Indian defense contractor, Bharat Earth Movers Limited (BEML), is the latest target of a cyber hacking group. Hackers released the company’s stolen data on the Dark Web.
BEML is a Bengaluru-based public sector defense project that produces construction equipment and machinery for cement production, irrigation sector, and fertilizer, etc.
R3dr0x was suspected to be behind the indigenization part of the website. But further investigations have cleared them of any suspicion.
Cybersecurity company, Cyble, believe that the attacks have political motivation.
It stated in its blog post, “based on the leak itself; it appears to be an act of a hacktivist or politically motivated. At this point, we have no technical evidence suggesting that the attack originated from a neighboring or non-friendly country; however, the circumstantial pieces (actor’s message, password combinations) suggests it to be likely the case.”
Researchers are yet to name the threat actor responsible for this attack. The unknown actor gained access to the company’s confidential files, hacked employees’ email accounts and changed the passwords to phrases like, “FreeKashm!r”, “GoToHellBJP!!1” before leaking their login details online.
Other leaked data include interoffice memos, customers’ records, freight invoices of the company, etc.
These terms make Cyble believe that the threat actors could be from a bordering country. Bearing suspicions of a threat, Google removed SmeshApp from its playstore. Google had reasons to think that the Pakistani Intelligence Agency, ISI, used the app as spyware to spy on the Indian military.
Screenshot of the leaked data
Another case occurred in August 2016, concerning the French contractors, DCNS, when secrets about Scorpene submarines which was being constructed in India were leaked. They believed the attack was an act of “economic warfare.”