Data of over 6,000 Indian organisations up for sale on Darknet, says Quick Heal

Quick Heal Technologies’ enterprise security solutions unit has disclosed that it has discovered an advertisement on Darknet announcing secret access to the servers and database dump of over 6,000 Indian businesses — including ISPs, government and private organisations.

The hacker has priced the information at 15 Bitcoins and is offering network takedown of affected organisations for an unspecified amount, it added.

Terming it as one of the biggest breaches affecting Indian organisations, Seqrite Cyber Intelligence Labs, along with its partner seQtree InfoServices, identified the affected organisation as the Indian Registry for Internet Names and Numbers (IRINN), which comes under the National Internet Exchange of India.

“As a precautionary measure, SeqriteIntelligence Labs has reached out to government authorities and Asia Pacific Network Information Centre (APNIC) with a strong recommendation to alert all potentially affected organisations and urge them to change passwords and get their servers and systems patched with latest updates,” said a Quick Heal statement.

Seqrite Cyber is the DarkNet monitoring division of Seqrite, the enterprise security solutions brand of Quick Heal Technologies Ltd.

“According to the researchers, the seller claims to have the ability to tamper the IP allocation pool, which could result in a serious outage or denial of service (DoS) like condition. Along with the access, the hacker is also selling credentials, PII and various contractual business documents and claims to have access to a large database of APNIC,” the statement added.

After noticing the ad, Seqrite and seQtree teams started gathering background research on the hacker but did not yield any concrete information. The team then contacted the hacker for further details, posing as an interested buyer.

“Initially the actor was not willing to disclose the name of affected internet registry. However,later he agreed to share a small sample of email list from the allegedly compromised database. In the sample, the team noticed email address of a prominent Indian technology firm and another email address was from Indian government,” the company said. “The actor agreed to share screenshots which confirmed our suspicion that the compromise/breach is, unfortunately true and IRINN is the affected organization,” it said.

“ If the hacker gets an interested buyer, then an attack on the system could disrupt internet IP allocation and in turn affect internet services in India,” it added.