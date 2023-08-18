The recent Independence Day celebrations in India have once again exposed the heightened momentum of cyberattacks on Indian websites. According to a study by CloudSEK, a hacktivist campaign targeted over 1,000 Indian websites as part of their Independence Day initiative on August 15, under the hashtag OpIndia.

This campaign, orchestrated by hacktivist groups from various countries, deployed tactics such as DDoS (Distributed Denial of Service) attacks, defacement attacks, and user account takeovers. These actions echo the patterns previously outlined in CloudSEK's hacktivist warfare report.

Hacktivism, the practice of cyber-attack carried out to support a social cause, has often become a disguise for state-sponsored cyberattacks. It involves the use of technical skills and cyber tools for digital protests and disruptions to raise awareness and foster social change. This blurs the lines between cyberwarfare and digital dissent, sparking ethical debates about activism in the digital era, according to a report by CloudSEK.

The same report highlights a significant spike in hacktivist attacks during the first quarter of 2023, with India being the primary focus of attacks, followed closely by Israel, Poland, Australia, and Pakistan. In the first quarter, the attacks reached up to 35 per cent of the total in April, followed by a slight decrease in May and similar trends in June.

"Despite their current limitations, these groups could become a significant threat to countries in the near future. The rise in collaboration and easy access to attack tools and data, coupled with potential support from state-sponsored hackers, might amplify their impact," warned Abhinav Pandey, Cyber Threat Researcher at CloudSEK.

The Independence Day hacktivist campaign, driven by political and religious motives, focused on vulnerable websites with weaker security measures and digital infrastructure. This spanned various sectors, including Government, Education, BFSI (Banking, Financial Services, and Insurance), and small businesses. Government and BFSI sectors were particularly hit by DDoS attacks, whereas Education and small businesses suffered bulk defacement attacks and access panel takeovers.

CloudSEK has responsibly informed all the organisations and companies that were targeted by the hacktivists, the company stated.

Although hacktivist groups from Pakistan, Bangladesh, and other countries focused on Indian websites, CloudSEK's research suggests that the claims of DDoS attacks and user account takeovers may have been exaggerated for attention and fame. These claims, often shared on their communication channels, have not been entirely substantiated by CloudSEK researchers. However, the tactics and tools used by the hacktivist groups align closely with the findings presented in CloudSEK's Hacktivism Whitepaper.

In response to the attacks on Indian infrastructure, Indian factions employed similar strategies, targeting websites associated with Bangladesh's air force, military, army, national revenue board, and various Pakistani ministries and government entities. "On popular days like Independence Day, hacktivists resort to such activities to gain fame or spread propaganda. On most occasions, it is also done for scare-mongering and spread of misinformation," the report noted.

During its analysis, CloudSEK uncovered the modus operandi employed by these hacktivist groups. This includes the use of open-source HTTP flooding tools and proxy services to temporarily overwhelm website servers in DDoS-like scenarios; sourcing of compromised credentials from publicly available information stealer malware logs; exploitation of misconfigurations on websites, including default or weak passwords and inadvertent leaking of internal credentials through instances like ".env" or ".git"; and the utilisation of vulnerabilities such as SQL injection to gain database access and control over administrator panels.