Russian hacker group Phoenix hit Indian health ministry website: CloudSEK

"The motive behind this target was the sanctions imposed against Russian Federation where Indian authorities decided not to violate the sanctions as well as comply with the price ceiling for Russia"

Cyber-security researchers from CloudSEK have claimed that a Russian hacker group targeted the Indian Health Ministry website and infiltrated its Health Management Information System (HMIS).

The pro-Russian hacker group called Phoenix allegedly compromised the HMIS Portal and had access to the data of employees and chief physicians of all the hospitals in the country, claimed the AI-driven cybersecurity company.

According to CloudSEK's contextual AI digital risk platform XVigil, "the motive behind this target was the sanctions imposed against the Russian Federation where Indian authorities decided not to violate the sanctions as well as comply with the price ceiling for Russian oil approved by G7 countries".

"This decision resulted in multiple polls on the telegram channel of the Russian Hacktivist Phoenix asking the followers for their votes," it added.

According to security researchers, the Russian threat actors may sell exfiltrated license documents and personal identifiable information (PII) on cybercrime forums and conduct document fraud using PII and license documents.

Active since January 2022, the Russian hacktivist group Phoenix was observed using social engineering techniques to lure the victims in a phishing scam thereafter stealing the passwords and gaining access to its victims' bank or e-payment accounts.

"The group has conducted a series of DDoS attacks against multiple entities in the past," said the report.

Phoenix has also engaged in hardware hacking, unlocking lost or stolen iPhones and reselling them in Kiev and Kharkiv through a network of controlled outlets.

The Russian Hactivist group has earlier attacked hospitals based in Japan and the UK, along with a US-based healthcare organisation serving the US military, said the report.

Late last year, the All India Institute of Medical Sciences (AIIMS) in Delhi became the victim of a massive ransomware attack where Chinese involvement was suspected.

Sensitive data of at least 40 million patients, including political leaders and other VIPs, were potentially compromised in the hacking.

The attack was analysed by the Indian Computer Emergency Response Team (CERT-In) and was found to have been caused by improper network segmentation.

Another top hospital in the national capital, the Safdarjung Hospital, was also hit by cyber-criminals.

However, the hacking attack on the Safdarjung Hospital was not as severe as the AIIMS-Delhi faced and the chances of data leak were less as major part of hospital work runs on manual mode.