Hackers target Indian transport network

by Paul Hutton

Indian government officials are accusing “Chinese state-sponsored actors” of being behind a series of cyber attacks on the country’s transport sector over the past few months.

After leading American consultant Scott Belcher warned that transit operators in the US are failing to take cyber security seriously enough, the Indian problems should ring alarm bells with transport agencies around the world that their product is attractive to hackers.

The Hindu Business Line website in India reports on a top secret note put out by the Computer Emergency Response Team (CERT-In) under the Ministry of Electronics & Information Technology, early this month.

“CERT-In has observed continued targeted intrusion activities from Chinese state-sponsored actors towards Indian transport sector with the possible intention to collect intelligence and conduct cyber espionage. The notable threat actors such as APT41/Barium, Tonto Team, APT101 StonePanda, APT15/K3yChang, APT27/Emissary Panda, Winnti groups & RedEcho have been targeting organisations across a range of industries aligned with the national strategic goals of the Chinese national policy priorities,” says the note accessed by BusinessLine.

The report says IRCTC, Tata Motors, National Highways Authority of India, RITES, Dedicated Freight Corridor Corporation of India, Centre for Railway Information Systems (CRIS) and Roads & Building Dept, Andhra Pradesh are the entities that were subjected to cyber attacks during the period between May last year and as late as February this year.

“The Chinese actors have reportedly used either spear phishing, Drive via Download or exploiting known vulnerabilities present in public facing applications as an initial entry mode to compromise the enterprise network,” says the note dated March 10 sent to the Ministry of Road Transport & Highways (MoRTH) with copies to the Intelligence Bureau, Research & Analysis Wing and the National Security Council Secretariat. “The Ministry has advised departments and organisations under transport sector to strengthen the security posture of their infrastructure. Accordingly, NIC, NHAI, NHIDCL, IRC, IAHE, State PWDs, testing agencies and automobile manufacturers have been requested to conduct the security audit of the entire IT system by CERT-In certified agencies on a regular basis and take all actions as per their recommendations,” the Ministry said in a reply to BusinessLine.

The report adds that recent attacks on India’s various power assets were also linked to Chinese hackers.

(Picture – Yay Images)

Hackers target Indian transport network

Related Stories

China “gravely concerned” by US probe into its connected vehicles

US government investigates Chinese cars for security risks

RingGo owner hit by data hack

Driverless vehicles in the here-and-now with Scott Belcher on Highways Voices

Popular this month

It’s Good To Talk: Westcotec look forward to Intertraffic 2024

Lower Thames Crossing: planning decision moves closer

Local authorities have cut 90% of bus services in England since 2020, new research shows

SYSTRA signals significant growth with Leeds office move

New team in place for highways delivery in Staffordshire

Tyne Bridge: Restoration project set to get underway

Glenrothes Bridge improvements planned

Highways News Alerts

subscribe now

HIGHWAYS... DAILY