The hacker had published an ad on DarkNet, announcing the breach, which has affected government and private companies.
According to Seqrite Cyber Intelligence Labs, around 6,000 Indian government and private organisations have been affected by a cyber security breach. Seqrite Cyber Intelligence Labs, and its partner seQtree InfoServices, tracked an advertisement on DarkNet announcing secret access to the servers and databases of the Indian organisations. India's National Internet Registry, IRINN (Indian Registry for Internet Names and Numbers), which comes under the National Internet Exchange of India (NIXI), has also been affected.
Seqrite Intelligence Labs has asked the government and Asia Pacific Network Information Centre (APNIC) to alert all potentially-affected organisations, asking them to change passwords and update their servers and systems with the latest updates. The hacker has demanded 15 bitcoins for the information and has threatened to take down the network of the affected organisations.
The hacker also claims to have the ability to tamper the IP allocation pool, which could result in a serious outage or Denial of Service (DoS)-like condition, which could impact various CDN and hosting providers as well. If the hacker gets an interested buyer, an attack on the system could disrupt Internet IP allocation and affect Internet services in India. The hacker is also selling credentials, PII and various contractual business documents and claims to have access to a large database of the Asia Pacific Network Information Centre (APNIC).
Seqrite Cyber Intelligence Labs said that on noticing the DarkNet advertisement, the team realised that the persona was created recently, a trend seen in other recent data breaches. Seqrite contacted the hacker for further details, posing as an interested buyer, and was finally able to get a sample of the email list. The sample included the email addresses of a prominent Indian technology firm and a government agency. A list of about 6,000 emails was finally shared by the hacker, which led Seqrite to believe that the compromised database belonged to IRINN. Seqrite said that if the database was sold, an attack could disrupt Internet IP allocation, affecting Internet services in India.