Home News Indian Transport Sector on Hackers’ Radar; CERT-In Warns

Indian Transport Sector on Hackers’ Radar; CERT-In Warns

After the power sector, Chinese-sponsored actors are now targeting Indian road transport infrastructure. CERT-In warned transport agencies to prioritize and strengthen their cybersecurity posture.

Indian bus

As a country with the second-largest population and the third-largest economy, India-based organizations are a prime target for cybercriminals. Several cyberattacks have been reported on various industries and sectors in India that affected a large number of people in the country. Recently, the Indian Ministry of Road Transport and Highways warned the National Highway Authority of India (NHAI) and other transportation agencies to reinforce their security standards and immediately perform a thorough security audit of all their IT systems.

What the Indian Ministry says…

The Indian Ministry of Road Transport and Highways stated that it recently received an alert from the Indian Computer Emergency Response Team (CERT-In) about a potential cyberattack on the transport sector.

Along with NHAI, the Ministry also warned other transport bodies like the National Highways and Infrastructure Development Corporation (NHIDCL), Indian Road Congress (IRC), Indian Academy of Highway Engineers (IAHE), testing agencies, and automobile manufacturers.

“Ministry of Road Transport and Highways received an alert from CERT-In regarding targeted intrusion activities directed towards Indian Transport sector with possible malicious intentions. The Ministry has advised departments and organizations under the transport sector to strengthen the security posture of their infrastructure,” the Ministry said.

“Accordingly, NIC, NHAI, NHIDCL, IRC, IAHE, State PWDs, Testing agencies, and Automobile manufacturers have been requested to conduct the security audit of the entire IT system by CERT-In certified agencies regularly and take all actions as per their recommendations.  The audit report and the ATR must be regularly submitted to the Ministry,” the Ministry added.

The Chinese Angle

CERT-In stated that it has noticed continued intrusions from Chinese threat actors against the Indian transport sector to pilfer critical intelligence information and perform cyber-espionage campaigns. As per a report, cybercriminal groups like APT41 (Barium), Tonto Team, APT101 (StonePanda), APT15 (K3yChang), APT27 (Emissary Panda), Winnti groups & RedEcho have been targeting Indian organizations that have been involved in national strategic activities.

The adversaries have allegedly used spear-phishing techniques or exploited known vulnerabilities to break into the enterprise network systems.  Indian transportation agencies like Indian Railway Catering and Tourism Corporation (IRCTC), Tata Motors, NHAI, Rail India Technical and Economic Service (RITES), Dedicated Freight Corridor Corporation of India (DFCCIL), Centre for Railway Information Systems (CRIS), and Roads & Building Dept, Andhra Pradesh have been asked to stay vigilant and strengthen their security infrastructure.

 How a Cyberattack could affect the Transport Sector

There have been vast improvements and enhancements in IT and interconnectivity in the Indian transportation industry. For instance, IRCTC is one of the largest ticketing, catering, and tourism services providers globally. Transportation companies are widely deploying GPS tracking systems, signaling systems, and IoT sensors on vehicles. Cyberattacks on such systems may cause disruption in supply chains (freight) and public transportation. There would be revenue losses due to security data breaches, identity theft, and property damage. Hackers would exploit a transportation company’s digital assets and engage in cyber extortion (ransomware).

The potential cyberthreat alert to the transport sector comes just weeks after security experts discovered a Chinese state-sponsored group “Red Echo” that targeted ten Indian Power Sector Companies and two Seaports. Microsoft also warned its users and clients about recent cyberattacks from China-based malicious actors against Microsoft’s Exchange Server software.