The Russian-speaking threat group, Phoenix, has been seen plotting to attack the Indian government, with their latest target being the Indian Railways. This discovery was found in the threat group’s Telegram channel, where they discussed leaking tens of millions of Indian citizens’ and railways’ data collected from the country’s Ministry of Health.
Indian Railways is a statutory body managed by the Ministry of Railways in the Indian government, which operates the country’s national railway system. With an estimated $2.3 billion net income from 2021 to 2022, the organisation would be an attractive target for hackers to attack and extort money.
The Phoenix threat group shared no proof of the claimed cyberattack.
Despite the gang’s claims of hacking into the Indian Railways and stealing data, no evidence was shared to back these threats. From our iZOOlogic team’s research, the group only threatened the Indian organisation but did not reveal proof that they were holding critical data from the alleged victim.
Moreover, the Indian Railways have not commented on the issue, deeming the threat group’s claims unverified.
In December last year, the Indian Railways also allegedly suffered a cyberattack from a threat actor named ‘shadowhacker’ who claimed to have stolen about 34 million user records. These data included usernames, email addresses, mobile numbers, gender, city name and ID, state ID, and more.
This issue, however, has not been confirmed by the organisation, and no data from the incident was leaked.
Phoenix is a ransomware threat group believed to be Russians based on the language they use on their malicious sites and Telegram channels. Active since 2022, the threat group has been heavily launching phishing campaigns against their victims to steal credentials, such as passwords and bank accounts, once successfully hacked into the victims’ systems.
Aside from India, Phoenix also targets organisations from other countries, including the UK, the US, and Japan.