMS Server Partly Restored After Two Weeks, Ransomware Attack Deliberate, Finds NIAPexels

However, the attempts made to hack the ICMR website was not successful and the server was not affected and was running smoothly. The attackers have been blocked and the NIC team prevented the hacking attempts on the ICMR…

Source…

NIA initiates probe into malware attack on e-devices of defence personnel


I

The National Investigation Agency (NIA) has launched a probe into the use of a fake Facebook profile through which several defence personnel were contacted and their communication devices accessed using a malware for security sensitive information. The agency suspects that the account was being operated from Pakistan.

The Counter Intelligence Cell in Vijayawada first detected the spying operation in 2020, following which it registered a case under various provisions of the Indian Penal Code, Official Secrets Act, Information Technology Act and the Unlawful Activities (Prevention) Act.

As alleged, information related to national security was stolen by remotely injecting a concealed malware into the electronic devices, including mobile phones and computers, of the defence personnel and some others working in defence establishments through the Facebook account opened in the name of “Shanti Patel”. Those operating the account befriended the personnel concerned via private messenger chats on the Internet.

The targeted individuals’ gadgets were infected using the malware to “gain unauthorised access to the restricted data of the computer resources and to steal sensitive information with an intention to commit terrorist act and endanger the unity, integrity and sovereignty of India…”.

Malware originated from Islamabad

According to the First Information Report registered by the Counter Intelligence Cell, the suspects spread the malware by sending to the personnel a folder containing photographs of women. The prima facie evidence indicated that the malware had originated from somewhere in Islamabad.

In a similar case reported in March 2021, the police arrested an Army jawan in Rajasthan. The accused was posted in Sikkim.

On October 31, 2020, following a tip-off from the Military Intelligence, the Rajasthan police nabbed one Ramniwas Gaura, a civilian working with a Military Engineering Services (MES) unit. The accused had been contacted using a Facebook profile by someone using pseudonyms Ekta and Jasmeet Kour. They then remained in touch on Whatsapp.

‘Honeytrap’

In another case reported in September 2020, an MES employee named Mahesh was arrested in Rewari after he was…

Source…

Can’t look into malware attack on Wilson’s laptop now in Mumbai: NIA | Mumbai News


Rona Wilson (42)

Mumbai: National Investigation Agency (NIA) has questioned the maintainability and sought dismissal of a quashing petition filed by Elgar Parishad case accused, Rona Wilson (42), who is relying on a US forensic lab report that indicated planting of evidence on his laptop.
The agency’s officer, in an affidavit in reply to Wilson’s February petition, said he “stoutly” denied the reports of Arsenal Consultancy and American Bar Association. The independent forensic report of a “malware’ attack on his computer “cannot be looked into at this stage’’, NIA said.
Wilson, relying on the report, alleged he was “framed by somebody’’. NIA said his petition did not mention by who, “if at all it even happened’’, hence it was “vague’’.
Wilson, a human rights activist, lodged at Taloja prison since his June 2018 arrest by Pune police, sought quashing of a chargesheet filed by NIA, which took over the probe in January 2020. He was “charged for his role and involvement in larger CPI (Maoist) conspiracy in light of clashes at Koregaon Bhima on January 1, 2018, after an Elgar Parishad programme on December 31 at Shaniwarwada, Pune,’’ NIA said.
The chargesheet invoked serious anti-terror offences under Unlawful Activities (Prevention) Act against the accused, apart from offences under IPC, including section 121 (waging war against Government of India), 124a (sedition), 120b (criminal conspiracy) and 153A IPC (promoting enmity between groups on grounds of religion, race, place of birth, residence, language, etc, and doing acts prejudicial to maintenance of harmony) evidence, he said, was subsequently relied by NIA to book him in the case. The last chargesheet against him was on October 10, 2020.
Wilson’s petition cited a February 8 digital forensics report from Arsenal, which said his computer had been “compromised’’ for 22 months. He urged the court to form an SIT to probe “planting of evidence”. The report had analysed a cloned copy of digital records he received from the prosecution on July 30, 2020.
Mark Stevens, president of Arsenal, in a 16-page report, had said Wilson’s was “one of the most serious cases involving evidence…

Source…