Investigations suggests of a breach on a personal machine, of a fomer defece ministry official led to leak of sensitive information including evacuation protocols of VVIPs.
In a major development, the bad guys lurking in the dark alleys of cyber space got access to sensitive defence data, including the engineering design of a weapon and evacuation protocols for VVIPs including that of the President of India and the Prime Minister of India. These bad elements post having access to such sensitive data put the same out for sale, on the dark web. To put it simply these nefarious elements breached the sanctum of India’s defence establishment itself. To be more specific, sensitive data of the Defence Research and Development Organisation (DRDO) was stolen, and then put up for sale. Athenian Tech, a firm monitoring digital risks, analysed the leaked data and alerted the relevant authorities, about it, in good time.
The anatomy of the breach. On 10 March 2025, ransomware group Babuk Locker 2.0 announced the heist, in which it claimed to have exfiltrated an astronomical 20 terabytes of data from DRDO’s systems, including classified defence documents and a vast credential repository. The group released 753 MB as sample data in public as a brazen show of their intent. The sample contained files related to the upgradation of the T90 Bhishma main battle tank, India’s strategic defence collaborations with Finland, Brazil and the United States of America and most alarmingly, evacuation protocols for the VVIPs including that of the President of India and the Prime Minister of India, in the event of an aerial attack.
The modus operandi. Athenian Tech upon investigation found that the hackers communicated in in Indonesian language, indicating their possible Indonesian origin. However, after a detailed review, it came to light that a large amount of the leaked data was linked to Shri Puneet Agarwal, a former Joint Secretary in the Defence Ministry from 2019-2021, suggesting that the breach was unlikely to have originated from DRDO’s core IT infrastructure.
The wake-up call. There are serious breaches of endpoint security and data handling policies, especially considering that sensitive defence files were found on what appears to be a personal system. The release of files from a single compromised system shows an urgent need for stringent cybersecurity measures across India’s critical defence infrastructure. When the vault containing a nation’s most closely guarded secrets is cracked, even the slimmest crack opens the flood gates of destruction.
