Indian authorities are currently engaged in a thorough investigation into a potential data breach that has implicated sensitive datasets from the Prime Minister’s Office (PMO) and the Employees’ Provident Fund Organisation (EPFO). The Indian Computer Emergency Response Team (Cert-In) has been assigned to scrutinize the alleged breach. Despite ongoing investigations, the situation escalated when documents purportedly leaked from Chinese cyber agencies surfaced on GitHub earlier in the week, containing data from EPFO, the Indian PMO, and various public and private entities.
The leaked documents suggest a spyware initiative attributed to a Chinese information security company, I-Soon. The cyber operation’s purported targets include social media platforms, telecommunications firms, and global organizations, raising suspicions of Chinese government involvement. Cybersecurity experts are actively investigating the authenticity of these claims, emphasizing the need for concrete proof. Taiwanese threat intelligence researcher Azaka Sekai highlights the leaked documents revealing China’s offensive cyber operations, showcasing the utilization of I-Soon’s spyware capable of targeting both Android and iOS devices.
Notably, the leaked information identifies victims ranging from academic institutions like the Paris Institute of Political Studies (Sciences Po) to medical facilities like Apollo Hospitals in India, along with various government entities from China’s neighboring countries. This incident occurs amidst a surge in cyberattacks targeting organizations in India, with state-sponsored cyberattacks witnessing a significant increase. A cybersecurity report by Cyfirma underscores India as the most targeted country globally, emphasizing the escalating threat landscape in the region.
