Bharat Sanchar Nigam Limited (BSNL), the state-owned telecommunications provider, has experienced a significant data breach. According to a Threat Intelligence Report by Athenian Tech, the cyberattack was orchestrated by a threat actor known as “kiberphantom.” The hacker compromised a substantial amount of sensitive data, putting millions of users at risk.
The breach involves critical data, including International Mobile Subscriber Identity (IMSI) numbers, SIM card information, Home Location Register (HLR) details, DP Card Data, and even snapshots of BSNL’s SOLARIS servers. In total, over 278GB of sensitive information has been compromised. The threat actor has claimed responsibility for the attack and provided samples to validate the data’s legitimacy.
The report reveals that the hacker has priced the stolen data at $5,000 (approximately Rs 4,17,000). This special deal was available only from May 30, 2024, to May 31, 2024. The high price tag underscores the data’s significant value due to its sensitive nature and extensive scope.
What Data Was Compromised?
The compromised data includes:
– IMSI and SIM Details: Vital for the operation of SIM cards.
– HLR Details: Essential for network operations and user authentication.
– DP Card Data (8GB) and DP Security Key Data (130GB): Critical for BSNL’s security infrastructure.
– SOLARIS Server Snapshots (140GB): Potentially exposing operational secrets.
Potential Risks and Implications
– SIM Cloning and Identity Theft: Cloning involves creating a duplicate SIM card with the same IMSI and authentication keys as the original. Attackers can intercept messages and calls, access bank accounts, and commit fraud, leading to severe personal and financial losses.
– Privacy Violations: Personal information could be misused for unauthorized access to communications and data breaches.
– Financial and Identity Theft: Fraudulent activities could bypass security measures on financial accounts, leading to significant financial losses and identity theft.
– Targeted Attacks and Scams: Users may become targets of phishing schemes and social engineering attacks, exploiting their trust in BSNL.
The threat extends beyond BSNL users, potentially impacting the company’s operations and national security. The breach could lead to service outages, degraded performance, and unauthorized access to telecom operations. Additionally, sensitive data exposure can undermine national security and infrastructure stability. This attack sets a precedent for further assaults on critical infrastructure, potentially affecting other interconnected systems and networks.
What Should BSNL Users Do?
Users should monitor their phones and bank accounts for unusual activity. They should also enable two-factor authentication (2FA) for an additional layer of security on all accounts. Athenian Tech cybersecurity experts recommend that BSNL take immediate action to contain the breach, secure network endpoints, and audit access logs. BSNL must enhance its security measures, conduct frequent security audits, and adopt advanced threat detection technologies.
