BSNL hit by major data breach linked to “kiberphant0m” cyberattack

Bharat Sanchar Nigam Limited (BSNL), the state-owned telecommunications provider, has suffered a significant data breach. According to a Threat Intelligence Report by Athenian Tech, the cyberattack has been orchestrated by a threat actor known as “kiberphant0m”. The hacker compromised a substantial amount of sensitive data, putting millions of users at risk.

The breach involves critical data, including International Mobile Subscriber Identity (IMSI) numbers, SIM card information, Home Location Register (HLR) details, DP Card Data, and even snapshots of BSNL’s SOLARIS servers. In total, over 278GB of sensitive information has been compromised. The threat actor has claimed responsibility for the attack and provided samples to validate the data’s legitimacy.

The report also reveals that the threat actor responsible for the BSNL data breach has priced the stolen data at $5,000 (roughly Rs 4,17,000). This price was offered as a special deal, available only from May 30, 2024, to May 31, 2024. The high price tag indicates the data’s significant value due to its sensitive nature and extensive scope.

What data was compromised?
The compromised data includes:

• IMSI and SIM Details: Vital for the operation of SIM cards.
• HLR Details: Essential for network operations and user authentication.
• DP Card Data (8GB) and DP Security Key Data (130GB): Critical for BSNL’s security infrastructure.
• SOLARIS Server Snapshots (140GB): Potentially exposing operational secrets.

Potential risks, implications

• SIM cloning and identity theft:
  How it can be done: Cloning involves creating a duplicate SIM card with the same IMSI and authentication keys as the original. Attackers can then intercept messages and calls, access bank accounts, and commit fraud, leading to severe personal and financial losses.
• Privacy violations: Personal information could be misused for unauthorised access to communications and data breaches.
• Financial and identity theft: Fraudulent activities bypassing security measures on financial accounts, leading to significant financial losses and identity theft.
• Targeted attacks and scams: Users may become targets of phishing schemes and social engineering attacks, exploiting their trust in BSNL.

The threat is not only limited to BSNL users, it can also impact the operations of the company and national security. The breach can lead to service outages, degraded performance, and unauthorised access to telecom operations. Additionally, sensitive data exposure can undermine national security and infrastructure stability. The attack also sets a precedent for further attacks on critical infrastructure, potentially affecting other interconnected systems and networks.


What should BSNL users do?
The users should monitor for unusual activity on their phones and bank accounts. They should also enable two-factor authentication (2FA) for an additional layer of security on all accounts.

The Athenian Tech cybersecurity experts believe BSNL should take immediate action to contain the breach, secure network endpoints, and audit access logs. They must enhance their security measures, conduct frequent security audits, and adopt advanced threat detection technologies. BusinessToday