During a routine dark web monitoring by our experts in iZOOlogic, it has come to our attention that the web portal of an Indian state, Telangana, has been allegedly hacked by a threat actor and stolen sensitive data, likely containing personally identifiable information (PII) of citizens and important entities of the state.
Based on our investigation, the hacker, who goes by the username “EvilHacker” was able to infiltrate Telangana’s web portal and had admin access to the government website’s domain. The hacker posted the notice in a cybercriminal forum and mentioned that they were selling the stolen data to interested buyers.
“EvilHacker” shared some data samples on their post to verify the hack against Telangana’s web portal.
The hacker shared a sample file with undisclosed file size and total information, aiming to prove that their hack on Telangana’s web portal was authentic. The CSV sample has allegedly carried victims’ PIIs, including their full names, residential addresses, and contact details.
However, our dark web researchers could not scan and analyse this shared CSV data sample as the hacker had immediately deleted the published post only an hour later. EvilHacker had not also stated the reason why the post was deleted.
Thus, we assume that the hackers have changed their minds about selling the stolen data or that they have planned another scheme to exploit the data they are holding. Nevertheless, there is no solid proof that these alleged compromised data are authentic. Our team will continue to probe this incident to provide more details if they become available.
According to our previous investigations, EvilHacker is a cybercriminal entity known for its previous stealer logs racket and selling compromised login IDs on underground forums. Yet, this background is not enough to prove the authenticity of their claims of stealing data against the Indian state’s web portal.
The domain admins of the Telangana web portal have yet to release a statement about this issue.
Even though the hack has yet to be proven, Telangana citizens, alongside any individual or entity that has their information stored on the web portal, must be alert against potential cyberattack threats.
