New Delhi: Bharat Sanchar Nigam Limited (BSNL), India’s state-owned telecom provider has experienced a major data breach. According to a Threat Intelligence Report by Athenian Tech, a cybercriminal named "kiberphant0m” carried out the attack. The breach compromised a large amount of sensitive data, putting millions of users at risk.
Critical Data Involved in the BSNL Breach:
- International Mobile Subscriber Identity (IMSI) numbers
- SIM card information
- Home Location Register (HLR) details
- DP Card Data
- Snapshots of BSNL's SOLARIS servers
Kanishk Gaur, CEO of Athenian Technology stated that the data breach at BSNL was carried out by a threat actor named 'kiberphant0m’, as per report by ET. Gaur further explained, The breach involved over 278 GB of data from BSNL’s telecom operations. This includes server snapshots which could be used for activities like SIM cloning and extortion.
The report further discloses that the threat actor behind the BSNL data breach has set a price of 5,000 dollars (roughly 4,17,000) for the stolen data. This special deal was offered exclusively from May 30 to May 31, 2024.
Risks of SIM Cloning:
- Duplicate SIM Cards: Cloning creates a replica with the same IMSI and authentication keys as the original.
- Interception: Cloned SIM cards can intercept messages and calls meant for the original user.
- Bypassing Security: They can bypass two-factor authentication measures.
- Financial Fraud: Used for accessing bank accounts and committing fraud under the victim's identity.
- Personal Security Compromise: Puts personal information at risk, potentially leading to significant financial losses.
The threat extends beyond BSNL users and can impact both the company's operations and national security. The breach may result in service outages, reduced performance, and unauthorised access to telecom operations.
Recommendations for BSNL Users
The BSNL users should regularly check for any unusual activity on their phones and bank accounts. Further, enabling two-factor authentication (2FA) on all accounts can provide an extra layer of security.
According to cybersecurity experts at Athenian Tech, BSNL should take urgent steps to contain the breach, secure network endpoints, and audit access logs. They recommend enhancing security measures, conducting regular security audits and implementing advanced threat detection technologies.
In December 2023, a threat actor named 'Perell' released a dataset containing 32,000 lines of data on a dark web forum. This dataset exposed sensitive information about users of BSNL's fibre and landline services.
