On 10 March 2025, Athenian Tech (AT) identified a significant security breach affecting a sensitive national defence division after the ransomware group Babuk Locker 2.0 claimed to have exfiltrated nearly 20TB of classified defence data. The leaked dataset reportedly included sensitive information like VVIP evacuation procedures.
Upon deeper investigation, the breach was traced not to the core defence infrastructure but to the personal device of a former senior official, exposing a critical endpoint‑security lapse. Although the primary systems remained uncompromised, the scale and sensitivity of exposed data posed severe national‑security, diplomatic, and regulatory risks.
AT’s AI‑powered intelligence platform, Prime, analysed the leaked dataset across Dark Web and closed‑channel ecosystems, profiling Babuk Locker 2.0 and mapping their TTPs to confirm the nature of the attack. Prime’s investigation identified the breach’s origin and provided actionable intelligence to help authorities understand the exposure pathway, the attack behaviour, and the severity of the data loss.
Impact
AT’s independent findings were formally acknowledged by the Ministry of Defence, CERT‑In, and the PMO. The organisation requested a comprehensive research and remediation report from AT to help address systemic vulnerabilities, strengthen endpoint security practices, and prevent recurrence of similar high‑impact breaches.
