TAG-28, a group of hackers believed to be backed by the Chinese government, attacked the Unique Identification Authority of India (UIDAI) among several targets in the country, likely in an attempt to access the biometric database and Aadhaar’s digital identity to access information it operates, according to a new report.
The Insikt group and the recorded future report found that a pair of IPs registered with UIDAI appeared to be communicating with the same Cobalt Strike C2 server running on Bennett Coleman and Company Ltd. between June 10 and July 20, 2021. (BCCL), also known as “The Times Group”. Less than 10MB of data was exfiltrated from the UIDAI network and there is no evidence that biometric data was stolen, although 30MB of Ingress may suggest malware was left behind.
Cobalt Strike is a commercial network defense tool that can be repurposed by hackers, and the TAG-28 group is also said to have used a well-known malware called Winnti to carry out attacks, according to the report.
The Aadhaar database contains biometric data from more than 1 billion Indians. As a recorded future The recording points out that the motivation for hacking the Aadhaar database could be to collect data to train biometric algorithms or to identify high value targets like government officials for further attacks.
Then there is the possibility of more complex attacks that use the data.
“There is tremendous potential for logging into people’s accounts using biometrics,” Josephine Wolff, associate professor of cybersecurity policy at Tufts University, told The Record. âJust remember – if you’re trying to log into a protected system, you have a good pick of biometrics as part of that login. Or if you want to know what services people are using, iris scans would be really valuable. It would give them access to social programs so that they could blackmail people by threatening to block access to food or health care. “
The UIDAI said Bloomberg that it has no knowledge of a violation and that its biometric database is encrypted and access is secured by multi-factor authentication.
Aadhaar | biometric data | biometric database | Biometrics | China | Cybersecurity | digital identity | chop | India | UIDAI