Bharat Earth Movers Limited (BEML), an Indian defence PSU suffered a data breach that exposed the company’s internal documents.

Researchers at data breach monitoring firm Cyble Inc. spotted these leaked documents on one of the darkweb markets during their routine checks for intelligence gathering.

The leaked documents included multiple BEML’s email conversations, customer’s detailed records, multiple interoffice memos, freight invoices, and much more.

Image (Cyble): Leaked files and folders
Image (Cyble): Internal office memo file

See Also: hacked: Hackers claim to have stolen data from the popular OTT platform

Image (Cyble): List of breached email addresses
Image (Cyble): Leaked customer data

According to Cyble’s research team, the leak may have occurred in May 2020 and the data was published on the darkweb market on May 25.

Founded in 1964, BEML is a manufacturing company that provides a variety of heavy equipment and other products to the Indian defence. The company manufactures equipment such as bulldozers, dump trucks, hydraulic excavators, wheel loaders, rope shovels, walking draglines, motor graders, and scrapers.

Cyble researchers first claimed that the threat actor who published BEML’s documents on the darkweb goes by the name “R3dr0x”(seem to be a Pakistan actor).

Later today, Cyble said, “Cyble researchers have received further clarification from ‘R3dr0x’ directly, that it wasn’t responsible for this leak as such. The leak was made by an unknown party.”

The threat actor has “targeted the part of the BEML website detailing about their Indigenisation Levels, which seems to be a warning for the extremist government of Indian that they would face in the near future for their actions,” said the report published today by Cyble.

See Also: hacked: Hackers claim to have stolen data from the popular OTT platform

“Based on the leak itself, it appears to be an act of a hacktivist or politically motivated. At this point, we have no technical evidence suggesting that the attack originated from a neighbouring or non-friendly country; however, the circumstantial pieces (actor’s message, password combinations) suggests it to be the likely the case,” concluded the report.

“As an immediate measure we have deactivated the suspected e-mail ids, all computing devices used to access these e-mails have been quarantined from the business network, an internal analysis of logs have been carried out and data has been secured for further forensic Cyber Audit,” a BEML spokesperson told EcomonicTimes.

Kanishk Tagade

Founder and Editor at QuickCyber. Kanishk is a cybersecurity enthusiast, security researcher, and an enterprise growth marketer. He's also a community member of the Nasscom community and corporate contributor at many technology magazines and security awareness platforms. He is also a social micro-influencer for cybersecurity, Infosecurity, digital transformation, and artificial intelligence technologies.

Share with your friends:


Leave a Reply

Your email address will not be published. Required fields are marked *