close_game
close_game

Cyberattack on aerospace research firm under NIA lens

ByNeeraj Chauhan
Mar 18, 2024 06:58 AM IST

The National Investigation Agency (NIA) has started investigating the incident as a cyberterrorist attack

New Delhi:

In November last year, data from National Aerospace Laboratories (NAL) was stolen by a hacker group LockBit. (AP)
In November last year, data from National Aerospace Laboratories (NAL) was stolen by a hacker group LockBit. (AP)

A ransomware attack on government-owned National Aerospace Laboratories (NAL), India’s largest aerospace research company, on November 15 last year has come under the scanner of the National Investigation Agency (NIA), which has started investigating the incident as a cyberterrorist attack.

The federal anti-terror agency has registered a case in the ransomware attack, suspected to have been carried out by world’s most notorious cybercrime enterprise called LockBit, people familiar with the developments said, on condition of anonymity.

An affiliate of the government’s Council of Scientific and Industry Research, NAL Bengaluru is the only government aerospace R&D laboratory in the country’s civilian sector. It came under a ransomware attack on November 15, after which LockBit threatened to publish the stolen data, including classified letters, if it failed pay an unspecified ransom amount.

“We have registered a case to investigate the ransomware attack at the NAL from the cyberterrorism angle,” said a NIA officer.

The federal agency has a specialized anti cyberterrorism unit, which probes cyber attacks by state or non-state actors on government and private installations in India. It had earlier assisted other agencies including CERT-In in the ransomware attack at the All India Institute of Medical Sciences in November 2022.

“Lockbit is one of the most prolific cyber criminals’ groups,” said Tarun Wig, information security expert and co-founder of Innefu Labs. “Ransomware attacks are usually carried out by private groups for money and Indian establishments have been targeted very often.”

One of the world’s most active ransomware-as-a-service operations groups, LockBit has been involved in data theft and encryption, followed by extortion and data leak. It first emerged in 2019, with its name at that time as ABCD. Since then, it has hacked into thousands of businesses, schools, medical facilities and government establishments around the world.

After a joint operation by law enforcement agencies from 10 countries, including the US, France, Germany, Sweden, Australia, Japan and Canada and led by British authorities, UK’s National Crime Agency last month announced it had taken control of LockBit’s services, compromising their criminal enterprise.

“Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems,” Graeme Biggar, director general of the British agency, said in a statement on February 20.

“As of today, LockBit are locked out. We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity,” Biggar said while terming LockBit as world’s most harmful cybercrime group.

The US department of justice also said it had partnered with the Federal Bureau of Investigation to disrupt the LockBit ransomware group, “one of the most active ransomware groups in the world that has targeted over 2,000 victims”. It said the cyber enterprise had “received more than $120 million in ransom payments, and made ransom demands totaling hundreds of millions of dollars”.

Get Current Updates on...
See more
Get Current Updates on India News, Weather Today, Latest News and Top Headlines from India.
SHARE THIS ARTICLE ON
Share this article
SHARE
Story Saved
Live Score
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Saturday, December 07, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On