🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Category: Adversary Intelligence
Industry: Healthcare & Pharma
Motivation:Reputation
Region: India
Source*:
B:Usually reliable
2: Probably true
CloudSEK's contextual AI digital risk platform XVigil has discovered a post on an English speaking cybercrime forum, sharing a database of PHI-IIIT Delhi for Forum credits. A total of 82 Databases were compromised and leaked data includes Emails, Name, Year and Internal healthcare & Vaccine development related documents, including research papers and more. It should be noted that a portion of the offered database is accessible for public consumption on the PHI Portal hosted on ERNET (Education and Research Network): ERNET is an autonomous scientific society under the Ministry of Electronics and Information Technology (MeitY) in India.
PHI: Portal for Health Informatics - is IIIT Delhi's web portal for bioinformatics, health informatics, and genomics, helping biologists in vaccine development and drug designing. It provides servers, databases, and software for scientific computation in healthcare, supporting research in life sciences.
On 25 July 2023, CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor named UsNsA sharing a database of Portal for Health Informatics - IIIT-Delhi for 8 forum credits. The leaked database, comprising 82 files with a total size of approximately 1.8 GB, contains sensitive information such as username, email addresses and other internal documents.
The shared database, named webs.iiitd.edu.in.rar included:
It is worth noting that the 54 databases leaked on the website are already available for public consumption through the website can be through the website as mentioned below
The actor exploited a SQL injection vulnerability on the PHI Portal website to gain unauthorized access and exfiltrate the database, likely employing the SQLMap tool.
The leaked MySQL User table named "users" exposed sensitive information such as usernames, hashed passwords, user privileges, SSL type, and possibly other confidential data. Furthermore, the website displayed numerous instances of SEO Spam, as evident in the below images indicating a certain section of the website is not moderated.