Exposed: How Chinese Cyber Agencies 'Repackaged' the 2018 EPFO Data Breach

On a recent Monday, a substantial cache of documents surfaced on Github, linked to Chinese cyber operations, hinting at either their direct involvement in or subsequent acquisition of data compromised in an initial breach. This revelation concerns the 2018 cybersecurity incident that besieged the Employees’ Provident Fund Organisation (EPFO), compromising the personal information of countless Indian citizens. An initial inquiry by New Delhi’s cybersecurity apparatus uncovered that a Chinese cyber entity had "repackaged" this data.

In the year 2018, when whispers of the breach first echoed, the EPFO rebutted claims of system compromise, attributing the exploit to vulnerabilities within the infrastructure of Common Service Centres (CSCs).

The disclosure on Github shed light on a vast array of data from Indian entities, both governmental and corporate, suggesting involvement of the aforementioned Chinese cyber agencies in the 2018 breach or in the manipulation of the ensuing compromised data, as per a seasoned government official.

The Indian Computer Emergency Response Team (Cert-In) embarked on a probe to discern the novelty of the data within these documents, suspecting it might be an aggregation of information from previous breaches.

The leaked database on Github purportedly spans a wide spectrum of Indian institutions, encompassing data from the EPFO, BSNL users, and several corporations including Air India and Reliance.

"A preliminary examination by Cert-In suggests the EPFO data embedded within these documents traces back to the 2018 incident when its systems were breached," confirmed a high-ranking government official.

The EPFO's chief remained silent in response to inquiries for comments up to the time of publication.

During the 2018 breach, an EPFO authority had informed this publication that the data compromise occurred not within EPFO's own servers or software but rather through the CSC software. Contradictorily, a CSC official refuted this claim, asserting that the implicated application was hosted on the EPFO server, absolving CSCs of involvement in the incident.

In anticipation of data security and safeguarding measures, EPFO preemptively shut down the server and host service via Common Service Centres as a precautionary vulnerability assessment," EPFO had stated previously.

Nevertheless, Cert-In's preliminary findings solidify the notion that the EPFO's systems were indeed infiltrated in 2018.

In recent years, India has been at the receiving end of an onslaught of cybersecurity threats, with a notable attack on AIIMS Delhi's systems in 2022, presenting a formidable challenge to New Delhi's national security strategies.

The 2023 India Threat Landscape Report by Cyfirma, a Singapore-based cybersecurity enterprise, positions India as the globe's prime target for cyberattacks, accounting for 13.7 percent of all such incidents. The United States trails behind, subjected to 9.6 percent of attacks, with Indonesia and China also significant targets.

In response to the escalating threats to its cybersecurity framework, particularly in critical sectors such as banking, telecom, and energy, the central government has proposed a policy advocating for the exclusive use of domestically developed security products and services. This strategy, encapsulated in the National Cybersecurity Reference Framework (NCRF), aims to fortify the cybersecurity domain with a structured approach, delineating clear roles and responsibilities, grounded in existing legislation, policies, and guidelines.