Chinese state-affiliated hackers have been looking through the files at the Unique Identification Authority of India (UIDAI), the Madhya Pradesh Police department, and media conglomerate Bennett and Coleman and Co Ltd (BCCL), according to a report by enterprise security firm Recorded Future. 

The bulk of personally identifiable data stored with UIDAI, which issues the unique digital ID Aadhaar, makes it a luring target for espionage. But the attack on BCCL, also known as The Times Group,  could have been spurred by a desire to gain access to journalistic sources as well as pre-publication content. 

The media group was hit with malware between February and August 2021, and majority of the data was stolen out of the firm’s servers when The Economic Times (a Times Group subsidiary) ran reports of “freedom patrol,” an exercise conducted by the US Navy in the Indian Ocean. 

In the report, Recorded Future noted: 

While the timing of the initial intrusion and exfiltration activity coinciding with naval-related articles is circumstantial evidence of possible intent, it remains plausible that that TAG-28’s [the hacker group] objectives may have included targeting the media group to gain insight into Indian ocean naval matters or perceived anti-China reporting.

Both UIDAI and the Times Group have disputed the report’s claims. While the media group told Bloomberg that the “alleged exfiltration” of data was blocked by its defence systems, UIDAI said it had no knowledge of the breach and has a “robust security system in place.”

While state-sponsored attackers usually tend to go after critical infrastructure or attempt to gain access to corporate and government secrets via cyber attacks, this isn’t the first time Chinese hackers have attacked a media organisation. A 2013 attack on The New York Times coincided with the paper’s publishing of an investigation that found that the relatives of Wen Jiabao, China’s prime minister at the time, had accumulated fortunes worth several billion dollars. 

The attacks are also more widely symptomatic of fraying relationships between India and China, which reached a fever pitch during border tensions along the Himalayas that kicked off in May 2020. 

“Data shows a 261% increase in the number of suspected state-sponsored Chinese cyber operations targeting Indian organisations and companies,” this year compared to 2020, the report said. 

“Gaining access and insight into Indian government departments and organizations will … likely remain of paramount interest to Chinese state sponsored actors for the foreseeable future,” it added. 

Given that both UIDAI and The Times Group have dismissed the claims made in the report,  it’s unlikely that the government will initiate a public investigation into the matter. 

And as The Ken has reported in the past, India’s response to a cyber breach often starts with a denial. Consequently, it gets lost in a hodgepodge of bureaucracy, weak infrastructure, and an absence of strategy. 

With an adversarial neighbour that is increasingly keen to leverage its cyber-might for espionage and intimidation, a good starting point might just be to codify how private and public sector enterprises notify and coordinate with state agencies on such breaches instead of being caught frozen like a deer in the headlights.