Tata Power, India's Largest power supply company, has faced a cyber attack this year. This story is about how the hackers gained access to the company and how far the story started
On 24th October, In the HiveLeaks darknet blog, the Hive Ransomware group claimed that they had encrypted the files of Tata Power. Hive operators claimed that they had encrypted Tata Power on 3rd October,
They did not get any ransom from the Tata Group, the negotiation failed, and the Data related to Tata Power was released for free.
The Data Contains, Personal details of its customers, Internal billing, Bank records, Contract Information and other sensitive information. Now the Data is being shared across various Underground hacking forums.
According to research by Microsoft, Attackers used the decades-old vulnerability in The Boa web server, which has been discontinued since 2005. Boa web server is used for IoT devices, Security Cameras, Management consoles etc
Microsoft researchers also claimed that half of the IPs are not detected as malicious; therefore, The IPs belong to compromised IoT devices and routers used to spread malware.