A recently identified hacking group, known as ‘Dawnofdevil,’ has surfaced, claiming responsibility for breaching the web portal of the Indian Income Tax Department. This emerging group entered the hacking scene in December 2023 and gained attention after previously hacking into the servers of Hathway, an internet services provider, on December 22 of the same year, exposing data related to millions of users. The latest development involves the release of a subset of data on a breach forum, purportedly from tax-paying users in India.
Against the backdrop of escalating cyber threats faced by India, particularly from neighboring countries in recent weeks, the disclosure of compromised data from the Income Tax Department adds to the challenges faced by the nation. With the consecration of Lord Shri Ram in Ayodhya scheduled for January 22, 2024, the country is on high alert for various forms of threats from adversaries.
The revelation of hacked data has sent shockwaves through the Information and Broadcasting Ministry of India, considering the ongoing cybersecurity challenges. While initial assessments indicate that the data breach might not be as severe as claimed, as the released data appears to be a duplicate of archives, the exposure of critical information exceeding 400GB, including names, addresses, PAN card details, Aadhaar numbers, IP addresses, KYC documents, contact details, email addresses, and password hashes, raises concerns about the potential for identity theft.
In a recent announcement on a Telegram channel dated January 16, 2024, DawnofDevil hinted at possessing millions of records from a government agency responsible for maintaining electoral rolls for verification and de-duplication purposes. This revelation implies that the hacking group could pose a serious and imminent threat to both public and private organizations in India in the coming weeks. The situation demands heightened vigilance and proactive measures to address the cybersecurity challenges facing the nation.
