According to CloudSEK, its contextual AI digital risk platform XVigil late on Wednesday (March 15) discovered the claims of the pro-Russian hacker group, called Phoenix, of having targeted the Indian government website.
Why did Russian hacker group target HMIS
Phoenix mentioned that the attack is “a consequence of India’s agreement over the Oil Price cap and sanctions of G20 over the Russia-Ukraine war.”
“The motive behind this target was the sanctions imposed against the Russian Federation where Indian authorities decided not to violate the sanctions as well as comply with the price ceiling for Russian oil approved by G7 countries,” CloudSEK said.
Recently, India said that it would not breach the sanctions imposed by the West on Russia. These sanctions include a price cap of $60 imposed on oil from Moscow.
“This decision resulted in multiple polls on the telegram channel of the Russian Hacktivist Phoenix asking the followers for their votes,” it added.
End-customers at risk
According to security researchers from CloudSEK, the Russian threat actor may sell exfiltrated licence documents and personal identifiable information (PII) on cybercrime forums. These documents can further be used to conduct fraud.
CloudSEK classified Phoenix with a C3 rating as a threat actor, where C refers to ‘Fairly reliable’ and 3 denotes being ‘Possibly true’, a report by The Economic Times said.
The group has been active since January 2022, and it was observed using social engineering techniques to lure the victims in phishing scams. The group stole the passwords and gained access to its victims’ bank or e-payment accounts.
“The group has conducted a series of DDoS attacks against multiple entities in the past,” the report noted, adding that Phoenix has also engaged in hardware hacking, unlocking lost or stolen iPhones and reselling them in Kiev and Kharkiv.
The Russian Hactivist group has previously attacked hospitals based in Japan and the UK as well as a US-based healthcare organisation serving the US military.