Some Indian authorities web sites proceed to permit the planting of scammy hyperlinks on their official domains months after TechCrunch reported the difficulty.
TechCrunch discovered greater than 90 “gov.in” web site hyperlinks related to Indian authorities departments — together with the Indian Council of Agricultural Research and India Post, in addition to state governments and councils of Haryana and Maharashtra and others — had been redirecting to websites linked to on-line betting and funding scams. Search engines like Google have listed the rip-off hyperlinks hosted on authorities websites, growing the chance of standard web customers discovering them.
In May, TechCrunch reported that round 4 dozen Indian authorities web site hyperlinks had been redirecting to on-line betting platforms. India’s cyber company, the Computer Emergency Response Team, generally known as CERT-In, escalated the matter on the time. However, it remained unclear whether or not the federal government had fastened the underlying flaw that the scammers had been exploiting to plant their hyperlinks.
Deedy Das of Menlo Ventures, amongst others, posted on social media platform X this week concerning the difficulty resurfacing, indicating that the hacked pages are widespread.
Security researcher Bob Diachenko informed TechCrunch that the difficulty could have resurfaced as a result of a compromise within the web sites’ content material administration system (CMS) or server configurations.
“If solely the signs (e.g., malicious content material) are eliminated with out addressing the basis trigger (e.g., vulnerability or backdoor), attackers can reintroduce the difficulty,” Diachenko mentioned, including, “It is just not a really difficult train however requires some downtime and efforts.”
Earlier this week, TechCrunch contacted CERT-In with a number of affected hyperlinks. The company didn’t reply to the e-mail, although the hyperlinks began exhibiting a “web page not discovered” error at across the time of publication.
