Data of Indian defence contractor Bharat Earth Movers Limited (BEML) available online

Pierluigi Paganini June 09, 2020

A threat actor is offering for sale in a darkweb black-market internal documents of the Indian defence contractor Bharat Earth Movers Limited (BEML).

Researchers from cyber threat intelligence firm Cyble reported that a threat actor is offering in a darkweb black-market documents of the Indian defence contractor Bharat Earth Movers Limited (BEML). The company manufactures a variety of heavy equipment (bulldozers, dump trucks, hydraulic excavators, wheel loaders, rope shovels, walking draglines, motor graders and scrapers), such as that used for earthmoving, transport and mining.

As part of the regular monitoring of cybercrime forums and markets in the deep-web and darkweb, Cyble researchers spotted a threat actor named as R3dr0x who leaked (BEML) internal documents. According to the researchers, the data breach has occurred in May 2020 and the data was published on May 25.

“As per our research team, the actor R3dr0x (seem to be a Pakistan actor) has targeted the part of the BEML website detailing about their Indigenisation Levels, which seem to be a warning for the extremist government of Indian that they would face in the near future for their actions.” reads the post published by Cyble.

The actor leaked sensitive files from 7 email accounts of BEML employee accounts along with a text file containing seven employee’s internal email addresses and their login passwords.

The leaked data includes multiple BEML’s email conversations, customer’s detailed records, multiple interoffice memos, freight invoices, and others documents. Below some snapshots of the dump:


Experts speculate the data leak could be an act of a hacktivist or politically motivated attackers, but they have no technical evidence suggesting the involvement of a nation state actor.

“Based on the leak itself, it appears to be an act of a hacktivist or politically motivated.” concludes Cyble. “At this point, we have no technical evidence suggesting that the attack originated from a neighbouring or non-friendly country; however, the circumstantial pieces (actor’s message, password combinations) suggests it to be the likely the case.”

People who are concerned about their exposure in darkweb can register at the Cyble data breach lookup service to ascertain their exposure.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – BEML, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment