Trending

ee-track">
Link copied!

BEML, Indian Defence Contractor, Suffers Data Breach. Politically Motivated?

Update 21/06 - An actor with the alias 'specter05' has claimed the responsibility of the BEML leak in an email sent to Cyble team. The actor mentioned to Cyble - "To put it simply I…

June 9, 2020 · 3 min read

Update 21/06 – An actor with the alias ‘specter05′ has claimed the responsibility of the BEML leak in an email sent to Cyble team. The actor mentioned to Cyble – “To put it simply I was the one behind the leak”. The actor further claimed to be an activist and added – “I have leaked other things some of which have been covered in the past by other news sites. I have more sensitive data regarding other governments that I will leak after a certain amount of time so be ready

Update: Cyble researchers have received further clarification from ‘R3dr0x’ directly, that it wasn’t responsible for this leak as such. The leak was made by an unknown party.

As part of our regular deepweb and darkweb sweeps, we came across an unknown actor (R3dr0x ) in one of the darkweb markets who leaked Bharat Earth Movers Limited (BEML) internal documents (as below). The leak appears to have occurred in May 2020 – quite recent. The actual leak was published on May 25.

image 22

Founded in the year 1964 from then BEML has been manufacturing a wide range of products to meet the needs of mining, construction, power, irrigation, fertiliser, cement, steel, and rail sectors. The earthmoving equipment includes bulldozers, dump trucks, hydraulic excavators, wheel loaders, rope shovels, walking draglines, motor graders and scrapers. BEML has manufacturing plants in Kolar Gold Fields, Bengaluru, Mysore and Palakkad. It has numerous regional offices throughout the country. KGF unit is the main unit accounting for the manufacture and assembly of a wide array of earth-moving equipment such as bulldozers and excavators. Rail coaches are made in the Bangalore complex, and the Mysore facility makes dump trucks and engines of various capacities.

As per our research team, the actor R3dr0x (seem to be a Pakistan actor) has targeted the part of the BEML website detailing about their Indigenisation Levels, which seem to be a warning for the extremist government of Indian that they would face in the near future for their actions.

The Cyble Research Team has identified the actor not only leaking the sensitive data files which were been downloaded from 7 email accounts of BEML employees but have also leaked a text file detailing those 7 BEML employee’s internal email addresses and their login passwords. The data leak includes multiple BEML’s email conversations, customer’s detailed records, multiple interoffice memos, freight invoices, and much more. Below are few snapshots of the leaked records from the large lot.

image 15
Leaked files
image 16
Internal Memo
image 17
List of 7 email addresses and their login passwords.
image 18
image 19
image 20
Customer’s data
image 21
Shipping or freight invoice

Conclusion: Based on the leak itself, it appears to be an act of a hacktivist or politically motivated. At this point, we have no technical evidence suggesting that the attack originated from a neighbouring or non-friendly country; however, the circumstantial pieces (actor’s message, password combinations) suggests it to be the likely the case.

We recommend people to:

  • Never share personal information, including financial information over the phone, email or SMSs
  • Use strong passwords and enforce multi-factor authentication where possible
  • Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
  • Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
  • Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile
  • People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.

About Cyble:

Cyble is a US-based cyber threat intelligence company with the express mission to provide organizations with real-time views of their supply chain cyber threats and risks.

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams