Researchers at Cyble after monitoring over dark web reported that Maze ransomware Operators allegedly breached Highway authorities of india (NHAI)
Researchers at the threat intelligence firm were generally monitoring over the dark web as a part of their normal schedule but suddenly they spotted the data leak of National Highways Authority of India (NHAI). The maze ransomware operators breached the NHAI and leaked all of their data over there.
What is NHAI?
NHAI is an agency of Indian Government, which was set up in 1988, and is responsible for the management and the work of a network of over 50,000 km of National Highways out of 1,15,000 km in India. Also, It is a nodal agency of the Ministry of Road Transport and Highways.
When and How ?
According to several news reporting agencies and specially Economic Times, the attack took place on Sunday Night, hackers targeted National Highways Authority of India’s email Server, but according to their report, there were no data loss or stolen. The authorities had immediately shut down their server in response to the intrusion.
NHAI on Monday confirmed that a cyber attack had taken place on its email server on Sunday night but breach which resulted in no data loss. So as to take a precaution, the Authority had shut down the server immediately after getting the notice.
Akhilesh Srivastava, IT Chief General Manager of NHAI said, “A ransom ware attack on NHAI email server took place yesterday night. The attack was foiled by the security system and email servers were shut down from a safety point of view,”.
“No data loss took place. NHAI data lake and other systems remained unaffected from this attack,”.
What Government had warned us about?
Earlier this month, the Indian government and other Cybersecurity bodies had warned every business organizement and other corporate plus educational bodies that a lot of cyber attacks have been seen. you can read about this over here.
Economic times stated that India’s cyber security nodal agency, CERT-In had issued an advisory warning that the potential phishing attacks could impersonate government agencies, departments and trade bodies that have been tasked to oversee disbursement of government fiscal aid.”.
Proof and Cyble’s statements over the breach
In the below-given picture, the Maze ransomware creator/ hacker themselves have claimed that they only leaked 5% of the total data exfiltrated by the authority.(2gb)
The Cyble firm , claimed that they analyzed the whole leaked data and said there were sensitive corporate information in the above leak.
“The Cyble Research Team identified and analyzed the data leak of around 2GB. The data leak includes sensitive corporate operational documents such as the company’s staff list, passport copy of ex-chairman of NHAI, details of dependent family members of NHAI employees, NHAI internal audit reports, and much more.” reads the post published by Cyble.