Scam Links Persist On Indian Government Websites Months After Initial Discovery - 1

Image by Ketut Subiyanto, from Pexels

Scam Links Persist On Indian Government Websites Months After Initial Discovery

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Several Indian government websites continue to host malicious links months after the issue was initially reported, raising concerns about cybersecurity vulnerabilities.

In a Rush? Here are the Quick Facts!

  • Over 90 Indian government website links redirect to betting and scam platforms.
  • CERT-In was alerted but hasn’t confirmed fixing underlying vulnerabilities.
  • Issues likely stem from CMS or server configuration flaws, experts suggest.

TechCrunch recently discovered over 90 compromised “gov.in” website links associated with various government departments, including the Indian Council of Agricultural Research, India Post, and state agencies from Haryana and Maharashtra. These links redirect users to fraudulent betting and investment platforms.

TecCrunch says that the compromised links, indexed by search engines like Google, pose significant risks as unsuspecting internet users may encounter them during routine searches.

EXCLUSIVE: 200+ Government of India websites have been hacked! From Google, they now redirect to vc66 [dot] net, a domain registered on Dec 21, 2024. Its an online money-making scam but links to malware—an attack called SERP hijacking. Search [site:*.gov.in fast cash] to see. pic.twitter.com/9fNjYuOt13 — Deedy (@deedydas) January 6, 2025

In May, TechCrunch had highlighted a similar issue with around four dozen government website links. At that time, India’s Computer Emergency Response Team (CERT-In) was alerted and took steps to address the matter.

The websites in question promote themselves as Asia’s most popular” online betting platform and “the number one online cricket betting app in India,” offering wagers on events like the Indian Premier League.

How these ads ended up on Indian government pages and the duration of the redirects remain unknown. Additionally, TechCrunch says that it remains unclear if the underlying vulnerabilities were resolved, as new compromised links have since surfaced.

Security expert Bob Diachenko explained to TechCrunch that the recurring problem might stem from vulnerabilities in the websites’ content management systems or server configurations.

According to Diachenko, merely removing malicious content without addressing the root cause allows attackers to exploit the same weaknesses repeatedly. TechCrunch reached out to CERT-In for comment, sharing examples of affected links.

Although the agency did not respond, the problematic links began showing “page not found” errors shortly after TechCrunch’s inquiries.

This recurring issue underscores the need for Indian authorities to implement more robust cybersecurity measures. Addressing systemic vulnerabilities will be essential to prevent future incidents and safeguard public trust in official online resources.

UN Aviation Agency Confirms Breach Of Database, 42,000 Records Exposed - 2

Image by Caribb, from Flickr

UN Aviation Agency Confirms Breach Of Database, 42,000 Records Exposed

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

The International Civil Aviation Organization (ICAO) has confirmed a security breach of its recruitment database, following claims by a hacker known as “Natohub.” The hacker allegedly accessed and released 42,000 recruitment application records.

In a Rush? Here are the Quick Facts!

  • Compromised data includes names, emails, birthdates, and employment history, but no passwords.
  • The breach only affected ICAO’s recruitment database, not other systems.
  • ICAO is working to identify and notify affected individuals.

According to ICAO, the compromised data includes job applicants’ personal information spanning from April 2016 to July 2024. The Register reports that the breach was first reported by an individual using the Natohub alias on a popular cybercrime forum over the weekend, which led ICAO to launch an investigation into the incident.

Natohub stated that the data, available for a small fee, contains various personal details, including full names, birthdates, home addresses, phone numbers, email addresses, marital status, gender, education, and employment history.

The Record notes that Natohub, registered just six months ago, previously claimed to access personal data of 14,000 UN delegates last month. However, ICAO assured that no financial details, passwords, passport information, or documents uploaded by applicants were affected.

TechCrunch reported that by Tuesday, the agency acknowledged the validity of the claims. In its official statement, ICAO clarified that the breach was limited to the recruitment database and emphasized that no other systems were impacted. ICAO has begun identifying those affected and is working to notify the individuals whose data was compromised.

This breach comes amid growing concerns over cyber threats targeting the aerospace and defense sectors. A recent campaign known as “ Iranian Dream Job ” has raised alarms, particularly in the context of phishing and malware attacks.

Experts urge organizations in the aerospace, aviation, and defense sectors to remain vigilant. Educating employees on phishing risks, implementing robust security protocols, and staying updated on emerging threats are critical steps to safeguarding against these deceptive cyber-attacks.