Indian Rail Coach Factory PII and Credentials Shared From Past Data Breaches

CloudSEK team identified a post on a cybercrime forum where a threat actor posted the database of Rail Coach Factory, Kapurthala, India for free.
Updated on
February 27, 2023
Published on
June 22, 2022
Read time
5
Subscribe to the latest industry news, technologies and resources.
 
Category: Adversary Intelligence Industry: Government Motivation: Hacktivism Region: India Source*: B2

Executive Summary

THREAT IMPACT MITIGATION
  • Credentials and PII of users of Rail Coach Factory, Kapurthala, India were shared.
  • The data shared, though dated between 2008-2010, could still put users at risk.
  • Unencrypted sensitive data of the Rail Coach Factory is available for free.
  • The sensitive information poses a large-scale risk, leading to exposure of critical government infrastructure.
  • Details of personnel in every department could be misused for corruption in Tender Applications or similar operations.
  • Monitor user accounts for suspicious transactions.
  • Encrypt the data and credentials present in the databases and server.
  • Ensure user awareness about this data leak.
CloudSEK’s contextual AI digital risk platform XVigil has identified a post on a cybercrime forum where a threat actor has posted the database of Rail Coach Factory, Kapurthala, India for free.  

Analysis and Attribution

Information from the Post

  • On 14 June 2022, a threat actor published a post, on a cybercrime forum, sharing the old database of the Rail Coach Factory, Kapurthala, India for free.
  • The actor claims that the compromised database includes users’ PII along with plain text passwords and other database names and has been made available to all.
[caption id="attachment_19639" align="alignnone" width="1708"]Threat actor’s post on cybercrime forum Threat actor’s post on cybercrime forum[/caption]  
  • The actor shared the following information and databases:
PII Shared
  • User ID
  • User Type
  • Email Address
  • Password
  • User Name
  • Mobile Number
Databases Shared
  • Civil.mdb
  • Contacts.mdb
  • Critical_Item.mdb
  • deptcd.mdb
  • log.mdb
  • news.mdb
  • nonmovItems.mdb
  • Noticedb.mdb
  • pbranch.mdb
  • Rcftenders.mdb
  • sales.mdb
  • sms.mdb
  • Tenderform.mdb
  • TendFinal.mdb
  • users.mdb

The Threat Actor

  • Previous posts of the threat actor indicate that they have been actively engaging with the members on the forum by posting accesses and databases. Some of them are sold at a cost, while others are shared for free.
  • The threat actor is a hacktivist group, involved in gray hat hacking, and has thousands of followers and collaborators across the globe.
  • The group is a coalition of more than 3 organized groups that operate from Europe and America, and they had previously targeted a few Indian entities too.

Source Rating

  • The actor, who joined the new cybercrime forum in March 2022, has a high reputation on the forum and a decent number of members on the Telegram channel.
Hence,
  • The reliability of the actor can be rated Usually reliable (B).
  • The credibility of the advertisement can be rated as Probably true (2).
  • Giving overall source credibility of B2.

Impact & Mitigation

Impact Mitigation
  • This data leak is a massive risk, leading to the exposure of critical government infrastructure.
  • Unencrypted sensitive data of the Rail Coach factory is available on cybercrime forums for free which can be used for malicious purposes.
  • PII (Personally Identifiable Information) of the employees belonging to Rail Coach Factory can be used to conduct:
    • Social engineering attacks
    • Phishing attacks
    • Identity theft
  • Monitor user accounts for suspicious transactions, which could indicate possible account takeovers.
  • Encrypt the data and credentials present in the databases and server. Implement a strong password policy and enable MFA (multi-factor authentication) across logins.
  • Ensure user awareness about such data leaks.
  • Patch vulnerable and exploitable endpoints.
  • Real-time monitoring of cybercrime forums for data breaches.

References

Appendix

[caption id="attachment_19640" align="alignnone" width="1303"]A sample of database posted by TA A sample of database posted by TA[/caption]   [caption id="attachment_19641" align="aligncenter" width="1599"]The leaked files The leaked files[/caption]  

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Related Intelligence Posts
No items found.