A wave of cyberattacks has knocked out more than 70 public and private sector websites in India. Hacktivist group DragonForce Malaysia has claimed responsibility for the campaign, saying it is in retaliation to a negative statement about the Prophet Muhammad made by a member of India’s ruling political party the Bharatiya Janata Party (BJP). The exploits of DragonForce Malaysia are the latest example of the resurgence of hacktivism, hacking with a social or political purpose, which has been observed in recent months.
Sharma’s allegedly Islamophobic comments, made in a televised debate at the end of May, have led to protests in India and caused diplomatic tensions with predominantly Muslim countries such as the United Arab Emirates and Malaysia.
These tensions have apparently now spilled over into cyberspace, with DragonForce Malaysia carrying out sweeping ‘injection’ attacks, defacing government websites and knocking other sites offline in the last 48 hours. Affected sites include the Indian Embassy in Israel and the National Institute of Agriculture, as well as educational facilities such as Delhi Public School.
Injection attacks are where hackers inject a bug into a website’s system to enable them to make changes, explains Srinivas Kodali, a cyber researcher at the coalition Free Software Movement of India.
So far there has been no data exfiltrated, explains Bharat Mistry, technical director of the UK and Ireland at Trend Micro. But, he says, the ease at which so many organisations were attacked is noteworthy. “This should be a wake-up call for India to say, ‘we need to bolster our security and take it a bit more seriously’,” he says. “If the first phase of this was just defacement, where could it go if there was a more intense attack that was more distributed and more intent on disruption?”
DragonForce Malaysia behind India cyberattacks
DragonForce Malaysia came to prominence last year in Israel when it led a series of cyberattacks against Israeli targets throughout June and July.
Content from our partners
The group has compared itself to high-profile hacktivist group Anonymous and claims to hack “based on ethics and principles that bring good”. DragonForce Malaysia is active on social media, and has been vocal in its support for the protests in India.
It is known for working with other cybercrime gangs, including T3 Dimension Team, Syntax Brute Code Malaysia and the PANOC Team. Prior to this week its most recent campaign, OpsBedilReloaded, took place in April and targeted several organisations in Israel, amid the escalating tensions among Palestinians and Israelis. This spree triggered a warning by security company Radware.
The gang is following in the footsteps of other hacktivists, many of whom have been thrust back into the spotlight as a result of their activities supporting Ukraine during its war with Russia.
A report from Radware released last week notes a 125% increase in the number of distributed denial of service (DDoS) attacks in observed in the first quarter of 2022. “These attacks were largely driven by a threat landscape turbocharged by geopolitical instability, hacktivists, nation-state threat actors, and a focus on exploiting newly discovered vulnerabilities,” the report notes.
But the organisations targeted by DragonForce Malaysia, many of which are small in nature, do not match the gang’s altruistic message, argues Kodali. “The websites they have targeted include several farmer collectives,” he says. “I think within the global world of hacktivism the idea is to go after the powerful, but they’re going after the powerless.”