On 20 May 2024, government owned telecom major BSNL and a critical part of India’s national communications infrastructure, was hit by a major cybersecurity incident. The same day, a threat actor—kiberphant0m—claimed responsibility of the attack and advertised the sale of approximately 278 GB of sensitive telecom data on the dark web. The exposed data included IMSI numbers, SIM subscriber details, Home Location Register (HLR) records, and internal Solaris server snapshots, all of which are vital for telecom operations and subscriber identity management.
Given BSNL’s role in supporting government and critical communications, the incident raised serious concerns around subscriber privacy, regulatory compliance, and national security risk. Public disclosure of breach claims also led to heightened scrutiny by regulators, the media, and government bodies, while increasing the risk of secondary exploitation by other threat actors.
The breach was identified by Athenian Tech through its threat intelligence platform, Prime, which continuously monitors the Dark Web, Deep Web, Surface Web and hacker forums for early indicators of compromise. Athenian Tech validated the leaked data and formally reported the findings to BSNL, providing evidence-based intelligence, through Prime, on the exposed data and associated threat activity. These insights helped create broader awareness around telecom security risks and contributed to national-level discussions on protecting critical infrastructure.
