By Vijay Anand
Researchers at cybersecurity firm CloudSEK have unearthed a significant cybersecurity threat involving affiliates of the CYBO CREW, namely CyboDevil and UNIT8200, who have advertised the sale of an extensive Indian Mobile Network Consumer Database.
The database, totalling a staggering 1.8 terabytes, contains sensitive information belonging to 750 million individuals, including names, mobile numbers, addresses, and Aadhaar details. This revelation poses a substantial risk to the security of both individuals and organisations.
CloudSEK’s contextual AI digital risk platform, XVigil, identified the breach on January 23, 2024, when a post by the threat actor CyboDevil was detected on an underground forum. Notably, this follows a similar offering made by UNIT8200 on January 14, 2024, via Telegram.
The threat actor claims that the dataset covers approximately 85% of the Indian population, making it one of the most significant breaches of its kind. The compressed dataset, available for sale, amounts to 600GB, with the uncompressed version totalling 1.8TB. The threat actor is demanding $3,000 for the entire dataset.
Upon analysing the sample dataset, CloudSEK researchers identified that the leak affects major telecom providers, exposing individuals to potential financial losses, identity theft, reputational damage, and increased susceptibility to cyberattacks.
The threat actor, CyboDevil, has provided an elusive response regarding the acquisition of the datasets, denying any involvement in a breach and claiming to have obtained the data through undisclosed asset work within law enforcement channels.
Sparsh Kulshrestha, Threat Intelligence & Security Research at CloudSEK, emphasised the severity of the breach, stating, “The magnitude of this data leak cannot be overstated. With the personal information of 750 million individuals exposed, the potential for cyberattacks and identity theft is unprecedented.”
The CYBOCREW group, active since July 2023, includes prominent threat actors CyboDevil and UNIT8200, both of whom joined the underground forum in June 2023. These actors have been linked to major breaches across various sectors.
Previous activities of the CYBOCREW group include claims of real-time access to Indian phone number KYC details in July 2023 and the sale of API access to the Indian vehicle database, boasting access to 815 million Aadhaar and passport records alongside the Indian Mobile Network Consumer Database.
As part of responsible disclosure, CloudSEK has informed relevant authorities and organisations potentially impacted by the breach. The compromised information poses risks such as financial fraud, social engineering tactics, identity theft, and targeted scam campaigns.