Report: Suspected Chinese hack targets Indian media, gov't

BANGKOK (AP) — A U.S.-based private cybersecurity company said Wednesday it has uncovered evidence that an Indian media conglomerate, a police department and the agency responsible for the country's national identification database have been hacked, likely by a state-sponsored Chinese group.

The Insikt Group, the threat research division of Massachusetts-based Recorded Future, said the hacking group, given the temporary name TAG-28, made use of Winnti malware, which it said is exclusively shared among several Chinese state-sponsored activity groups.

Chinese authorities have consistently denied any form of state-sponsored hacking and said China itself is a major target of cyberattacks.

The allegation has the possibility of increasing friction between the two regional giants, whose relations have already been seriously strained by a border dispute that has led to clashes this year and last year.

In its report, the Insikt Group suggested the cyberattack could be related to those border tensions.

“As of early August 2021, Recorded Future data shows a 261% increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian organizations and companies already in 2021 compared to 2020,” the organization said in a report.

The Insikt Group said it detected four IP addresses assigned to the Bennett Coleman And Co. Ltd. media company in “sustained and substantial network communications” with two Winnti servers between February and August.

It said is observed approximately 500 megabytes of data being extracted from the network of the privately owned Mumbai company, whose publications include The Times of India.

Insikt said it could not identify the content of that data, but noted that the company frequently publishes reports on China-India tensions, and...