Cyber Incident Victim: Solar Industries Limited India
Date:
Jan 2023
Location:
India
Summary
The BlackCat Ransomware gang breached an industrial explosives manufacturer, stealing approximately 2TB of sensitive military and weapons production data, including engineering specifications, classified documents, security camera footage, and product drawings. The attackers alleged the theft exposed vulnerabilities enabling industrial espionage involving multiple nations and auctioned the data on their leak site, inviting bids within 24 hours while publishing samples as proof of compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 27, 2023, the BlackCat Ransomware group publicly claimed responsibility for a cyberattack against Solar Industries India Limited, a global industrial explosives manufacturer specializing in blasting solutions, bulk explosives, and initiating systems. The group listed the company on its Tor-based leak site, announcing the theft of approximately 2 terabytes of sensitive data, which it described as including classified military information related to weapons production. BlackCat attributed the breach to inadequate security measures at the company, asserting that the compromised data encompassed engineering specifications, technical drawings, weapon audit reports, and other classified documents across all company products. As evidence, the threat actors published samples of the stolen files, including internal documents and images captured from the organization’s security cameras. The leaked materials purportedly revealed detailed technical schematics and proprietary manufacturing processes tied to defense contracts.
The attackers initiated an auction for the stolen data, inviting potential buyers to submit bids via the TOX messaging platform within 24 hours of the leak site publication. BlackCat emphasized the strategic value of the data, alleging it contained proof of industrial espionage activities involving unspecified allied nations. The breach exposed vulnerabilities in the protection of military-grade intellectual property, potentially compromising proprietary weapons designs and quality control documentation. No immediate response from Solar Industries India or law enforcement agencies was documented in the available source material at the time of the group’s disclosure. The incident highlighted risks to defense supply chains from ransomware operations targeting technical specifications and sensitive audits. Operational disruptions or financial demands were not explicitly detailed in the gang’s announcement, which focused exclusively on data exfiltration and its attempted monetization.