It’s not uncommon for cyber threat actors to breach government agencies and steal their information.
We have seen several instances of that in the past where organised cybercrime groups have targeted these agencies such as below:
However, when certain groups or actors actions might be influenced by geopolitical reasons. Most recently, we noticed one of the leaks related to BEML (an actor with the alias ‘spectre’ has claimed the responsibility of the BEML leak in an email sent to Cyble team). The actor mentioned to Cyble – “To put it simply I was the one behind the leak”. The actor further claimed to be an activist and added – “I have leaked other things some of which have been covered in the past by other news sites. I have more sensitive data regarding other governments that I will leak after a certain amount of time so be ready”
On this instance, Cyble was approached by a known actor who is allegedly selling confidential information of the Indian Government for 25 BTC. Cyble researchers investigated this further, and it appears the actor or a third-party managed to gain access scanned copies of sensitive documents.
The actor has shared a “vague” sample as part of our research. The sample appears to be from a scanned or photocopied source (as the actor alleged on his sale).
The actor is selling other India-related documents as well –
Cyble has been tracking this actor/group for over 12 months now. Some of the other items in the market by the same actor are below:
The claim by the actor is unconfirmed at this stage, and our researchers are continually searching for more information. The sample Cyble researchers acquired is potentially linked to the leak (as the actor alleged).
If you’ve something to share on this issue, reach out to us at firstname.lastname@example.org.