Cyber Review - September 2023
Anurag Sharma, Associate Fellow, VIF

National

DPI, Cyber Security & Skilling gain wide acceptance at Digital Economy Ministerial Meeting

As part of Bharat’s G20 presidency, the Ministry of Electronics and Information Technology (MeitY) organised several rounds of the Digital Economy Ministerial Meeting (DEMM) where awareness has been enhanced on three main agendas— i) Digital Public Infrastructure (DPI), Cyber Security in the digital economy, and iii) digital skills.

Especially for the DPI, it is safe to say that for the first time, there was a global consensus on what ought to be the definition, the framework and the principles of DPI. From the Bharatiya (Indian) context, our Prime Minister launched this intensive digitalisation process in 2015 with the launch of “Digital India”. And since then, Bharat (India) has seen several DPIs created,” said Minister of State of MeitY— Rajeev Chandrasekhar.[1]

Bharatiya cyber experts foiled attempts to hack various government portals during the G20 Summit

On 10 September 2023, Bharatiya cyber security experts successfully managed to thwart multiple cyber-attacks in which Pakistan-based cyber hacker groups tried targeting several governments and private web portals during the G20 Summit. The cyber-attacks were Distributed Denial-of-Service (DDoS) attacks and claimed by a group named “Team Insane.pk”. “A DDoS attack is an attempt to disrupt normal Internet traffic of a targeted server by overwhelming the target server or its surrounding infrastructure with a barrage of Internet traffic,” said a cyber expert.

Earlier on 07 September, Herox, a hacker group, sought support through the Telegram application to target Bharat-based websites during the G20 Summit. Bharat’s CERT-In and the DRDO’s Cyber Wing worked together to thwart cyber-attack attempts during the Summit.[2]

The Government of Bharat proposes establishing a separate body for vast data management

According to a draft “Digital India” Bill, the Government of Bharat proposes setting up the National Data Management Office (NDMO), a dedicated institution to manage the data it generates and set up rules and regulations for non-personal and anonymised personal data. The new entity will be under the Ministry of Electronics and Information Technology (MeitY) and will assist in setting up data governance rules in Bharat. It will comprise separate data management units for the Central government departments and ministries that process non-personal and anonymised data.

The Government of Bharat passed the Digital Personal Data Protection (DPDP) Act in August 2023 to govern the access and processing of digital personal data in the nation, while the proposed body (NDMO) will focus on data management and set guidelines for non-personal and anonymised personal data. The “Digital India” Bill is anticipated to be introduced in the parliament during the winter session 2023. The 22-year-old Information Technology (IT) Act 2000 would be replaced by the Bill, which will become law if it is approved by the President of India and the parliament.[3]

Bharat’s CEA and CERC included cyber security guidelines in the power sector

The Central Electricity Authority (CEA) and Central Electricity Regulatory Commission (CERC) of Bharat mandate guidelines on cyber security, including cyber security audits by all users, in the most recent version of the "Grid Code". A set of guidelines and requirements for maintaining the high-voltage backbone network of interconnected transmission lines, substations, and generating facilities in Bharat will be provided by including cyber security in the Grid Code. The measure will stop cyber-attacks in the power sector. The government released the Central Electricity Authority (Cyber Security in Power Sector) Guidelines 2021, which include 14 articles for addressing cyber security threats in the power sector earlier in 2021.[4]

International

China-backed hackers targeted West Asian telecom and Asian governments

According to a report published by The Record, China-backed hacker groups— Budworm, aka Emissary Panda, and APT27 targeted a West Asian telecom organisation and an Asian government portal in a recent cyber-espionage incident. In 2022, the same group attacked a United States Legislature using a Log4j vulnerability. As reported by Symantec researchers, Budworm used a custom backdoor called “SysUpdate” to spy on the unnamed telecom company and Asian government institution.

According to Symantec, Budworm has been active since 2013 and has primarily targeted espionage operations. With a concentration on government, technology, and defence businesses, the group is known for attacking high-value entities in Southeast Asia, West Asia, and the United States (US).[5]

Hackers stole USD 200M from a Hong Kong-based Crypto company

On 24 September 2023, a Hong Kong-based crypto company— Mixin, announced that it was breached and hackers stole around USD 200 million. “In the early morning of 23 September 2023 Hong Kong time, the database of Mixin Network’s cloud service provider was attacked by hackers, resulting in the loss of some assets. Deposit and withdrawal services on Mixin Network have been temporarily suspended. After discussion and consensus among all nodes, these services will be reopened once the vulnerabilities are confirmed and fixed,” read the tweet from the company’s handle on X (formerly Twitter). The company— Mixin contacted Google and crypto security firm— Slow Mist to assist in the investigation.[6]

CIA developed its own ChatGPT-styled AI tool to rival Chinese intelligence

The United States (US) Central Intelligence Agency (CIA) is ready to launch its own ChatGPT-style AI (Artificial Intelligence) tool to assist analysts in better accessing open-source intelligence (OSINT). Developed by the CIA’s Open Source Enterprise division, the tool will be rolled out across 18 US intelligence agencies to rival China’s growing intelligence capabilities. “Analysing the level of data across the web is a significant challenge that the AI programme would help handle. We have to find the needles in the needle field,” said Randy Nixon, Director of CIA’s AI division.

The addition of AI to the US military and intelligence fraternity comes during mounting pressure to compete with China’s advancing potency on the world stage. According to Bloomberg, China is feared to be stretching well ahead in the race to command AI and is seeking to become the global AI leader by 2030.[7]

Endnotes

[1]Singal, Nidhi. “India’s DPI, cyber security and skiing gain wide acceptance at Digital Economy Ministerial Meeting”, Business Today, 05 September 2023, available from: https://www.businesstoday.in/technology/news/story/indias-dpi-cyber-security-and-skilling-gain-wide-acceptance-at-digital-economy-ministerial-meeting-396958-2023-09-05
[2]“Cyber sleuths thwart bids to hack portals during G20 summit”, The Times of India, 10 September 2023, available from: https://timesofindia.indiatimes.com/city/delhi/cyber-sleuths-thwart-bids-to-hack-portals/articleshow/103544044.cms
[3]Singh, Jagmeet. “Indian gov’t to propose setting up a separate body for vast data management, draft bill shows”, Tech Crunch, 28 September 2023, available from: https://techcrunch.com/2023/09/28/india-national-data-management-office/
[4]Goswami, Sweta. “India’s guidelines on cyber security in the power sector”, Money Control, 27 September 2023, available from: https://www.moneycontrol.com/news/business/mc-explains-indias-guidelines-on-cyber-security-in-the-power-sector-11434801.html
[5]Antoniuk, Daryna. “Suspected China-based hackers target Middle Eastern telecom, Asian government”, the Record, 28 September 2023, available from: https://therecord.media/suspected-chinese-hackers-target-telecom-asia-government ; Threat Hunter Team. “Budworm: APT Group uses updated custom tool in attacks on government and telecom org”, Symantec, 28 September 2023, available from:
[6]Mixin Kernel (@MixinKernel), Tweet, 25 September 2023, 08:20 AM, available from: https://twitter.com/MixinKernel/status/1706139175018529139
[7]Martin, Peter and Katrina Manson. “CIA builds its own Artificial Intelligence tool in rivalry with China”, Bloomberg, 26 September 2023, available from: https://www.bloomberg.com/news/articles/2023-09-26/cia-builds-its-own-artificial-intelligence-tool-in-rivalry-with-china

Contact Us