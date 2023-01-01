In an effort to prevent any cyber network exploitation related with the G20 Summit, which India will host in 2023, the Union Ministry of Home Affairs (MHA) has shared a list of “potential (cyber) attackers” and “reported historically targeted G20 Summits” with all ministries and departments, it is learnt.

The ministry is also learnt to have informed the ministries that the Indian Computer Emergency Response Team (CERT-In), the country’s premier cybersecurity agency, has found that spear phishing will be the “primary vector” used to target individuals and organisations associated with the G20 Summit with email contexts, Covid-19 pandemic funds, and digital transformation.

Spear phishing is an attempt to trick a particular person or group into giving private information over the internet or by email, especially by sending emails that seem to be from someone they know, according to the dictionary.

Sources said the directions were issued by MHA’s Cyber & Information Security (C&IS) division a few days ago. It asks all ministries/departments to look for attempted distributed denial of services (DDOS) activities on G20 websites by mercenary or hacktivist groups, and to closely monitor all G20-related social media handles. “The C&IS division has informed that CERT-In has been actively tracking specific threats to G20 Summits both in Bali (hosts of the 2022 edition of the summit) and the forthcoming Summit activities in Delhi,” a source said.

The suspected “cyber adversaries” are operating on behalf of North Korea, PRC and Russia, “directly targeting G20-related materials through cyber espionage campaigns since 2013”, this source, with knowledge of the development, said.

The C&IS division of MHA deals with matters relating to cybersecurity, cybercrime, national information security policy and guidelines (NISPG) and its implementation, and the national intelligence grid.

“CERT-In has informed that, according to their assessment, espionage actors from various countries will have an interest in targeting government- and conference-related entities in the host country, attenders and individuals interested in the G20 Summit,” another source said.

Last month, ransomware attack took place on e-hospital servers of AIIMS, Delhi, and the probe has found that IP addresses of two emails, identified from headers of files encrypted by the hackers, originated from Hong Kong and Henan province in China.

During their assessment, CERT-In has also assessed that spear phishing will be the primary vector used to target individuals and organisations associated with or attending G20 Summits.

These attacks, another source said, are likely to come in the form of emails related to G20 Summit issues — such as global health architecture, Covid funds, digital transformation, sustainable energy transition, environmental, social and governance frameworks, state-sponsored adversaries. These targetted emails lure targets into opening malicious files intended to compromise devices, the source said.