MUMBAI: US-based cybersecurity research firm
Cyble reported on Tuesday that internal documents of Defence PSU,
BEML (
Bharat Earth Movers Limited) have been leaked on marketplaces in the
dark web. The actual leak of the documents took place on May 25, according to Cyble.
The firm suspects that a hacktivist or a Pakistan-based threat actor called ‘R3dr0x’ has targeted the website and leaked sensitive data files and email accounts and password of seven employees. The leaked files were downloaded from email accounts of the seven employees and a text file was also leaked detailing the employees’ internal email addresses and login passwords.
“Based on the leak itself, it appears to be an act of a hacktivist or politically motivated. At this point, we have no technical evidence suggesting that the attack originated from a neighbouring or non-friendly country; however, the circumstantial pieces (actor’s message, password combinations) suggests it to be likely the case,” the firm said.
The message left by the attacker as detailed on the Cyble blog was a warning for the government of India. The attacker also said that the files were downloaded from the email accounts of employees.
A link was also mentioned as the "target of the leak". The said link connects to the 'Indigenisation' section of the BEML website.
After the actor logged into the email ids, old passwords were changed to terms like “GoToHellBJP!!1” and “FreeKashm!r” which led the company to suspect that it was a neighbouring country or a politically motivated leak.
The leaked data includes a number of email conversations, customer records, interoffice memos, freight invoices among other details.
BEML said that it would be responding to the development and ET's queries shortly.
BEML is a public sector undertaking that manufactures heavy equipment for sectors like construction, power, irrigation, fertiliser, cement, steel, and rail sectors. It is headquartered in Bengaluru.