The notorious Knight ransomware group has openly claimed responsibility for a recent cyberattack on India’s National Health Mission, a critical healthcare initiative launched by the government.
Furthermore, this revelation was made through a dark web channel commonly used by threat actors, along with screenshots of their claims regarding the cyberattack. The National Health Mission plays a vital role under the Department of Health & Family Welfare of the Government of Uttar Pradesh, making the breach’s consequences significant. Despite these claims, the ministry has not provided an official response as of now, leaving the situation unverified.
Additionally, this cyberattack on the National Health Mission is part of a series of intrusions on Indian government systems by different threat actors, including recent data breaches in the CoWIN vaccine portal. The breach exposed sensitive information like names, Aadhaar national IDs, mobile numbers, voter IDs, passports, and COVID-19 vaccination records, making it one of the largest data exposures in India. The Knight ransomware group, also known as Cyclops, has emerged as a major threat with a highly versatile ransomware capable of infiltrating various platforms.
Operating as a Ransomware-as-a-Service (RaaS) under easy22go, this malware is coded in Golang and supports data encryption and exfiltration, revolutionizing ransomware attacks.
The Knight group, rooted in Russia and Europe, is actively recruiting individuals skilled in propagation techniques such as phishing and social engineering. They offer tailored versions for different targets and phishing activities, along with a comprehensive version for builders and stealers. Additionally, the Knight gang claims affiliations with other ransomware groups, including Lockbit and Babuk. This cyberattack underscores the persistent vulnerabilities faced by the Indian government’s digital infrastructure and healthcare systems in the face of evolving cyber threats.
References:
