January 1, 2023: Customer Data Breach at Toyota India
A data breach at Toyota Motor's Indian business might have exposed some customers' personal information, it said on Sunday. The car company warned that the accounts could be subject to spamming or phishing scams along with unsolicited emails.
February 21, 2022: Ransomware Attack Cripples Indian Port Container Terminal JNCPT
Jawaharlal Nehru Port Container Terminal was hit by a suspected ransomware attack. JNPCT operations are down and they are unable to process containers. Vessels were diverted and JNPCT stopped accepting ships for loading/unloading at the port.
JNPCT is owned and operated by the port authority, while the other terminals are private. This mirrors a NotPetya attack that occurred at the Gateway Terminal India (GTI) terminal at the same port, owned by Danish AP Moller-Maersk (APM), in 2017. At the time, 17 APM terminals around the world were hit simultaneously.
October 14, 2022: India’s Largest Integrated Power Company, Tata Power, Hit by Cyberattack
Tata Power, a leading power generation company in India, confirmed it was hit by a cyberattack. In a brief statement released on Friday, the Mumbai-based company said that the attack impacted some of its IT systems.
“The company has taken steps to retrieve and restore the systems. All critical operational systems are functioning. As a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer-facing portals and touchpoints,”
October 22, 2020: Covid vaccine-maker Dr Reddy Laboratories hit by cyber-attack
Pharmaceutical company Dr Reddy's, which is developing a Covid-19 vaccine, stated it has been hit by a cyber-attack. Sites around the world have been affected, including those in the UK, Brazil, India, Russia and the US. The India-based company said it had isolated all of its data centre services to contain the attack. The attack came only days after the pharmaceutical company was gearing up for a phase 2/3 clinical trial of Russia’s COVID-19 vaccine, dubbed Sputnik V, after gaining the trial go-ahead from Indian regulators last week.
April 10, 2022: Oil India Ltd. Hackers Demand US$7.5M Ransom Payment
A cyberattack on Oil India Limited (OIL) led the energy giant to disable its IT systems at its headquarters in Assam’s Dibrugarh district. OIL server, network and other related services are affected. OIL spokesperson Tridiv Hazarika told ET, "data is secured, as per protocol, we disabled our systems. Infected computers are being checked. Our SAP is running and hence operations are going on smoothly. " He added, "our IT department will restore computers phase wise. Computers are put out of lan (local area network). Our drilling activities are going on without interruption. "
A senior police official said that it was Russian malware planted from a server in Nigeria. The cyber attacker has demanded US$ 7500000 as a ransom through a note from the infected PC.
June 21, 2022: Indian Flood Monitoring System Targeted by Hackers
A Ransomware attack hit Goa’s flood monitoring system according to the Hindustan Times, which reports that the state government’s water resources department that maintains the data said that all its files have been encrypted and can no longer be accessed.
The data center server in Panaji stores the data of 15 flood monitoring systems on major rivers in the Goa region, as part of disaster management and flood control. Access is unavailable to data relating to batteries and to real time monsoon activity.
Reports are in that the servers of Flood Monitoring System were hit by the file-encrypting malware on June 21st,2022 and the hackers are demanding BTC in double-digit figures to free data from encryption. The department reportedly has no dedicated IT staff or security professional to react to such situations. Officials are not interested in paying a ransom to hackers and are sure to recover the locked-up data by other means.
May 24, 2022: SpiceJet’s (Low Cost Airline in India) Systems and Operations impacted by Ransomware Attack
Low-cost Indian airline SpiceJet has informed its customers today of an attempted ransomware attack that has impacted some of its systems and caused cascading delays on flight departures. The airline announced on its social media channels that its IT team managed to thwart the attack. However, multiple customer reports on Twitter and Facebook still reflect ongoing problems, highlighting flight delays, saying that customer service via phone is unreachable, and the bookings system remains unavailable.
In 2021, SpiceJet went through severe financial trouble result of grounding its fleet due to COVID-19 restrictions. It is easy to assume that this dire financial situation didn't leave much margin for investing in cybersecurity and incident response, which might be what allowed the ransomware actors in this case to launch a successful attack. (reports Bleepingcomputer.com - link below)
* "planes grounded/delayed >5hrs" based on total downtime of all reports. Actual passenger reports suggest shorter individual delays
October 16, 2021: Acer Hit in Cyber Attack
After attackers infiltrated Acer’s servers in India, the company’s Taiwan office fell victim to a breach this past weekend.
On October 16, Desorden hackers said they obtained login details belonging to employees of Acer’s Taiwanese branch. That came three days after the attack group breached Acer India’s servers. The attack group apparently found vulnerabilities on Acer’s Malaysian and Indonesian network as well, according to a report with Privacy Affairs.
February 21, 2021: Air India: Hack Leaked Passengers’ Data
Personal data of an unspecified number of travelers has been compromised after a company that serves India’s national carrier was hacked, Air India said.
The hackers were able to access 10 years’ worth of data including names, passport and credit card details from the Atlanta-based SITA Passenger Service System, Air India said in a statement Friday.
October 29, 2019: India Nuke Hit By Malware
A day after officials at Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu, India, denied a cyberattack on its systems, the Nuclear Power Corporation of India Limited (NPCIL), the administrative governing body for nuclear power plants in the country, said “malware” was in one of their systems.
The NPCIL said Wednesday only an administrative system was infected by malware and the plant’s control systems were not affected. But others are saying there was domain controller level access achieved and mission critical targets hit.