Cyberattack on aerospace research firm under NIA lens

New Delhi:
A ransomware attack on government-owned National Aerospace Laboratories (NAL), India’s largest aerospace research company, on November 15 last year has come under the scanner of the National Investigation Agency (NIA), which has started investigating the incident as a cyberterrorist attack.
The federal anti-terror agency has registered a case in the ransomware attack, suspected to have been carried out by world’s most notorious cybercrime enterprise called LockBit, people familiar with the developments said, on condition of anonymity.
An affiliate of the government’s Council of Scientific and Industry Research, NAL Bengaluru is the only government aerospace R&D laboratory in the country’s civilian sector. It came under a ransomware attack on November 15, after which LockBit threatened to publish the stolen data, including classified letters, if it failed pay an unspecified ransom amount.
“We have registered a case to investigate the ransomware attack at the NAL from the cyberterrorism angle,” said a NIA officer.
The federal agency has a specialized anti cyberterrorism unit, which probes cyber attacks by state or non-state actors on government and private installations in India. It had earlier assisted other agencies including CERT-In in the ransomware attack at the All India Institute of Medical Sciences in November 2022.
“Lockbit is one of the most prolific cyber criminals’ groups,” said Tarun Wig, information security expert and co-founder of Innefu Labs. “Ransomware attacks are usually carried out by private groups for money and Indian establishments have been targeted very often.”
One of the world’s most active ransomware-as-a-service operations groups, LockBit has been involved in data theft and encryption, followed by extortion and data leak. It first emerged in 2019, with its name at that time as ABCD. Since then, it has hacked into thousands of businesses, schools, medical facilities and government establishments around the world.
After a joint operation by law enforcement agencies from 10 countries, including the US, France, Germany, Sweden, Australia, Japan and Canada and led by British authorities, UK’s National Crime Agency last month announced it had taken control of LockBit’s services, compromising their criminal enterprise.
“Through our close collaboration, we have hacked the hackers; taken control of their infrastructure, seized their source code, and obtained keys that will help victims decrypt their systems,” Graeme Biggar, director general of the British agency, said in a statement on February 20.
“As of today, LockBit are locked out. We have damaged the capability and most notably, the credibility of a group that depended on secrecy and anonymity,” Biggar said while terming LockBit as world’s most harmful cybercrime group.
The US department of justice also said it had partnered with the Federal Bureau of Investigation to disrupt the LockBit ransomware group, “one of the most active ransomware groups in the world that has targeted over 2,000 victims”. It said the cyber enterprise had “received more than $120 million in ransom payments, and made ransom demands totaling hundreds of millions of dollars”.