ICICI Bank has allegedly become the target of a ransomware attack. The infamous ransomware group, Bashe, has claimed responsibility for the data breach, and has alleged the access to sensitive customer data, threatening its public release unless their ransom demands are met.
Upon reviewing the claims, however, there have been some inconsistencies found by India Today’s Open Source Intelligence (OSINT) team that cast doubt on the legitimacy of the breach.
While the group initially set a deadline of January 24, 2025, they later extended it to January 31, 2025—a common tactic used by attackers to maintain pressure. Also, the sample data shared as “proof” appeared incomplete and lacked credibility, raising questions about the authenticity of the claims and the true extent of the breach.
Also Read: CBI arrests ex-ICICI Bank CEO and husband over Videocon Loan Fraud Case
Bashe, also known as Eraleig or APT (Advanced Persistent Threat) 73, is a ransomware group that emerged in April 2024. In just nine months, Bashe has claimed a total of 72 victims on its dark web leak site, largely targeting industries such as banking, healthcare, logistics, and technology across countries including India, the United States, the United Kingdom, France, Germany, and Australia. The group employs Tor-based infrastructure, linked to malicious activities like Meduza Stealer and TrickBot, to ensure anonymity and evade detection.
On investigating the dark web leak site, the ransomware group claimed to have targeted India three times, including the recent ICICI breach.
However, their December 27th claim of possessing over 6 lakh sensitive customer records from Federal Bank turned out to be fake. When the group released the data, it was a small Excel file previously leaked by another ransomware group, “Everest,” in 2021.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
