Hackers claim to have infiltrated DRDO’s confidential files

Cybersecurity firm Athenian Tech's analysis found the leaked files contained sensitive data on the T9 Bhishma Tank upgrade, defence partnerships with Finland, Brazil, and the US, and evacuation protocols for India’s top leaders during an aerial attack

A major security breach has put India’s defence infrastructure at risk, with a hacker group allegedly leaking sensitive data linked to the Defence Research and Development Organisation (DRDO). The stolen information reportedly includes classified engineering designs, procurement plans, and details of India’s strategic collaborations with foreign nations. The DRDO data breach has raised alarm over potential national security vulnerabilities.

The data leak was announced on March 10 this year, by a ransomware group identified as Babuk Locker 2.0. Claiming responsibility for the cyberattack on DRDO, the group alleged that it had exfiltrated 20 terabytes of data from DRDO’s systems, including classified defence documents and a vast repository of credential logs. To validate their claims, the hackers publicly released a 753 MB sample of the stolen data.

Cybersecurity firm Athenian Tech conducted an initial analysis, revealing that the leaked files contained sensitive information on the upgradation of the T9 Bhishma Tank and details of defence partnerships with Finland, Brazil, and the United States. Alarmingly, the leaked data also included evacuation protocols for India’s top leadership, such as the President and the Prime Minister, in the event of an aerial attack.

Origin of the breach and DRDO’s official stance

According to Athenian Tech, the stolen data appears to have originated from the personal device of a former Defence Ministry official, rather than DRDO’s core IT systems. The leaked files reportedly contained personal details of Puneet Agarwal, who served as Joint Secretary in the Defence Ministry from 2019 to 2021. His Aadhaar details, financial records, and travel documents were found within the breach, suggesting a targeted compromise rather than a systemic infiltration of DRDO’s networks.

DRDO, however, has denied any breach of its data. Officials stated that the leaked files do not belong to the organisation but did not offer further clarification regarding the allegations. The agency, known for its strict security protocols—including prohibiting scientists and staff from carrying personal mobile phones within certain premises—has yet to confirm whether the stolen files contained any leaked military plans.

Security ramifications and cyber threats

Despite DRDO’s denial, the breach raises significant concerns about India’s cybersecurity framework, insider threats, and vulnerabilities in safeguarding critical defence data. Athenian Tech’s report suggests that Babuk Locker 2.0’s claim of stealing 20 terabytes of data may be exaggerated. However, even a partial leak of classified information can have severe security repercussions.

The cybersecurity firm also released chat screenshots indicating that Babuk Locker 2.0 members communicated in Indonesian, hinting at a possible link to cybercriminal networks in Indonesia. If the hackers indeed accessed a credential repository, the risk of further breaches across interconnected defence systems remains high.

Imperative measures to strengthen cybersecurity

Experts warn that the presence of sensitive files on a personal device points to lapses in endpoint security and inadequate enforcement of data protection policies. The India defense data breach underscores the need for stringent cybersecurity protocols, enhanced access controls, and real-time monitoring to prevent similar incidents in the future.

With defence data now potentially in the hands of cyber adversaries, security agencies are under pressure to conduct a thorough investigation and implement measures to reinforce the resilience of India’s defence infrastructure against evolving cyber threats.