SUMMARY
The data included customer information, BEML's financial budget, several freight details
US-based Cyble firm is suspecting hacktivists or unknown entity to be behind this attack
State-run cybersecurity firm Cert-In had alerted BEML on June 3
Internal data of Bengaluru-based Bharat Earth Movers Limited (BEML), which is a defence public sector undertaking (PSU), is available on the dark web, cybersecurity firm Cyble has revealed.
According to the US-based firm the actual leak took place on May 25 and the files were downloaded using email accounts of seven BEML employees. The hackers, who are suspected to be hacktivist or an unknown entity, also got access to employees’ internal email addresses and login passwords.
Cyble highlighted that the leak included customer data, BMEL’s financial budget for the year 2020-2021, several freight details and more. BEML is one of the biggest defence, mining and construction and rail coach manufacturers in India. It comes under the ministry of defence.
Beenu Arora, founder and CEO of Cyble, told Inc42 that based on the leak, it appears that the perpetrator managed to access some “confidential” data. However, this may or may not be the full data leak. He also recommended BEML to perform a thorough analysis of how the perpetrators might misuse this information based on the nature of the leak. Inc42 has accessed a few leaked documents.
Arora added, “the leak also reflects that the agency is yet to make improvements on their cybersecurity practices, especially on security awareness aspects. Given the leak has occurred, it’s imperative to enhance their deep web and dark web monitoring capabilities as well, especially given the nature of their business. We recommend affected organisations to perform thorough cyber risk assessments to understand their attack surface and the risk exposure and take a risk-based approach in implementing appropriate security controls.”
Commenting on Pakistan’s hacker’s role behind the data leak, Cyble highlighted that based on the leak itself, it appears to be an act of a hacktivist. However, the company does not have any technical evidence suggesting that the attack originated from a neighbouring or non-friendly country. But the circumstantial evidence like the hacker’s message and password combinations suggests it to be likely the case, the cybersecurity firm said.
BEML has confirmed the report, saying that India’s state-run cybersecurity agency Computer Emergency Response Team (Cert-In) had alerted them about the breach on June 3. The PSU also highlighted that the internal review showed that the information allegedly leaked was “non-classified and has no adverse impact” on the company.
“As an immediate measure we have deactivated the suspected e-mail ids, all computing devices used to access these emails have been quarantined from the business network, an internal analysis of logs have been carried out and data has been secured for further forensic Cyber Audit,” a BEML spokesperson told Economic Times.
Recently, Google Threat Analysis Group (TAG) report, published on May 27, highlighted that the tech giant has sent out 1,755 warnings to users whose accounts were targets of government-backed attackers. In a blogpost, the body highlighted that it is tracking more than 270 targeted or government-backed attacker groups from more than 50 countries.
