Shortly after the Ministry of Health dismissed reports of a data breach on the CoWIN platform, cybersecurity firm CloudSEK has claimed that “threat actors cannot access the entire portal or backend database.”
The company said it ran an analysis and assumed the information was scraped by these compromised credentials.
“Based on matching fields of Telegram data and previously reported incidents related to healthcare workers in a region, we assume the information was scraped by these compromised credentials. The claims must be verified individually,” CloudSEK said in a report.
Read also
Connection to Russian hackers
CloudSEK also spoke about the Russian hackers who claimed earlier this year that they had compromised the Indian Ministry of Health website and access to the Tamil Nadu region’s CoWIN portal.
At the time, the hacker group, dubbed Phoenix, said the attack was “a consequence of India’s agreement on the oil price cap and G20 sanctions over the Russia-Ukraine war”.
“The motive behind this target was the sanctions imposed on the Russian Federation, where the Indian authorities decided not to violate the sanctions and to comply with the Russian oil price cap approved by the G7 countries,” said CloudSEK.
The cybersecurity company noted that its analysis found that the breach was that of a healthcare worker and not really the infrastructure. The content shown in the screenshot corresponds to the Telegram bot mentioned in the media, namely: the individual’s name, mobile number, ID, identification number, and the number of doses completed.
Read also
“In addition, numerous healthcare professional credentials are accessible on the dark web for the CoWIN portal. However, this issue primarily stems from the inadequate endpoint security controls implemented for healthcare professionals, rather than inherent weaknesses in CoWIN’s infrastructure security” , the report said. .
Government says user data is safe
The Union Ministry of Health also claimed that the CoWIN portal was completely secure with adequate data privacy safeguards. It also dismissed claims of a data breach on the platform as “naughty”.
FacebookTwitterLinkedIn
end of article
