As India prepares for the forthcoming G20 Summit 2023 in the nation’s capital, Delhi, this September, cybersecurity concerns are rising as hackers appear to set their sights on the high-profile event.
In a recent development, several Indonesian hacktivists have announced their plans to target Indian organizations ahead of the G20 summit 2023 on their Telegram channel.
The hacker group Ganonsec and Jambi Cyber Team have threatened to launch cyber attacks as part of the OpIndia campaign. They have claimed to target India’s digital infrastructure starting September 9, 2023.
The G20 Summit 2023 will be held for two days on September 9 and 10. Scheduled to be hosted by India’s Prime Minister Narendra Modi, the summit carries the theme of ‘Recovering Together, Growing Together’ and is set to gather leaders from the world’s top 20 economies alongside representatives from international organizations.
The announcement of potential G20 cyber attacks has triggered apprehension and raised concerns.
G20 Cyber Attacks: Hackers Target G20 Summit
Cyber Threat Intelligence platform Falcon Feeds tweeted about the threat to national security posed by Indonesian hackers. The hacktivists announced that they will be targeting India’s digital infrastructure ahead of the G20 forum.
Addressing the same Falcon Feeds tweeted, “The Indonesian hacktivist groups Ganonsec and Jambi Cyber Team are reportedly planning to target India’s digital infrastructure in the lead-up to the G20 Summit scheduled on September 9th and 10th.”
It remains unclear which organizations will be the targets and the motivations behind these G20 cyber attacks.
A Telegram message in Indonesian language stated that the cyberattacks on Indian websites were in response to challenges perceived by Indonesian hackers.
It read, “Sampa waktu tidak ditentukan,” which translates to until time is not specified suggesting that the time range for the cyber attacks on India’s digital infrastructure has not been fixed by the hacktivists.
G20 Cyber Attacks: Ganonsec and Jambi Cyber Team Hit India
Upon investigating, The Cyber Express found several Indian websites reflecting defacement attacks by various hacktivist groups including Ganonsec and Jambi Cyber Team. Many of these hits may have connections to the G20 cyber attacks.
The website https://www.stalogisticsindia.com/ reflected a warning that it was targeted with phishing attempts.
Another Indian website (https://www.trishnagroupnew.com/) was defaced citing humiliation of Islamic prophets and the country as the reason.
Websites including https://enginecari.com/ and http://www.woodbourne.in/admin/ reflected messages posted by Indonesian hackers. Several hackers collaborated launching cyber attacks on Indian websites.
They were –
- Ketapang Grey Hat Team
- Hacktivist Indonesia
- Jambi Blackhat
- Warrior Garuda Crime
- Karawang Cyber Team
Hacktivist Collective Collaborating for G20 Cyber Attacks
Lately, there have been instances of hackers collaborating, with these groups jointly orchestrating a range of cyberattacks, including defacement and Distributed Denial of Service (DDoS) attacks against organizations.
Web defacement attacks involves hackers breaching the security of a website to replace the home page with its own page. They do so by finding vulnerabilities in the system. Common vulnerabilities include security misconfiguration among others.
The defaced website may remain accessible barring the webpage that was targeted by hackers. Defacement attacks are often aimed at shaming a particular target with a message about their mission.
Often it is in the hands of hacktivists who fight for Islam and people who are said to be differentiated from other communities by a nation. In the above incidents, Indonesian hackers sought just treatment of the Muslim people.
Five Families is a hacktivist collective announced by a group of five team leaders from their respective groups. The Five Families were formed by the members of ThreatSec, GhostSec, Stormous, Blackforums, and SiegedSec.
To mitigate defacement attacks, it is suggested that websites be taken offline to immediately withdraw connectivity and allow the website to be inaccessible to users until the issue is resolved. Website developers and IT teams must employ automated monitoring tools for malware.
Limiting access to the website, and creating a backup are also essential to not lose website data after facing a defacement attack.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.