Internal documents of defence public sector undertaking BEML (Bharat Earth Movers Limited) have been leaked on marketplaces in the dark web, US-based cybersecurity research firm Cyble said on Tuesday.
The actual leak of the documents took place on May 25, it said, suspecting that a hacktivist or a Pakistan-based threat actor called ‘R3dr0x’ has targeted the website and leaked sensitive data files along with email accounts and passwords of seven employees.
BEML said the Indian Computer Emergency Response Team (Cert-In) alerted it to the breach on June 3 and an internal review showed that the information allegedly leaked was “non-classified and has no adverse impact” on the company.
The leaked files were downloaded from email accounts of the seven employees and a text file was also leaked detailing the employees’ internal email addresses and login passwords. A link, which connects to the ‘Indigenisation’ section of the BEML website, was mentioned as the “target of the leak”.
The leaked data includes a number of email conversations, customer records, interoffice memos, freight invoices among other details.
“Based on the leak itself, it appears to be an act of a hacktivist or politically motivated. At this point, we have no technical evidence suggesting that the attack originated from a neighbouring or non-friendly country; however, the circumstantial pieces (actor’s message, password combinations) suggests it to be likely the case,” the firm said.
After the actor logged into the email ids, old passwords were changed to terms like “GoToHellBJP!!1” and “FreeKashm!r” which led the company to suspect that it was a neighbouring country or a politically motivated leak.
The Bengaluru-based BEML, which manufactures heavy equipment for the construction, power, irrigation, fertiliser, cement, steel and rail sectors, said it had formed a high-level committee to investigate the breach.
“As an immediate measure we have deactivated the suspected e-mail ids, all computing devices used to access these e-mails have been quarantined from the business network, an internal analysis of logs have been carried out and data has been secured for further forensic Cyber Audit,” a BEML spokesperson said in response to ET’s queries over email.
Computing devices used for internet access at remote locations have also been segregated from the business network, the spokesperson said.
Note: The story has been updated with BEML’s response
Leave a Reply