The firm suspects that a hacktivist or a Pakistan-based threat actor called ‘R3dr0x’ has targeted the website and leaked sensitive data files and email accounts and password of seven employees. The message left by the attacker as detailed on the Cyble blog was a warning for the government of India. The attacker also said that the files were downloaded from the email accounts of employees

MUMBAI: US-based cybersecurity research firm Cyble reported on Tuesday that internal documents of Defence PSU, BEML (Bharat Earth Movers Limited) have been leaked on marketplaces in the dark web. The actual leak of the documents took place on May 25, according to Cyble.

BEML said the Indian Computer Emergency Response Team (Cert-In) alerted it to the breach on June 3 and an internal review showed that the information allegedly leaked was “non-classified and has no adverse impact” on the company.

The firm suspects that a hacktivist or a Pakistan-based threat actor called ‘R3dr0x’ has targeted the website and leaked sensitive data files and email accounts and password of seven employees. The leaked files were downloaded from email accounts of the seven employees and a text file was also leaked detailing the employees’ internal email addresses and login passwords.

“Based on the leak itself, it appears to be an act of a hacktivist or politically motivated. At this point, we have no technical evidence suggesting that the attack originated from a neighbouring or non-friendly country; however, the circumstantial pieces (actor’s message, password combinations) suggests it to be likely the case,” the firm said.

The Bangalore-based BEML, which manufactures heavy equipment for the construction, power, irrigation, fertiliser, cement, steel and rail sectors, said it had formed a high-level committee to investigate the breach.

“As an immediate measure we have deactivated the suspected e-mail ids, all computing devices used to access these e-mails have been quarantined from the business network, an internal analysis of logs have been carried out and data has been secured for further forensic Cyber Audit," a BEML spokesperson said in response to ET’s queries over email.

Computing devices used for internet access at remote locations have also been segregated from the business network, the spokesperson said.