October 5, 2022, During our dark web researchers’ routine monitoring, we discovered that a threat actor who goes by the username “Agent_ignitors” announced that they were able to hack into the internal working systems of numerous Indian firms, although with no intention of harm against the affected firms.
From the hacker’s post in an underground forum, they listed down the names of the affected Indian firms, summing to 36. Among the 36 companies, some include the Nuclear Power Corporation of India, Tech Mahindra, Reserve Bank of India, Telangana Government’s website, and the Bank of India.
The hacker claimed they would not use the alleged stolen data from the Indian firms to inflict harm.
The hacker’s post also mentioned that they do not intend to use the alleged stolen data for further cyberattacks and have just done the data infiltration for their “enjoyment.” However, supposed that their claims of stealing data from the affected firms were legitimate; in that case, the companies must still be prepared against potential attack threats since it is hard to trust hackers’ words.
According to the hacker, they now hold an abundant number of files from all the victims and have shared some screenshots and a Google Drive link, allegedly containing samples of those stolen files. Upon opening the drive, we found samples that include security vulnerability reports, VAPT scan, server load balancer, ISP Routing issues, and more.
The announcement was posted on October 3rd, but none from the list of the affected firms has shared any statement about being hacked. On the other hand, the hacker stated there would be no use tracking them if these companies and cybersecurity experts attempted to do so.
Finally, the hacker shared a contact method in case anyone would reach them out through a Telegram channel with the user handle @indiandef.
With the number of victimised firms listed on the hacker’s announcement, we are concerned that millions of customers and individuals associated with them could be prone to cyberattacks. Thus, we recommend fortifying security measures for these individuals.
But ultimately, if these claims are proven true, the affected companies should enhance their security protocols to ensure that no threat actor could hack into their systems, which could endanger the data of not just the company but also their clients, employees, and users.