MHA issues a cyber alert for the G20 Summit and communicates threat and target information with other ministries.

Sudha Rani January 1, 2023Last Updated: January 1, 2023

0 2 2 minutes read

The suspected "cyber enemies" operate on behalf of North Korea, the People's Republic of China, and Russia, "specifically targeting G20-related materials through cyber espionage efforts since 2013," according to a source familiar with the situation.

In an effort to prevent any cyber network exploitation related to the G20 Summit, which India will host in 2023, the Union Ministry of Home Affairs (MHA) has provided all ministries and departments with a list of “potential (cyber) attackers” and “reported historically targeted G20 Summits,” it has been learned.

The Indian Computer Emergency Response Team (CERT-In), the country’s premier cybersecurity agency, has determined that spear phishing will be the “primary vector” used to target individuals and organisations associated with the G20 Summit via email contexts, Covid-19 pandemic funds, and digital transformation, according to the ministry.

According to the definition, spear phishing is an attempt to mislead a specific individual or group into divulging confidential information over the Internet or via email, typically by sending emails that appear to be from a known sender.

A few days ago, the MHA’s Cyber & Information Security (C&IS) section reportedly issued the directives. It requests that all ministries and departments search for distributed denial of service (DDOS) attacks on G20 websites by mercenary or hacktivist organisations and actively monitor all G20-related social media accounts. “The C&IS division has advised us that CERT-In has been aggressively following specific threats to the G20 summits in both Bali (which will hold the 2022 summit) and Delhi,” a source explained.

The suspected “cyber enemies” operate on behalf of North Korea, the People’s Republic of China, and Russia, “specifically targeting G20-related materials through cyber espionage efforts since 2013,” according to a source familiar with the situation.

C&IS is responsible for cybersecurity, cybercrime, the national information security policy and guidelines (NISPG) and its execution, and the national intelligence grid.

“According to CERT-assessment, In’s espionage actors from many nations will be interested in targeting government and conference-related entities in the host country, as well as attendees and individuals interested in the G20 Summit,” a second insider added.

A ransomware attack occurred on the e-hospital servers of AIIMS, Delhi, last month, and the investigation revealed that the IP addresses of two emails, identified from the headers of files encrypted by the hackers, originated in Hong Kong and Henan province, China.

CERT-In has determined that spear phishing will be the major vector utilised to target persons and organisations affiliated with or attending the G20 Summits.

According to a second source, these attacks are likely to take the form of emails pertaining to G20 Summit topics, including global health architecture, Covid funds, digital transformation, sustainable energy transition, environmental, social, and governance frameworks, and state-sponsored adversaries. According to the source, these targeted emails trick recipients into opening malicious files designed to corrupt machines.