Our threat monitoring team in iZOOlogic have recently spotted a newly added victim on the BlackCat, aka ALPHV ransomware, group’s list of victims. This time, the prolific ransomware gang had allegedly attacked the explosives manufacturing firm Solar Industries India, leaking over 2TB worth of secret military data owned by the company.
Solar Industries India was founded in 1993, boasting itself as a globally evolved and recognised industrial explosives manufacturer today.
Posted on January 26, 2023, at 9:39 AM, the ALPHV gang added the Indian explosives firm to their list of victims, with claims that they obtained 2TB of sensitive data from them. Our researchers identified these data as highly sensitive since the group claimed it mostly contained secret military information.
The leaked data from the Indian explosives manufacturing firm contained secret military information and critical corporate documentation.
The ransomware group’s post on their leak site included a detailed report about which data they had allegedly obtained from the victimised company. According to the group’s post, the company’s low security allowed them to nick over 2TB of data, including full descriptions of engineering specifications, weaponry audits, and drawn blueprints.
On the other hand, among the corporate data stolen from the firm were employees’ and customers’ personally identifiable information (PIIs), armament supply chain to various sources, potential partners’ information, government docs revealing details of cooperation, backups and databases, internal product testing documentation, and contracts with the army.
ALPHV also highlighted that they had acquired intelligence about some serious evidence concerning the company’s industrial spying against other countries, including friendly states.
There are no provided details whether how much the compromised database from the Indian explosives manufacturing firm is offered to interested buyers or if they have communicated with the affected firm to settle a ransom payment in exchange for the databases’ safety.
Solar Industries India has also yet to comment on the issue, thus deeming the ransomware group’s claim unconfirmed.
Our researchers also noticed that the company’s website, solargroup[.]com, is currently inaccessible. It is unclear if the website’s downtime is linked to the ransomware threat against them. More details will be provided once our threat monitoring team have gathered updates.
