Indian Railways alerted on malware attack

At a time when the country is yet to recover from the shock of losing 20 Indian soldiers in a violent clash with the Chinese People’s Liberation Army (PLA) troops in Ladakh’s Galwan Valley, another shocker has come to light with news coming of a malware hitting the Indian Railways network and snooping its data for foreign countries, including train movements, sources in the intelligence agencies have said.

Meanwhile, Railways Board Chairman, V.K. Yadav, said that the national transporter keeps on receiving malware security threats and the engineers in the railways keep on taking all precautions and keeps on updating the firewalls to prevent data theft. The news comes a day after the Dedicated Freight Corridor Corporation Limited decided to terminate the 417-km signalling project worth ₹471 crore with Chinese firm Beijing National Railway Research and Design Institute of Signal and Communication Group Company Limited due to non-performance.

According to intelligence agency sources, the system of the Railways has been hit by the APT 36 Malware campaign. The source said that the intel agencies have also alerted the Railway Board to instantly disconnect the system with the Internet and change the password immediately.

The source said the APT 36 Malware is connected to Pakistan, which is a close ally of China. The source further said that following the red flag from the intel agencies, the system of a senior Principal Executive Director of the Railways, working in its vigilance department, has been taken for cleaning the malware threat.

As per the source, through the APT 36 Malware campaign, data stored in the Indian Railways systems were being stolen and stored in foreign locations, including the movement of the trains. He further claimed that the APT 36 Malware also tried to take defence movement data. The source said the APT 36 Malware effect was reported from at least four systems of the Indian Railways.

Responding to queries, the Railways Board Chairman said: “Whether it is our systems or the IRCTC, we continuously update it with firewalls, and it is an ongoing process we get the updates.” Yadav said that our system is updated time to time. “We get malware threats on a regular basis. And we look at it continuously,” he said. When pressed further about the malware threat in four railways systems, he said: “It has not come to our notice that some information has been leaked. Our systems are secure and our engineers keep on working on it.”