An account linked to the Malaysian hacktivist group DragonForce Malaysia put out a statement announcing a cyber-offensive against the Indian government, in response to the comments made by BJP leaders against the Prophet Muhammad.
The tweet, posted on 10 June, mentioned that DragonForce would conduct a “special operation” to avenge this insult. Since then, DragonForce has posted links to websites that they have allegedly targeted.
The tweet included a screenshot with a message which said, "Your apology means nothing to us. So, action must be taken!"
Targets Include 70 Websites
DragonForce claims to have hacked 70 government and private websites as part of its OpsPatuk campaign. These include the Thane Police website, the website of India's embassy in Israel, and Nagpur’s Institute of Science’s website.
The Maharashtra Cyber Cell has started an enquiry into the matter.
"We have restored several websites, and many more are yet to be done. More than 70 websites have been attacked, of which three are government websites, followed by private university websites," Maharashtra Cyber Cell Additional Director General (ADG) Madhukar Pandey told news agency ANI.
DragonForce said it has hacked two websites of Delhi University Colleges and has planted "backdoors" in other Delhi University websites.
Their Twitter account also shared a leaked database that they claim consists of personal email addresses and passwords of government officials. They also state that they've hacked into Indian corporate VPN networks.
An Indonesian hacktivist group, called the Hacktivists of Garuda, seems to be working with DragonForce.
DragonForce Targeted Israel Last Year
DragonForce previously masterminded a large data breach of Israeli students’ information during the violence at the Gaza Strip in 2021. The group also claimed to have attacked around 70 Israeli websites in their stand against Israel.
In between their data leaks and confirmations of the websites that they've hacked, DragonForce posts messages denouncing the Indian government on Twitter, as well as videos and posts of police brutality against Muslims.
Darshit Ashara, principal threat researcher at Singapore-based cyber security firm CloudSEK, told Mint that this was not a threat to be taken lightly by Indian authorities.
He also mentioned that official departments should concentrate on securing, “malware logs, misconfigured applications, default passwords, unpatched or outdated servers and other assets, and previously leaked databases being sold on the dark web."
(With inputs from Mint and ANI)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)