This circular, issued by the Controller General of Defence Accounts, addresses concerns related to cyber security. It highlights the registration of websites under the “.in” domain by malicious actors based in Pakistan with the intent to target Indian Defence Personnel.
The circular provides a list of identified websites and emphasizes the need to take immediate actions to prevent phishing attacks on Armed Forces. These actions include blocking malicious URLs, raising awareness among personnel, not sharing NIC login credentials on suspicious pages, forwarding suspicious emails for analysis, and ensuring the deletion of phishing emails.
Domains registered by Pak Malicious Actors
“हर काम देश के नाम”
रक्षा लेखा महानियत्रक
उलान बटाररोड, पालम, दिल्ली छावनी-110010
Controller General of Defence Accounts
Ulan Batar Road, Palam, Delhi Cantt.- 110010
(IT&S Wing)
No. Mech/IT&S/810/Cyber Security/Misc
Date: 04/09/2023
Circular
To
All PCsDA/CsDA/PrIFA/IFA/PC A(Fys)
(through DAD WAN/email)
Sub: Domains registered by Pak Malicious Actors.
It has been observed that few websites have been registered under “.in” domain which are originally hosted by Pak based malicious actors. These websites are hosted to trap Indian Defence Personnel. The list of websites identified till date are as under :
| S. No. | Malicious Domain |
| a. | coorddesk.in |
| b. | ksboards.in |
| c. | dopt.ccordsec.in |
| d. | ksb.csl.in |
| e. | rsb.csl.in |
| f. | cgda.csl.in |
| g. | adminbr.in |
| h. | coordbranch.in |
| i. | coordbr.in |
| j. | e-admin.in |
| k. | admindesk.in |
| l. | ksbpanel.in |
- Further research at national levels is in progress to identify more such domains. These domains can be used to launch spear phishing attacks against Armed forces.
- In view of the above, the following actions are’to be taken immediately to contain spread of these campaigns:
» Block the malicious URLs mentioned at para 2 above at perimeter security devices of AFTI/JSOs.
» Sensitise all personnel under respective AOR regarding these phishing campaigns originating from these phishing domains and download applications only from trusted websites.
» Sensitise persons to not enter their NIC login credentials when redirected login page appears.
» Forward any: suspicious emails DCyA email ID (soc.ids@gov.in) without clicking on any link/opening any attachments/enter credentials for analysis and further guidelines.
» Post forwarding to DCyA, delete phishing emails from the inbox and
trash folders of all the recipients.
- In view of the above, all the:Controllers are advised to ensure compliance of the guidelines given above and disseminate these guidelines to all their sections and sub offices for strict compliance.
(Neeraj burendran)
Sr. ACGDA (IT&S)
Leave a Reply