Internal Data Of State-Run Defence Unit BEML Leaked, Available On Dark Web

Internal Data Of State-Run Defence Unit BEML Leaked, Available On Dark Web

SUMMARY

The data included customer information, BEML's financial budget, several freight details

US-based Cyble firm is suspecting hacktivists or unknown entity to be behind this attack

State-run cybersecurity firm Cert-In had alerted BEML on June 3

Internal data of Bengaluru-based Bharat Earth Movers Limited (BEML), which is a defence public sector undertaking (PSU), is available on the dark web, cybersecurity firm Cyble has revealed.

According to the US-based firm the actual leak took place on May 25 and the files were downloaded using email accounts of seven BEML employees. The hackers, who are suspected to be hacktivist or an unknown entity, also got access to employees’ internal email addresses and login passwords.

Cyble highlighted that the leak included customer data, BMEL’s financial budget for the year 2020-2021, several freight details and more. BEML is one of the biggest defence, mining and construction and rail coach manufacturers in India. It comes under the ministry of defence.

Beenu Arora, founder and CEO of Cyble, told Inc42 that based on the leak, it appears that the perpetrator managed to access some “confidential” data. However, this may or may not be the full data leak. He also recommended BEML to perform a thorough analysis of how the perpetrators might misuse this information based on the nature of the leak. Inc42 has accessed a few leaked documents.

Arora added, “the leak also reflects that the agency is yet to make improvements on their cybersecurity practices, especially on security awareness aspects. Given the leak has occurred, it’s imperative to enhance their deep web and dark web monitoring capabilities as well, especially given the nature of their business. We recommend affected organisations to perform thorough cyber risk assessments to understand their attack surface and the risk exposure and take a risk-based approach in implementing appropriate security controls.”

Commenting on Pakistan’s hacker’s role behind the data leak, Cyble highlighted that based on the leak itself, it appears to be an act of a hacktivist. However, the company does not have any technical evidence suggesting that the attack originated from a neighbouring or non-friendly country. But the circumstantial evidence like the hacker’s message and password combinations suggests it to be likely the case, the cybersecurity firm said.

BEML has confirmed the report, saying that India’s state-run cybersecurity agency Computer Emergency Response Team (Cert-In) had alerted them about the breach on June 3. The PSU also highlighted that the internal review showed that the information allegedly leaked was “non-classified and has no adverse impact” on the company.

“As an immediate measure we have deactivated the suspected e-mail ids, all computing devices used to access these emails have been quarantined from the business network, an internal analysis of logs have been carried out and data has been secured for further forensic Cyber Audit,” a BEML spokesperson told Economic Times.

Recently, Google Threat Analysis Group (TAG) report, published on May 27, highlighted that the tech giant has sent out 1,755 warnings to users whose accounts were targets of government-backed attackers. In a blogpost, the body highlighted that it is tracking more than 270 targeted or government-backed attacker groups from more than 50 countries.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
Unlock 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Internal Data Of State-Run Defence Unit BEML Leaked, Available On Dark Web-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Internal Data Of State-Run Defence Unit BEML Leaked, Available On Dark Web-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Internal Data Of State-Run Defence Unit BEML Leaked, Available On Dark Web-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Internal Data Of State-Run Defence Unit BEML Leaked, Available On Dark Web-Inc42 Media
Internal Data Of State-Run Defence Unit BEML Leaked, Available On Dark Web-Inc42 Media
You’re in Good company