Hackers Target Indian Government Websites, Mine Crypto
Researchers have discovered dozens of Indian government websites falling victim to crypto mining malware. The compromised government websites were infected using the increasingly common Coinhive crypto mining script.
Subscribe to the Bitsonline YouTube channel for great videos featuring industry insiders & experts
Cryptojacking In Fashion In India
Guwahati security researchers Indrajeet Bhuyan, Shakil Ahmed, and Anish Sarma have raised the alarm on a number of Andhra Pradesh state government websites being victims of surreptitiously-running Coinhive crypto mining code. The scripts allow hackers to leech victims’ computer resources, without consent, to mine crypto like Monero.
Per the researchers, hackers have specifically attacked local websites of the Andhra Pradesh and Macherla municipalities, the Tirupati Municipal Corporation, and several ap.gov.in subdomains.
Of the flurry of activity, Indrajeet Bhuyan noted trust, or rather its manipulation, was a key element to consider:
“Hackers target government websites for mining cryptocurrency because those websites get high traffic and mostly people trust them. Earlier, we saw a lot of government websites getting defaced. Now injecting cryptojackers is more fashionable as the hacker can make money.”
At press time, some of the crypto scripts are still live on the targeted sites. The Andhra Pradesh state government has already acknowledged the cryptojacking attacks, but how they proceed from here remains unclear for now.
Insecure Govt. Websites Had It Coming
The Andhra Pradesh government shouldn’t be surprised at fraudsters taking advantage of their sites per the state’s IT department audit this summer. As part of the investigation, over 320 ap.gov.in portals were deemed highly vulnerable to attack.
An investigation by Bitsonline discovered around 194 Indian government domains are presently compromised by anonymous hackers and are still live.
In June, a senior Indian government official commented on the growing problem:
“We have audited about 320 portals of the state government under the ap.gov.in domain and sent reports to the respective departments which maintain them. So far, only 80 of them have responded saying they have fixed the issues we spotted. We will audit the 80 websites again to see if there are any new vulnerabilities.”
With that said, while the Indian government may still not have a clear direction on crypto regulations, it certainly needs one on protecting its portals.
Is cryptojacking a serious concern for governments? Share your views in the comments section.
Images via Google, Pixabay