Cyber Incident Victim: Islamabad
Date:
Sep 2024
Location:
India
Summary
The Supreme Court of India's YouTube channel was compromised, displaying cryptocurrency promotions and making previous content private before becoming inaccessible. This breach coincided with similar attacks on other verified accounts, including Hyderabad Metro Rail and the national hockey team, which promoted a separate Solana-based token. While the exact method remains unclear, initial reports suggest potential vulnerabilities involving API keys or linked third-party applications.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 20, 2024, the official YouTube channel of the Supreme Court of India was compromised in a cyberattack that lasted several hours. The hackers replaced the channel’s content with promotional material for XRP, a cryptocurrency developed by Ripple Labs, a U.S.-based company engaged in legal disputes with the U.S. Securities and Exchange Commission. A blank video titled “Brad Garlinghouse: Ripple Responds To The SEC's $2 Billion Fine! XRP PRICE PREDICTION” was prominently displayed, referencing Ripple’s CEO. The attackers also privatized previous videos of Supreme Court hearings, erasing public access to archived proceedings. By approximately 3:00 PM local time, the channel became entirely inaccessible, returning a 404 error message stating, “This page isn’t available. Sorry about that. Try searching for something else.” The Supreme Court issued a notice confirming the takedown and assuring the public that services would be restored shortly. The channel, operational since 2018, had been instrumental in live-streaming Constitution Bench hearings and cases of public interest, including the Krishna Janmabhoomi-Shahi Idgah matter, as part of a transparency initiative under former Chief Justice UU Lalit. The breach disrupted public access to these judicial proceedings and undermined confidence in the institution’s digital infrastructure.
This incident occurred amid a broader pattern of cryptocurrency-focused cyberattacks targeting Indian entities. Two days earlier, on September 18, 2024, the Hyderabad Metro Rail’s X account (@ltmhyd) was hacked to promote $HACKED, a token on the Solana blockchain. Similarly, the Indian Hockey team’s X account (@TheHockeyIndia) was compromised on September 19, immediately following their Asian Champions Trophy victory, with hackers posting messages advertising $HACKED and claiming coordinated profit-seeking through token manipulation. While the Supreme Court breach did not explicitly reference $HACKED, its focus on XRP mirrored the attackers’ intent to exploit high-profile platforms for cryptocurrency promotion. Initial reports by Outlook magazine suggested compromised API keys or third-party app integrations as potential attack vectors, though no technical confirmation was provided for the Supreme Court incident. The attacks collectively highlighted vulnerabilities in institutional social media management, particularly the risks associated with API dependencies and interconnected digital services. Restoration efforts for the Supreme Court’s channel remained underway at the time of reporting, with no further details disclosed regarding investigative or remedial actions.