In a recent shocking revelation, a notorious threat actor known as ‘kiberphant0m’ has reportedly breached the data systems of Bharat Sanchar Nigam Limited (BSNL), India’s state-owned telecommunications provider. This breach potentially puts millions of subscribers at risk as the compromised data can be misused for various malicious activities, including SIM cloning and extortion.
Prolonged Access to Systems
The nature and volume of the compromised data suggest that ‘kiberphant0m’ had prolonged access to BSNL’s systems. Kanishk Gaur, CEO of the digital risk management company Athenian Tech, told News18 that the breach might have been ongoing for a significant period before it was publicly disclosed. The exact number of affected users is still being assessed, but given the scope of the data compromised, it potentially impacts millions of BSNL subscribers.
Compromised Data
The breached data includes critical information such as:
- International Mobile Subscriber Identity (IMSI) numbers
- SIM card details
- Pin codes
- Authentication keys
- Data from DP Cards and DP Security Key
- Snapshots of BSNL’s SOLARIS servers
This type of data is particularly valuable and sensitive, as it relates directly to telecom operations rather than just user information.
Distinct and Critical Data
Athenian Tech’s investigation into the authenticity of the data revealed that it is distinct and unrelated to a previous BSNL data breach reported in December 2023. The current data set is more complex and critical, emphasizing its high value. The threat actor priced the compromised data at $5,000, highlighting its sensitivity and extensive scope.
Potential Misuse of Data
During conversations on a dark web platform, ‘kiberphant0m’ discussed the potential misuse of this data for activities such as SIM cloning and extortion. SIM cloning involves creating a duplicate SIM card with the same IMSI and authentication keys as the original. Once cloned, a SIM card can be used to:
- Intercept messages and calls, including OTPs
- Bypass two-factor authentication
- Access bank accounts
- Commit fraud under another person’s identity
The Risks
The implications of this breach are severe. SIM cloning not only compromises personal security but can also lead to significant financial losses for the victims. With the ability to intercept calls and messages, cybercriminals can easily bypass security measures and gain unauthorized access to sensitive accounts.
This data breach underscores the critical need for robust cybersecurity measures within telecom operations. As BSNL investigates the extent of the breach, it is imperative for subscribers to remain vigilant and take proactive steps to protect their personal information. This incident serves as a stark reminder of the evolving threats in the digital landscape and the importance of securing sensitive data against cybercriminals.