Researchers have disclosed more information on how they were able to breach multiple websites of the Indian government. Last month, researchers from the Sakura Samurai hacking group partially disclosed that they had breached cyber systems of Indian government after finding a large number of critical vulnerabilities. Researchers found 35 cases of exposed credential pairs for critical applications, publicly-reachable sensitive files exposing 13,000 PII records, dozens of police reports, etc. The researchers also found session hijacking and remote code execution (RCE) vulnerabilities on sensitive government systems that process financial information.
Source: https://www.bleepingcomputer.com/news/security/researchers-hacked-indian-govt-sites-via-exposed-git-and-env-files/