Threat report: Massive BSNL data breach leaves millions vulnerable to financial crime and SIM card cloning

Bharat Sanchar Nigam Limited (BSNL), a state-owned telecommunications company, has experienced a serious data breach. According to Athenian Tech's Threat Intelligence Report, the cyberattack was coordinated by a threat actor identified as "kiberphant0m". The hacker accessed a large quantity of sensitive information, putting millions of people at danger.

The intrusion covers important data, including as International Mobile Subscriber Identity (IMSI) numbers, SIM card information, Home Location Register (HLR) details, DP Card Data, and even snapshots of BSNL's SOLARIS servers. In total, approximately 278GB of sensitive data has been exposed. The threat actor has claimed responsibility for the attack and given samples to verify the data's validity.

According to the report, the threat actor responsible for the BSNL data breach valued the stolen data at $5,000 (approximately Rs 4,17,000). This price was given as a special deal that was only valid from May 30, 2024 to May 31, 2024. The hefty price tag reflects the data's high worth due to its sensitive nature and broad breadth.

What data was compromised?
The leaked data includes IMSI and SIM details, which are essential for SIM card functionality.

• HLR Details: Required for network operations and user authentication.
  
• DP Card Data (8GB) and DP Security Key Data (130GB) are critical to BSNL's security infrastructure.
  
• SOLARIS Server Snapshots (140GB): Could reveal operational secrets.

1. SIM cloning and ID theft: How can it be done? Cloning creates a replica SIM card with the same IMSI and authentication keys as the original. Attackers can then intercept communications and phone conversations, get access to account information, and perpetrate fraud, resulting in serious personal and financial losses.
2. Privacy violations: Personal information may be exploited for unauthorized access to communications and data thefts.
3. bank and identity theft are fraudulent acts that circumvent security safeguards on bank accounts, resulting in severe financial losses and identity theft.
4. Targeted assaults and scams: Users may become victims of phishing schemes and social engineering attempts that take advantage of their confidence in BSNL.

The danger does not just affect BSNL subscribers; it may also have an impact on the company's operations and national security. The hack might result in service interruptions, decreased performance, and unauthorized access to telecom operations. Furthermore, sensitive data breaches might jeopardize national security and infrastructural stability. The hack also establishes a precedent for future attacks on key infrastructure, which might impact other interconnected systems and networks.