Sensitive Defence Data Leaked: Secret Documents And Weapon Designs Exposed By Ransomware Hacker Group
A significant security breach involving India's defence sector has surfaced, with 20 terabytes of classified data allegedly stolen by ransomware group Babuk Locker 2.0 and put up for sale. While DRDO denies any breach in its systems, cybersecurity firm Athenian Tech traced the leak to a former Defence Ministry official's compromised personal device containing Aadhaar details, financial records, and evacuation protocols for national leaders during aerial attacks.
Babuk Locker 2.0 claimed on March 10, 2025, to have exfiltrated DRDO data including engineering designs for the T9 Bhishma Tank upgrade, procurement plans, and details of India's defence partnerships with the US, Brazil, and Finland. The group released a 753 MB sample containing credential logs and strategic documents. DRDO maintains the leaked information didn't originate from its infrastructure but hasn't clarified the data's provenance.
Forensic analysis indicates the data came from Puneet Agarwal's device – a Joint Secretary (2019-2021) whose personal travel documents and security clearance information were compromised. The leak includes unprecedented details about VVIP evacuation procedures, creating direct operational security risks. While initial communications suggested Indonesian links due to language use, Athenian Tech suspects the hackers inflated the breach's scope.
The incident exposes critical vulnerabilities in India's defence data management, particularly:
Endpoint security failures allowing classified data on personal devices
Inadequate access controls for sensitive informationPotential insider threats from improper data handling
Athenian Tech warns stolen credentials could enable further system infiltrations, emphasizing the need for multi-factor authentication and real-time network monitoring. The firm's report stresses: "Proactive monitoring and revised data governance policies are non-negotiable for national security infrastructure". This breach underscores the evolving challenges in protecting defence assets against increasingly sophisticated cyber threats.
Agencies
