BANGALORE, India - In a shocking cybersecurity breach, which is being dubbed the biggest breach to ever affect Indian business organizations - an advertisement was discovered on the DarkNet.
Seqrite Cyber Intelligence Labs along with its partner seQtree InfoServices tracked the advertisement that announced secret access to the servers and a database dump of over 6000 Indian businesses, including ISPs, Government and private organisations.
It identified the affected organisation as India's National Internet Registry: IRINN (Indian Registry for Internet Names and Numbers) which comes under National Internet Exchange of India (NIXI).
Seqrite Intelligence Labs said that it had reached out to Government authorities and Asia Pacific Network Information Centre (APNIC) with a strong recommendation to alert all potentially affected organisations.
It advised that organizations would have to be urged to change passwords and get their servers and systems patched with latest updates.
According to the advertisement, the hacker has priced the information at 15 Bitcoins and is offering network takedown of affected organizations for an unspecified amount.
Researchers have pointed out that the seller claims to have the ability to tamper the IP allocation pool, which could result in a serious outage or Denial of Service (DoS) like condition.
This could impact various CDN and hosting providers as well.
It warned that if the hacker gets an interested buyer, then an attack on the system could disrupt Internet IP allocation and affect Internet services in India.
The report revealed that along with the access, the hacker is also selling credentials, PII and various contractual business documents.
The hackers also claim to have access to a large database of Asia Pacific Network Information Centre (APNIC).
In what was seen as an ongoing trend seen with other recent data breaches, the company said that on noticing the broadcast advertisement, the team realised that the persona was created recently.
They said that they then contacted the actor for further details, posing as an interested buyer, and were finally able to get a sample of the email list.
This sample shared, included the email address of a prominent Indian technology firm and another from the Indian government.
It also included a list of about 6000 emails which was shared and led them to believe that the compromised database was from IRINN.