Cyber Incident Victim: Kernex Microsystems (India) Limited

On August 28, 2024, Kernex Microsystems (India) Limited experienced a cybersecurity incident involving a ransomware attack targeting its IT infrastructure. The company detected the intrusion on the same day it occurred, prompting immediate activation of its incident response protocols. Internal technical teams collaborated with external cybersecurity specialists to initiate forensic analysis and containment procedures. Kernex Microsystems formally disclosed the incident to the Bombay Stock Exchange (BSE) and National Stock Exchange of India (NSE) within 24 hours through a regulatory filing dated August 29, 2024, as required under Regulation 30 of SEBI's Listing Obligations and Disclosure Requirements. The disclosure confirmed active investigation efforts but provided no specifics regarding attack vectors, data compromise, or ransom demands. Company leadership emphasized business continuity throughout the incident, stating operations remained unaffected despite the ongoing security event.

The ransomware attack triggered mandatory disclosure obligations under India's securities regulations due to its potential material impact on investor interests. Kernex Microsystems' Whole-Time Director M B Narayana Raju signed the notification, validating the authenticity of the information provided to exchanges. No systems beyond the generic "IT infrastructure" designation were specified as compromised in the filing. The company maintained that specialized external cybersecurity partners supplemented internal technical resources throughout the investigation phase. Final assessment of the attack's scope and potential data exfiltration remained pending at the time of disclosure. Kernex Microsystems' public communication strategy focused on regulatory compliance and operational continuity assurances without detailing remediation timelines, financial implications, or technical countermeasures deployed against the ransomware threat.