🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
On 20 September 2024, CloudSEK’s XVigil discovered threat actor “xenZen” selling 7TB of data from Star Health Insurance, impacting over 31 million customers. While the data is confirmed authentic, claims of insider involvement from the company’s CISO appear fabricated.
Category: Adversary Intelligence | Industry: Insurance | Motivation: Financial & Geopolitical | Region: India/Asia & Pacific | Source*: D3
On 20 September 2024, CloudSEK’s XVigil platform discovered a threat actor, “xenZen,” selling 7TB of sensitive data from Star Health Insurance. The leaked data includes personal and health details of over 31 million customers and insurance claims for nearly 6 million individuals. “xenZen” claims to have acquired the data from Star Health’s CISO and created a website and Telegram bots to share samples, which appear legitimate.
While the data’s authenticity is confirmed with high confidence, the involvement of the CISO and other executives seems fabricated. This article shows potential attack chains as well as fabrication methods that were used by “xenZen” who also has a history of data breaches and may have geopolitical motives beyond financial gain.
The actor mentioned in the post that the following information has been leaked
Customer Data Leak
31,216,953 customers (data till JULY 2024)
Insurance Claims Data Leak
5,758,425 claims (data till early AUG 2024)
The threat actor claims that they bought the data directly from Star Health’s CISO. To establish the authenticity of these claims, the threat actor has gone an extra mile and created a website(protected behind cloudflare) dedicated to Star Health Insurance’s leaked data. The website was registered in August 2024, after the alleged conversation with the company’s CISO.
The threat actor created 2 telegram bots for the dissemination of the samples of customer and insurance data to the wider audience. Analysis indicates that the data samples are legitimate and do belong to the targeted company.
On the other hand, within the video shared by the threat actor, we saw
Based on the available information, we can ascertain with high confidence that the threat actor has data that originates from Star Health Insurance. However, the involvement of the CISO and other executives seems highly unlikely and fabricated, to say the least.
WazirX, a leading Indian cryptocurrency exchange, faced a major security breach on July 18, 2024 resulting in significant financial losses of over $200 Million. Dive into our detailed analysis to uncover how the attack unfolded, potential culprits, and the broader implications for WazirX users.
This advisory highlights recent attacks on Indian banks, focusing on two primary attack vectors: geopolitical tensions and credential stealers/social media account takeovers.
CloudSEK's Threat Intelligence (TI) team continued its investigation and has uncovered a network of money mules, posing a significant risk to the Indian banking ecosystem.
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
3
min read
On 20 September 2024, CloudSEK’s XVigil discovered threat actor “xenZen” selling 7TB of data from Star Health Insurance, impacting over 31 million customers. While the data is confirmed authentic, claims of insider involvement from the company’s CISO appear fabricated.
Category: Adversary Intelligence | Industry: Insurance | Motivation: Financial & Geopolitical | Region: India/Asia & Pacific | Source*: D3
On 20 September 2024, CloudSEK’s XVigil platform discovered a threat actor, “xenZen,” selling 7TB of sensitive data from Star Health Insurance. The leaked data includes personal and health details of over 31 million customers and insurance claims for nearly 6 million individuals. “xenZen” claims to have acquired the data from Star Health’s CISO and created a website and Telegram bots to share samples, which appear legitimate.
While the data’s authenticity is confirmed with high confidence, the involvement of the CISO and other executives seems fabricated. This article shows potential attack chains as well as fabrication methods that were used by “xenZen” who also has a history of data breaches and may have geopolitical motives beyond financial gain.
The actor mentioned in the post that the following information has been leaked
Customer Data Leak
31,216,953 customers (data till JULY 2024)
Insurance Claims Data Leak
5,758,425 claims (data till early AUG 2024)
The threat actor claims that they bought the data directly from Star Health’s CISO. To establish the authenticity of these claims, the threat actor has gone an extra mile and created a website(protected behind cloudflare) dedicated to Star Health Insurance’s leaked data. The website was registered in August 2024, after the alleged conversation with the company’s CISO.
The threat actor created 2 telegram bots for the dissemination of the samples of customer and insurance data to the wider audience. Analysis indicates that the data samples are legitimate and do belong to the targeted company.
On the other hand, within the video shared by the threat actor, we saw
Based on the available information, we can ascertain with high confidence that the threat actor has data that originates from Star Health Insurance. However, the involvement of the CISO and other executives seems highly unlikely and fabricated, to say the least.