Some Indian authorities web sites proceed to permit the planting of scammy hyperlinks on their official domains months after TechCrunch reported the issue.
TechCrunch discovered greater than 90 “gov.in” web site hyperlinks related to Indian authorities departments — together with the Indian Council of Agricultural Analysis and India Put up, in addition to state governments and councils of Haryana and Maharashtra and others — have been redirecting to websites linked to on-line betting and funding scams. Engines like google like Google have listed the rip-off hyperlinks hosted on authorities websites, rising the danger of standard web customers discovering them.
In Could, TechCrunch reported that around four dozen Indian government website links have been redirecting to on-line betting platforms. India’s cyber company, the Pc Emergency Response Workforce, often known as CERT-In, escalated the matter on the time. Nevertheless, it remained unclear whether or not the federal government had mounted the underlying flaw that the scammers have been exploiting to plant their hyperlinks.
Deedy Das of Menlo Ventures, amongst others, posted on social media platform X this week concerning the difficulty resurfacing, indicating that the hacked pages are widespread.
Safety researcher Bob Diachenko instructed TechCrunch that the difficulty might have resurfaced because of a compromise within the web sites’ content material administration system (CMS) or server configurations.
“If solely the signs (e.g., malicious content material) are eliminated with out addressing the basis trigger (e.g., vulnerability or backdoor), attackers can reintroduce the difficulty,” Diachenko mentioned, including, “It’s not a really difficult train however requires some downtime and efforts.”
Earlier this week, TechCrunch contacted CERT-In with just a few affected hyperlinks. The company didn’t reply to the e-mail, although the hyperlinks began exhibiting a “web page not discovered” error at across the time of publication.