The BlackCat (ALPHV) ransomware group claims to have hacked the industrial explosives manufacturer Solar Industries India Limited. It has stolen over 2 TB of critical data, including designs of weapons currently in use.
Findings from the hack
BlackCat has added Solar Industries India Limited to its Tor leak site with a message that the data leakage affected all the classified documents and products of the organization.
The stolen data includes details about the company’s employees and customers, armament supply chains, and information about the other partners and contractors of the firm.
The data further includes technical documentation of the company’s products, engineering documentation of the callout elements, blueprints of the weapons, details of warhead compositions, and internal product testing.
Reports on audits and detected flaws and vulnerabilities in these weapons, as well as details about future developments, were included in the leaked data.
In addition, the attackers managed to access all the production cameras and offices, and posted screenshots, along with several other images of stolen data as proof of the hack.
National weapons exposed
According to the report, the stolen data includes detailed descriptions, including engineering specifications, drawings, and audits of several weapons that are of national importance
Impacted artifacts include Rockets (Pinaka MK-1 ADM-1), Warheads (Konkur, Invar, ATGM MK-2, MPBX Blocks), Mines (Vibhav, Vishal, Adrashy), and Bombs (PGB 450, GP 250).
In addition, the attackers stole details of Rocket propellants Pinaka MK-1 Enhanced, Pinaka MK-2 Guided, Akash Booster, RTRS, Astra MK-2, PSOM-XL, SkyRoot, Star Booster, HEMRL(PJ-10), BramhMos, and A1-P (P1 & P2).
The group has posted messages inviting bids for this data, asking interested candidates to contact them in the given timeline. Moreover, it has claimed that it possesses evidence of industrial spying on other nations too.
Concluding notes
The BlackCat ransomware rapidly built its reputation in the underworld by targeting U.S. Defense Contractor NJVC, as well as several other sensitive data from various critical organizations last year. The group is well-versed in its attack tactics and continues to make fast profits by targeting high-profile organizations.