cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Indian missile fuel maker hit by ransomware attack, sensitive data posted online

Solar Industries, an Indian defence manufacturer, has suffered a serious ransomware attack, and, in the aftermath, has had a trove of sensitive data published online.

user icon David Hollingworth
Fri, 03 Feb 2023
Indian missile fuel maker hit by ransomware attack, sensitive data posted online
expand image

While no official word has come from the company itself — and its website is still down at the time of writing — according to Indian news sources, the breach was confirmed by Indian security researchers, and other specialists have since confirmed the breach and the posting of data.

Known threat actor BlackCat also known as ALPHV appears to be the culprit, and after negotiations with Solar Industries to recover the data broke down, the group has posted some of the stolen data on the dark web, with a total of 2TB of data for sale.

“The data includes full descriptions of engineering specifications, drawings, audits of many weapons, among others,” BlackCat posted online, according to the RedPacket Security blog. Hard data on a range of missiles and fuels are included, as well as personal data of employees and customers, and military contracts.


Perhaps most embarrassingly for Solar Industries, and possibly the Indian government, the stolen data includes details of industrial espionage.

“In addition to these files we have serious evidence of industrial spying in other countries (including friendly states),” the BlackCat post says.

According to Indian news site Nagpur Today, it’s also possible that recordings from cameras inside the business were compromised.

Solar Industries learned of the hack on 21 January, when the BlackCat operators first made contact with the company, suggesting that Solar Industries were at that point completely unaware of the intrusion. The stolen data was then posted online on 26 January, with reports trickling out first onto some security sites, then to Indian media and beyond.

Solar Industries is now working with law enforcement agencies, in particular the Central Bureau of Investigations. Various intelligence agencies, alongside senior members from India’s Ministry of Defence and Home Affairs departments are also on the scene in Nagpur, where Solar Industries is based.

BlackCat began operation in November 2021 and the FBI believes it is made up of former developers and money launderers from the DarkSide group, which was itself disrupted following its attack on the Colonial Pipeline Company. The group has also been known to work alongside other operators such as Hive and LockBit.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.