Maze Ransomware operators hacked Highways Authority Of India (Nhai)

Researchers at Cyble reported that Maze Ransomware Operators allegedly breached National Highways Authority Of India (Nhai).

As part of regular darkweb monitoring, researchers from threat intelligence firm has spotted the data leak of National Highways Authority of India (NHAI). The Maze ransomware operators allegedly breached the NHAI and leaked the data of their leak site.

The National Highways Authority of India (NHAI) is an autonomous agency of the Government of India, set up in 1988, and is responsible for the management of a network of over 50,000 km of National Highways out of 1,15,000 km in India. It is a nodal agency of the Ministry of Road Transport and Highways.

According to the Economic Times, the attack took place on Sunday night, hackers targeted the National Highways Authority Of India’s email server, but according to the Indian Agency, no data was stolen. The Authority had shut down the server in response to the intrusion.

The National Highways Authority of India (NHAI) on Monday said a cyber attack took place on its email server on Sunday night but prompt action resulted in no data loss. As a precaution, the Authority had shut down the server.

“A ransom ware attack on NHAI email server took place yesterday night. The attack was foiled by the security system and email servers were shut down from safety point of view,” NHAI Chief General Manager, IT, Akhilesh Srivastava, said.

“No data loss took place. NHAI data lake and other systems remained unaffected from this attack,”

Early this month, the government warned against a large-scale cyber attack against individuals and businesses in the country.

“India’s cyber security nodal agency, CERT-In had issued an advisory warning that the potential phishing attacks could impersonate government agencies, departments and trade bodies that have been tasked to oversee disbursement of government fiscal aid.” states the Economic Times.

Now Maze ransomware operators claim to have leaked only 5% (around 2GB) of the total volume of data exfiltrated by the Authority.

The Cyble Research Team analyzed the data leak and confirmed the presence of sensitive corporate operational documents.

“The Cyble Research Team identified and analyzed the data leak of around 2GB. The data leak includes sensitive corporate operational documents such as the company’s staff list, passport copy of ex-chairman of NHAI, details of dependent family members of NHAI employees, NHAI internal audit reports, and much more.” reads the post published by Cyble.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Maze ransomware, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.