Multiple compromise of NHAIs internal IT system; suspicious logins made from IP addresses in Taiwan & Hong Kong

NEW DELHI: The government's nodal cyber security agency, CERT-In, investigating the cyber attack on NHAI has found that the internal network of NHAI office was compromised by unknown attackers on more than one occasion in June last week.
It has also found that there were suspicious logins using an unauthorised username made from IP addresses in Taiwan and Hong Kong.
The CERT-In has flagged the significant cyber security gaps in the NHAI system and recommended the authority and the major IT service provider to take immediate measures to address the gaps and enhance security. NHAI officials claimed they have taken corrective measures.
The agency has said the analysis could not progress to determine the total extent of compromise as network firewall logs were not being maintained and there were no other perimeter security or security devices and event management system in place.
The cyber attack had infected multiple servers and PCs by Maze ransomware, which had resulted in complete shutdown of the systems for nearly 48 hours. The attackers had also compromised Windows Active Directory Server of NHAI network and subsequently compromised internal systems, mail server and anti-virus server.
Sources said according to CERT-In, the cyber attackers had exfiltrated data and leaked sample data of two systems of NHAI in public domain. The released data included tax information, audit reports, passport copies, identity cards, assessment reports and other personally identifiable information and financial records of NHAI users.
During analysis, suspiciouRead More – Source