How India came under assault from global cyber groups during LS polls

Lok Sabha elections 2024: Reports reveal AI influence and cyber threats targeted India's 2024 General Elections

India went through a mammoth polling exercise to elect its members of parliament this summer. The country, which voted in seven phases from April 19 to June 1, witnessed one of the biggest election campaigns by politicians across the spectrum.

While a lot of election campaigning took place on the ground, the online world witnessed activities that attempted to destabilise the electoral process with malicious content and targeted cyberattacks, multiple reports suggest.

In a one-of-its-kind report by Artificial Intelligence (AI) giant OpenAI, released a couple of days back, the ChatGPT parent company claimed that it prevented covert activity that used AI to influence the ongoing Lok Sabha elections in India.

“Over the last three months, our work against deceptive and abusive actors has included disrupting covert influence operations that sought to use AI models in support of their activity across the internet. These included campaigns linked to operators in Russia (two networks), China, Iran, and a commercial company in Israel,” said the report.

For India, the ChatGPT parent company, in its report titled "AI and Covert Influence Operations," said that it identified a campaign from a commercial company in Israel called STOIC, generating content about the Gaza conflict, the Histadrut trade unions organisation in Israel, and the Indian elections.

“The operation used our models to generate web articles and social media comments that were then posted across multiple platforms, notably Instagram, Facebook, and X,” said OpenAI.

While the report did not mention the number of such posts that were acted upon, the firm said that in May 2024, it disrupted some activity focused on the Indian elections less than 24 hours after it began.

Another similar misinformation campaign was disrupted by Meta in the first quarter of 2024, where the company exposed a network of social media accounts based in China, responsible for “inauthentic behaviour” targeting India.

These campaigns targeted the worldwide Sikh community and were aimed to shape the discourse surrounding the death of Khalistani separatist Hardeep Singh Nijjar in Canada, said Meta in one of its reports.

The misinformation network was responsible for creating 37 Facebook accounts, 13 pages, five groups, and nine Instagram accounts, all in violation of Meta’s policies.

Dubbed "Operation K," the network posed as a fabricated activist movement with the objective of sparking pro-Sikh demonstrations, especially in New Zealand and Australia, said Meta in its quarterly adversarial threat report.

“They posted primarily in English and Hindi about news and current events, including images likely manipulated by photo editing tools or generated by AI, in addition to posts about floods in the Punjab region, the Sikh community worldwide, the Khalistan independence movement, the assassination of Hardeep Singh Nijjar, a pro-Khalistan independence activist in Canada, and criticism of the Indian government,” the report said.

However, Meta said that its automated systems detected and disabled several fake accounts associated with this network and thwarted the network’s attempts to gain traction across Meta’s social media platforms.

Attacks on government entities

Other than the targeted misinformation campaigns at Indian elections, threat actors also resorted to other ways of carrying out cross-border cyberattacks on Indian government entities.

According to the enterprise security arm of Quick Heal Technologies, Seqrite, Pakistan-based groups SideCopy and Transparent Tribe (also known as APT36) tried to infiltrate India's government and defence IT systems through malware attacks, particularly during the election period.

At the forefront of these attacks was SideCopy, a potent threat group based in Pakistan.

Since 2019, the group has relentlessly targeted South Asian nations, primarily aiming at infiltrating Indian defence and government entities, according to the report.

Seqrite said that it identified three separate campaigns by SideCopy in recent times, each involving the deployment of a trojan as the final malicious payload.

“The persistent targeting of Indian government and defence entities by Pakistani APT groups is not a new phenomenon. However, the recent surge in attack volumes, particularly in the run-up to the general elections, represents a substantial escalation in the evolving cyber threat landscape faced by the nation,” said Seqrite.

The firm urged government organisations to prioritise cybersecurity with software updates, email filters, training against social engineering, multi-factor authentication, security assessments, and incident response plans, as a measure to thwart such attacks in the future.