An advertisement on DarkNet announcing secret access to servers and database dump of over 6,000 Indian businesses — comprising ISPs, government, and private organisations — has been uncovered by Seqrite Cyber Intelligence Labs along with its partner, seQtree InfoServices.
The hacker has priced the information at 15 Bitcoins and is offering to take down the network of affected organisations for an unspecified amount.
Following an investigation, researchers at Seqrite and seQtree identified the affected organisation as India’s National Internet Registry: IRINN (Indian Registry for Internet Names and Numbers), which comes under National Internet Exchange of India.
As a precautionary measure, Seqrite has reached out to government authorities and the Asia Pacific Network Information Centre to alert all potentially affected organisations and urge them to change passwords and get their servers and systems patched with latest updates. According to the researchers, the seller claims to have the ability to tamper the IP allocation pool, which could result in a serious outage or Denial of Service-like condition. This could impact various CDN and hosting providers as well.
If the hacker gets an interested buyer, then an attack on the system could disrupt IP allocation and affect internet services in India.
Along with the access, the hacker is also selling credentials and various contractual business documents and claims to have access to a large database of Asia-Pacific Network Information Centre.