NEW DELHI: The official websites of the Delhi Police and Mumbai Police were allegedly crippled by a cyber attack launched by a hacktivist group, “Team Insane PK.” The incident sent ripples of concern through the cybersecurity landscape, with fears of potential threats looming on the eve of the G20 summit being held in the national capital.
Websites Crash During G20 Summit
On the evening of September 7, 2023, both the Delhi Police and Mumbai Police websites fell victim to a Distributed Denial of Service (DDoS) attack, causing them to crash and go offline temporarily. Visitors to these websites were greeted with a troubling error message stating, “This service isn’t available.”
A Threat Intelligence platform, Falcon Feed, reported that “Team Insane PK,” a religious hacktivist group, had proudly claimed responsibility for these cyber attacks. As evidence, they posted a screenshot of their conversation on a Telegram group.
ALSO READ:Indian Agencies Gear Up Against Cyber Threats to G20 Summit
Fortunately, the Delhi Police website was restored after a mere 10-minute downtime, but the incident raised concerns about the overall cybersecurity readiness, especially during a crucial event like the G20 Summit.
Team Insane PK’s Track Record
Team Insane PK, a hacktivist group based in Pakistan, has been targeting high-profile Indian government websites since the beginning of the year. Their modus operandi typically involves DDoS attacks, which overwhelm websites with excessive traffic, causing them to crash, and occasionally defacing them to make their point.
#OpIndia – An Ominous Campaign
Recent findings by CloudSEK, a contextual AI digital risk platform, reveal a disturbing plan dubbed “#OpIndia.” This coordinated campaign involves multiple hacktivist groups and aims to launch cyber attacks on Indian targets, primarily the government’s digital infrastructure. The motivations behind these attacks are complex and are often driven by political factors.
ALSO READ: Cyber Attacks Costing Trillions: HM Amit Shah Urges Global Cooperation for a Secure Digital Future
The primary methods anticipated in this campaign are Mass Defacement and DDoS (Distributed Denial of Service) attacks. Team Herox, a hacktivist group, issued a call for action on September 7, 2023, seeking support from fellow hacktivist organizations. They plan to execute a series of attacks on September 9 and 10, 2023, aligning perfectly with the G20 summit’s timeline.
Rising Hacktivist Threats
Hacktivist activities have been on the rise, with Indian organizations facing a barrage of attacks ranging from DDoS assaults to compromised account takeovers and data breaches. CloudSEK’s research indicates a significant increase in hacktivist attacks during the first quarter of 2023, with India becoming a primary target.
Darshit Ashara, Head of Security Research & Threat Intelligence at CloudSEK, emphasized, “Cyber attacks by hacktivist groups have surged exponentially in recent times, with India emerging as their primary target. These hacktivists consistently exploit significant political events like the G20 Summit to gain visibility, making the government’s digital infrastructure a prime objective.”
ALSO READ: Hacktivist Waves Surge in 2023: India Takes Center Stage in Global Hacktivist Campaign
Common Attack Strategies
CloudSEK’s analysis revealed several common attack vectors employed by hacktivist groups, including the use of open-source HTTP Flooding tools and proxy services for DDoS attacks, compromised credentials sourced from malware logs, website misconfigurations, weak passwords, and leaked internal credentials, and vulnerabilities like SQL injection to access databases and administrator panels. Hacktivists also mirror compromised and defaced websites on popular mirror sites for notoriety.
In addition to these tactics, reflective DDoS attacks have emerged as a significant threat, where attackers manipulate user agents and referrer headers to make attack traffic appear legitimate, evading detection.
A Call for Vigilance
CloudSEK urges organizations and authorities to remain vigilant and strengthen their cybersecurity measures to thwart malicious activities. In an increasingly interconnected world, collective efforts are essential to safeguarding against cyber threats. CloudSEK remains dedicated to assisting in this endeavor.
As India prepares to host the G20 Summit, the nation’s ability to secure its digital infrastructure has become a matter of paramount importance, given the growing threats from hacktivist groups.