Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company

The Hive^[1]
ransomware-as-a-service (RaaS) group has claimed responsibility for
a cyber attack against Tata Power that was disclosed by the company
less than two weeks ago.

The incident is said to have occurred on October 3, 2022. The
threat actor has also been observed leaking stolen data exfiltrated
prior to encrypting the network as part of its double extortion
scheme.

This allegedly comprises signed client contracts, agreement
documents, as well as other sensitive information such as emails,
addresses, phone numbers, passport numbers, taxpayer data, among
others.

The Mumbai-based firm, which is India’s largest integrated power
company, is part of the Tata Group conglomerate.

Tata Power had previously disclosed^[2]
in a filing with the National Stock Exchange (NSE) of India that an
intrusion on the company’s IT infrastructure impacted “some of its
IT systems.”

According to further details^[3]
shared by security researcher Rakesh Krishnan, the leak contains
personally identifiable information (PII), including Aadhaar
identity numbers, permanent account numbers (PAN), drivers’
license, salary specifics, and engineering drawings.

The latest development is also indicative of the fact that Tata
Power likely refused to pay a ransom, prompting the cybercrime gang
to publish the siphoned data on its HiveLeaks dark web portal.

According to statistics published by Digital Shadows^[4]
and Intel 471^[5], Hive was the third-most
prevalent ransomware family observed in Q3 2022, coming only behind
LockBit 3.0^[6]
and Black Basta^[7]
and surpassing the likes of AvosLocker^[8], BlackByte^[9], BlackCat^[10], and Vice Society^[11].