A relatively obscure ransomware group known as Bashe, which may have ties to the notorious LockBit syndicate, has recently executed a cyberattack targeting ICICI Bank, a significant player in the Indian financial sector with a global footprint. Reports indicate that Bashe successfully infiltrated the bank’s systems and exfiltrated a portion of sensitive data, which is now believed to be listed for sale on dark web markets.
Renowned for its ruthless approach, Bashe typically imposes a strict 48-hour compliance deadline for its victims. For ICICI Bank, this timeline has been set to expire on January 24, 2025, at which point the group threatens to publicly release the stolen data.
ICICI Bank, established nearly two decades ago as a private institution and now operating under the governance of the Reserve Bank of India (RBI), was instrumental in launching private banking services in India—a model that has since been emulated by other national banks, including the State Bank of India (SBI). With its long-standing reputation, ICICI Bank has cultivated a substantial customer base, serving both domestic clients and non-resident Indians (NRIs) worldwide.
The potential data breach has ignited serious concerns among Indian consumers, both locally and in the diaspora. Many users rely on the bank’s mobile banking services, and fears surrounding the exposure of sensitive customer information have heightened anxieties across the banking sector.
Bashe has a history of targeting critical infrastructure in sectors such as healthcare, logistics, technology, and banking across countries including the United States, the UK, France, Germany, and Australia. Previous investigations have traced the group’s operations to servers based in the Czech Republic, a country recognized as a safe haven for cybercriminal activities. While there is no conclusive evidence linking the Czech government to these activities, the stealthy nature of the group’s operations complicates traceability, leading to ongoing investigations.
As of now, ICICI Bank has not publicly addressed the data breach claims while its incident response team conducts an internal investigation.
A History of Data Security Issues
This incident marks yet another chapter in ICICI Bank’s troubled history with data security. In 2023, the institution faced backlash over inadequately securing sensitive customer information, resulting in a data leak that exposed a wealth of personal details, including phone numbers, emails, personal identification documents, CVs, home addresses, credit card information, and account credentials.
In understanding these events, it is crucial to apply the MITRE ATT&CK framework, which categorizes potential adversary tactics and techniques. In this case, initial access through methods such as phishing or exploiting software vulnerabilities might have been employed, followed by techniques such as data exfiltration and potentially establishing persistence within the bank’s network. As the investigation unfolds, further insights into the specific tactics used may be revealed, highlighting the ever-evolving landscape of cybersecurity threats.
ICICI Bank continues to be a pillar of the Indian banking system, but its challenges in safeguarding customer data underscore the critical importance of robust cyber defenses in the face of emerging threats.
