Researchers from cyber threat intelligence firm Cyble reported that a threat actor is offering in a darkweb black-market documents of the Indian defence contractor Bharat Earth Movers Limited (BEML). The company manufactures a variety of heavy equipment (bulldozers, dump trucks, hydraulic excavators, wheel loaders, rope shovels, walking draglines, motor graders and scrapers), such as that used for earthmoving, transport and mining.
As part of the regular monitoring of cybercrime forums and markets in the deep-web and darkweb, Cyble researchers spotted a threat actor named as R3dr0x who leaked (BEML) internal documents. According to the researchers, the data breach has occurred in May 2020 and the data was published on May 25.
“As per our research team, the actor R3dr0x (seem to be a Pakistan actor) has targeted the part of the BEML website detailing about their Indigenisation Levels, which seem to be a warning for the extremist government of Indian that they would face in the near future for their actions.” reads the post published by Cyble.
The actor leaked sensitive files from 7 email accounts of BEML employee accounts along with a text file containing seven employee’s internal email addresses and their login passwords.
The leaked data includes multiple BEML’s email conversations, customer’s detailed records, multiple interoffice memos, freight invoices, and others documents. Below some snapshots of the dump:
Experts speculate the data leak could be an act of a hacktivist or politically motivated attackers, but they have no technical evidence suggesting the involvement of a nation state actor.
“Based on the leak itself, it appears to be an act of a hacktivist or politically motivated.” concludes Cyble. “At this point, we have no technical evidence suggesting that the attack originated from a neighbouring or non-friendly country; however, the circumstantial pieces (actor’s message, password combinations) suggests it to be the likely the case.”
People who are concerned about their exposure in darkweb can register at the Cyble AmiBreached.com data breach lookup service to ascertain their exposure.
(SecurityAffairs – BEML, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.