Recent SEO poisoning targeting Indian government and educational websites has directed users to dubious rummy and investment websites, raising alarm over user safety. Over 150 government portals have been affected, highlighting the tactics used by cybercriminals. Affected: Indian government websites, educational websites, financial brands
Keypoints :
- SEO poisoning is being used to mislead users by redirecting them to harmful websites.
- More than 150 Indian government portals are reported to be targeted.
- Common techniques involve referrer header manipulation and cloaking.
- Keyword stuffing is utilized to promote malicious sites, especially around trending topics.
- Cybercriminals exploit vulnerabilities in Content Management Systems (CMS) to inject harmful code.
- The increased popularity of online rummy games has further been exploited in these attacks.
- Public awareness and website security are crucial for mitigating these attacks.
MITRE Techniques :
- T1071: Application Layer Protocol – Manipulation of the referrer header to disguise the request source.
- T1027: Obfuscated Files or Information – Use of cloaking techniques to present different content to search engines and users.
- T1060: Resource Hijacking – Exploiting underlying system vulnerabilities in CMS for unauthorized code execution.
- T1070: Indicator Removal on Host – The use of script injections to hide the presence of malicious activities.
- T1203: Exploit Public-Facing Applications – Possible exploitation of the CMS file upload functionality to introduce malicious code.
Indicator of Compromise :
- [URL] https[:]//yono-allslots[.]com/
- [Domain] indorummy[.]net
- [Domain] teenpattionline[.]game
- [IP Address] 104.21.16.1
- [IP Address] 18.160.46.4