Threat actors do not have access to CoWIN database: Cybersecurity firm

Soon after the union health ministry dismissed reports of a data breach on the CoWIN platform, cyber security firm CloudSEK has claimed that “threat actors do not have access to the entire portal nor the backend database.”

The firm said it conducted an analysis and it assumes that the information was scraped through these compromised credentials.

“Based on matching fields from Telegram data and previously reported incidents affecting health workers of a region, we assume the information was scraped through these compromised credentials. The claims need to be verified individually,” CloudSEK said in a report.

Read Also

How ransomware attacks may be the biggest threat globally

Connection with Russian hackers
CloudSEK also talked about the Russian hackers who, earlier this year, claimed that they have compromised India’s health ministry website and compromised access on the CoWIN portal of the Tamil Nadu region.

At that time, the hacker group, called Phoenix, mentioned that the attack was “a consequence of India’s agreement over the Oil Price cap and sanctions of G20 over the Russia-Ukraine war.”

“The motive behind this target was the sanctions imposed against the Russian Federation where Indian authorities decided not to violate the sanctions as well as comply with the price ceiling for Russian oil approved by G7 countries,” CloudSEK said.

The cybersecurity firm noted that in its analysis, it was discovered the breach was that of a health worker and not really of the infrastructure. The content displayed on the screenshot matches with the Telegram bot mentioned in the media, which is: the name of the individual, mobile number, identity proof, identification number, and the number of doses completed.

Read Also

Hackers selling new malware on Telegram that targets macOS users

“Furthermore, there are numerous healthcare worker credentials accessible on the dark web for the CoWIN portal. However, this issue primarily stems from the inadequate endpoint security measures implemented for healthcare workers, rather than any inherent weaknesses in CoWIN’s infrastructure security,” the report added.

Government says user data safe
The Union health ministry also asserted that the CoWIN portal was completely safe with adequate safeguards for data privacy. It also dismissed as “mischievous” the claims of a data breach on the platform.


end of article

#Threat #actors #access #CoWIN #database #Cybersecurity #firm

Categorized in: