Category: Adversary Intelligence | Industry: Government | Motivation: Hacktivism | Region: India | Source*: B2 |
---|
Executive Summary
THREAT | IMPACT | MITIGATION |
---|---|---|
|
|
|
Analysis and Attribution
Information from the Post
- On 14 June 2022, a threat actor published a post, on a cybercrime forum, sharing the old database of the Rail Coach Factory, Kapurthala, India for free.
- The actor claims that the compromised database includes users’ PII along with plain text passwords and other database names and has been made available to all.
- The actor shared the following information and databases:
PII Shared |
---|
|
Databases Shared | ||
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The Threat Actor
- Previous posts of the threat actor indicate that they have been actively engaging with the members on the forum by posting accesses and databases. Some of them are sold at a cost, while others are shared for free.
- The threat actor is a hacktivist group, involved in gray hat hacking, and has thousands of followers and collaborators across the globe.
- The group is a coalition of more than 3 organized groups that operate from Europe and America, and they had previously targeted a few Indian entities too.
Source Rating
- The actor, who joined the new cybercrime forum in March 2022, has a high reputation on the forum and a decent number of members on the Telegram channel.
- The reliability of the actor can be rated Usually reliable (B).
- The credibility of the advertisement can be rated as Probably true (2).
- Giving overall source credibility of B2.
Impact & Mitigation
Impact | Mitigation |
---|---|
|
|