In what is prima facie suspected to be an act of cyber terrorism from Pakistan, the official email ids of seven employees of an Indian Public Sector Undertaking (PSU) working in the defence industry were found to be hacked, and internal data dumped on the dark net.
The company targeted, BEML, previously known as Bharat Earth Movers Limited, is headquartered in Bengaluru, and has several crucial business verticals such as defence products, high mobility vehicles, Indian railway products and Metro rail cars.
The leak was discovered by Cyble Inc, a global cyber intelligence agency founded by cyber expert Beenu Arora. Cyble Inc researchers said the threat actor who put the data out on the dark web, R3dr0x, seems to be a Pakistani hacker.
An update by Cyble on Tuesday said, “The actor has targeted the part of the BEML website detailing about their Indigenisation Levels, which seem to be a warning for the extremist government of India that they would face in the near future for their actions. The Cyble Research Team has identified the actor not only leaking the sensitive data files, which were downloaded from seven email accounts of BEML employees, but also leaked a text file detailing those seven BEML employees’ internal email addresses and their login passwords.”
The leaked data includes several email conversations, records, internal memos and invoices, and the hacker has also changed passwords of the hacked emails to anti-establishment phrases like “GoToHellBJP!!1” and “FreeKashm1r!!”.
More players involved
Later in the day, Cyble researchers were able to make contact with R3dr0x, who claimed that he was not directly responsible for the leak, which indicates the involvement of other players as well. Central cyber crime agencies have initiated investigations into the incident, but the exact source of the leak remained unknown to them as of now.
A BEML official said, “BEML became aware of it [the data breach] through a communication received from Cert-In [Indian Computer Emergency Response Team] on 3rd of June. The communication mentioned that some BEML files are available in dark net and it has been reported that the alleged data breach has taken place as a consequence of compromise of some email ids in the last week of May 2020. The MoD Cyber Security group has also been kept informed.”
BEML has formed a high-level committee to investigate the breach. “As an immediate measure,” the official added, “we have deactivated the suspected email ids, all computing devices used to access these emails have been quarantined from the business network. An internal analysis of logs have been carried out and data has been secured for further forensic cyber audit. Security credentials of all email accounts have been changed, urgent communications across the organisation regarding best practices related to cyber security have been sent.”
The official also stressed that all devices being used for internet access at remote locations have been segregated from the business network and an internal review of the allegedly leaked documents has been conducted.
‘No adverse impact’
“It has to be noted that the information contained in them is non-classified and has no adverse impact for the company. Vulnerabilities are being further analysed and immediate action is being undertaken with regards to security posture and further steps are being planned to strengthen people level security awareness. Currently, steps are being taken on recommendations on the basis of internal review. A Cyber Security Audit is also being undertaken,” the official said.
Published - June 09, 2020 11:25 pm IST