Some Indian authorities web sites proceed to permit the planting of scammy hyperlinks on their official domains months after TechCrunch reported the difficulty.
TechCrunch discovered greater than 90 “gov.in” web site hyperlinks related to Indian authorities departments — together with the Indian Council of Agricultural Analysis and India Put up, in addition to state governments and councils of Haryana and Maharashtra and others — have been redirecting to websites linked to on-line betting and funding scams. Search engines like google like Google have listed the rip-off hyperlinks hosted on authorities websites, growing the danger of standard web customers discovering them.
In Might, TechCrunch reported that round 4 dozen Indian authorities web site hyperlinks have been redirecting to on-line betting platforms. India’s cyber company, the Laptop Emergency Response Group, often known as CERT-In, escalated the matter on the time. Nevertheless, it remained unclear whether or not the federal government had mounted the underlying flaw that the scammers have been exploiting to plant their hyperlinks.
Deedy Das of Menlo Ventures, amongst others, posted on social media platform X this week concerning the situation resurfacing, indicating that the hacked pages are widespread.
Safety researcher Bob Diachenko advised TechCrunch that the difficulty might have resurfaced resulting from a compromise within the web sites’ content material administration system (CMS) or server configurations.
“If only the symptoms (e.g., malicious content) are removed without addressing the root cause (e.g., vulnerability or backdoor), attackers can reintroduce the issue,” Diachenko stated, including, “It is not a very challenging exercise but requires some downtime and efforts.”
Earlier this week, TechCrunch contacted CERT-In with just a few affected hyperlinks. The company didn’t reply to the e-mail, although the hyperlinks began exhibiting a “page not found” error at across the time of publication.
