Several high-profile Sri Lankan targets, including its defence and education ministry, were listed on a data breach post, Cyble researchers told The Cyber Express. They have verified that a BreachForums member is allegedly selling access to one of the portals to the Ministries.
According to the BreachForums post, gray hat hacking group Kelvin Security is selling access to a portal related to the Sri Lankan Ministry of Education, Sri Lankan Army, Air Force & Police Officers’ documents in pdf, among 12,398 files with a total size of 10.2 GB data.
According to researchers, the threat group has posted three samples that indicate it is indeed the data of Sri Lanka ministries. Among the stolen data, one screenshot shows a list of applications submitted by the defense, including the Army, Air Force & Navy.
Moreover, two more reflect a CSV file possibly containing information related to Sri Lankan police officers with their name, address, service no, NIC no, and contact information.
As for the last sample, the threat actor released an image containing the “Birth Certificate in Sinhalese script of a child born in 2017”. These samples indicate a large-scale attack that went under the radar, and the threat group is still operating on surface-level social media channels.
Sri Lanka and cyber-attacks
Data breaches and cyber-attacks in Sri Lanka have peaked since the civilian unrest this year.
In April, global hacker collective Anonymous conducted distributed denial-of-service (DDoS) attacks on the websites of the Ceylon Electricity Board, the Sri Lanka Police, and the Department of Immigration and Emigration.
Anonymous tweeted that they had launched the #OpSriLanka hashtag in support of the people and were “declaring cyberwar against the government.” Many Sri Lankans had been requesting Anonymous’s involvement using the hashtag #AnonymousSaveSriLanka on social media.
However, during the attack, Anonymous hackers publicly shared thousands of usernames, passwords, and email addresses from the database of Sri Lanka Scholar, a private portal for students to access higher education institutions using the official “.lk” domain.
They also released similar information about agents registered with the Sri Lanka Bureau of Foreign Employment (SLBFE).