Huge BSNL Data Leak Reveals Millions to Financial Fraud and SIM Card Cloning As Per A Threat Report

Huge BSNL Data Leak

Huge BSNL Data Leak Reveals Millions to Financial Fraud and SIM Card Cloning As Per A Threat Report

A substantial data intrusion has occurred at Bharat Sanchar Nigam Limited (BSNL), resulting in the compromise of confidential data belonging to millions of users. Critical data, such as IMSI numbers and SIM details, were compromised by an intruder recognized as ‘kiberphant0m‘.

A serious data breach has occurred at Bharat Sanchar Nigam Limited (BSNL), which is a supplier of telecommunications services that is owned by the Central government.  As per a Threat Intelligence Report compiled by Athenian Tech, the cyberattack was carried out by a threat actor who goes by the name “kiberphant0m.” The hacker obtained unauthorized access to a significant quantity of confidential information, putting the safety of millions of people in danger.

Critical data, such as International Mobile Subscriber Identity (IMSI) numbers, SIM card information, Home Location Register (HLR) details, DP Card Data, and even snapshots of BSNL’s SOLARIS servers, have been compromised as a result of the attack. An amount of sensitive information that is greater than 278GB has been exposed.  A claim of responsibility for the attack has been made by the threat actor, who has also provided samples to verify the authenticity of the material.

It is also revealed in the article that the threat actor responsible for the data breach at BSNL has set the price of the stolen data at $5,000, which is equivalent to about ₹4,17,000.  This price was made available as a limited-time offer, and it was only accessible from the 30th of May to the 31st of May, 2024.  Due to the delicate nature of the data and the vast scope of its application, the hefty price tag suggests that the data has great value.

Telegram Chats from Their Official Telegram Group

There are certain chats from the Official Telegram group of the malicious threat actor that are viral on several interfaces of the dark web and other sources.

During the chats, the people have seen asking to share the same demo database with state-sponsored actors for easy money of around $100,000.

A Similar Attack on the Thai Telecom Company

In addition, it has been revealed that a telecom operator situated in Thailand has also been the target of the breach, which marks the third successful attempt by this particular threat actor against organizations functioning in the telecom sector.  Moreover, the threat actor claims that they have access to a number of additional Asian telecom providers.

It has been described as encompassing a broad array of information, which has the potential to compromise the security and privacy of millions of people. The data is currently being sold for a price of $2,000.

Furthermore, the malicious threat actor claims that he possesses 900GB of telecom datasets from the same Thai telecom company.

Where did the data get compromised?

The following data have been compromised:

  • Details regarding the IMSI and SIM card are essential for the functioning of SIM cards.
  • Details about the HLR are necessary for the functioning of the network and for user authentication.
  • It is essential for BSNL’s security infrastructure that the DP Card Data (8GB) and the DP Security Key Data (130GB) be kept secure.
  • Snapshots of the SOLARIS server (140 GB) have the potential to reveal confidential business information.

Possible Dangers and their Implications

  1. Identity Theft and SIM Cards Cloning:

The manner in which it can be accomplished: Cloning is the process of making a replica SIM card that corresponds to the original in terms of both its IMSI and its authentication keys.  As a result, the culprits of the attack are able to steal messages and calls, gain access to bank accounts, and commit fraud, which can result in significant personal and financial losses.

  1. Privacy Violations:

Infractions of privacy Information that is personally identifiable may be used for the purpose of gaining illegal access to communications and data breaches.

  1. Financial and Identity Theft:

It refers to fraudulent acts that bypass safety precautions on bank accounts, resulting in severe financial losses and identity theft.

  1. Targeted Attacks and Scams:

Users may become victims of phishing schemes and social engineering assaults, which take advantage of their faith in BSNL.  This is referred to as targeted attacks and scams.

Users of BSNL are not the only people who could be affected by this threat; it could also have an effect on the operations of the corporation and on national security. The security breach may result in the disruption of service, a decline in performance, and unauthorized access to the operations of the telecom company. A further concern is that the release of sensitive data can compromise both national security and the stability of key infrastructure. Additionally, the hack establishes a precedent for additional attacks on critical infrastructure, which may have the potential to harm other systems and networks that are interconnected.

What Should BSNL Customers Do?

It is important for customers to keep a close eye on their mobile devices and bank accounts for any unexpected behavior. For an additional layer of protection on each and every account, they should also set up two-factor authentication, generally known as 2FA.

It is the opinion of the cybersecurity specialists at Athenian Tech that BSNL needs to take rapid action in order to contain the intrusion, secure network endpoints, and examine access records simultaneously.  They are required to strengthen their security procedures, carry out security assessments on a regular basis, and implement cutting-edge technologies for vulnerability identification.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM.  Naager entered the field of content in an unusual way.  He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts.  He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field.  In the bottom line, he frequently writes for Craw Security.


Canara Bank : X Handle “Hacked” Hacker Changes Username

Hackers Developed Rogue Admin Accounts: Many WordPress Plugins Compromised

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?