Many media channels are running a news that the AIIMS cyberattack was done by some Chinese π¨π³ hacker(s) (some even saying by some Chinese firm).
Plz beware that the IP 146.196.54.222 is a DHC IP (and not a residential IP) and thus very high chances that it was used as a proxy IP. This IP is owned by Layerstack Limited which is a cloud hosting server provider. The IPs of the subnet 146.196.52.0/24 (range 146.196.54.0-146.196.54.255) have been marked as bad web bots, spam IPs, attack sources by several proxy checkers and are frequently used as proxy IPs.
As per the data of AIIMS is concerned, most of it has been restored (from an unaffected backup) and most of the services are running back. No data sale on any well known Darknet forums/marketplaces has been noticed so far (some media claimed that) though it could be in future.
Again, in such cyberattacks the hackers are obviously supposed to use proxies (or proxy chains) to conduct attacks. The attacker could be from anywhere in the world. The expert who submitted this IP (as last noticed IP on e-Hospital servers) to an agency had himself asked to check it for proxy/VPN. Neither of our Law Enforcements or any agency (as per my best info) concluded that China is behind attack. Media got this IP and did this. Let us wait for more technical analysis, further investigation from officials and Law Enforcements on same.
Yes, legally our Law Enforcements are supposed to ask logs of the attacker (or user of this IP at that time) from the concerned Chinese IP provider. Any ISP (or any sub-ISP or data-centre as per lease agreements) that owns an IP is supposed to maintain its IPDR or IP logs. Asking for logs from the IP provider however doesnβt mean that our LEAs are blaming China π¨π³ for this attack.
#cybersecurity #cyberattack #aiims
Plz beware that the IP 146.196.54.222 is a DHC IP (and not a residential IP) and thus very high chances that it was used as a proxy IP. This IP is owned by Layerstack Limited which is a cloud hosting server provider. The IPs of the subnet 146.196.52.0/24 (range 146.196.54.0-146.196.54.255) have been marked as bad web bots, spam IPs, attack sources by several proxy checkers and are frequently used as proxy IPs.
As per the data of AIIMS is concerned, most of it has been restored (from an unaffected backup) and most of the services are running back. No data sale on any well known Darknet forums/marketplaces has been noticed so far (some media claimed that) though it could be in future.
Again, in such cyberattacks the hackers are obviously supposed to use proxies (or proxy chains) to conduct attacks. The attacker could be from anywhere in the world. The expert who submitted this IP (as last noticed IP on e-Hospital servers) to an agency had himself asked to check it for proxy/VPN. Neither of our Law Enforcements or any agency (as per my best info) concluded that China is behind attack. Media got this IP and did this. Let us wait for more technical analysis, further investigation from officials and Law Enforcements on same.
Yes, legally our Law Enforcements are supposed to ask logs of the attacker (or user of this IP at that time) from the concerned Chinese IP provider. Any ISP (or any sub-ISP or data-centre as per lease agreements) that owns an IP is supposed to maintain its IPDR or IP logs. Asking for logs from the IP provider however doesnβt mean that our LEAs are blaming China π¨π³ for this attack.
#cybersecurity #cyberattack #aiims
β€1
Wishing everyone a happy, colourful and safe diwali!
#happydiwali #diwali #hith #hackerinthehouse #cybersecurity #cyberattack #diwali2024
#happydiwali #diwali #hith #hackerinthehouse #cybersecurity #cyberattack #diwali2024
π1