Tata Technologies, a subsidiary of Indian automotive giant Tata Motors, has fallen victim to a ransomware attack by the group known as Hunters International. This attack has resulted in the alleged theft of 1.4 terabytes of data, comprising approximately 730,000 files, from the engineering firm. Hunters International has threatened to leak this sensitive information unless a ransom is paid, though the specific amount being demanded remains undisclosed.
The incident is particularly notable given that Tata Motors disclosed a previous ransomware incident in January 2025, which temporarily disrupted certain IT services. In that disclosure, the company indicated that a ransomware attack impacted several of its IT assets, prompting them to suspend some services temporarily. While Tata Technologies acknowledged the issue at that time, it did not provide details about the identity of the attackers or the scale of the data breach.
Hunters International’s claim of responsibility for this incident has raised alarms across the cybersecurity landscape. This group has a reputation for targeting high-value entities and has been linked to past attacks on various sectors, including automotive, finance, and healthcare. There is speculation that Hunters International may be a rebranded iteration of the Hive ransomware gang, which was dismantled in 2023 during a coordinated law enforcement crackdown. Observations indicate both groups utilize similar ransomware strains, raising concerns about the algorithmic continuity of such cybercriminal operations.
In 2022, Hive also executed an attack on Tata Power, from which they leaked data after the firm declined to meet their ransom demands. The current situation involving Tata Technologies has not yet reached resolution, with the company remaining silent regarding negotiations with the attackers or the status of the ransom demand.
The emergence of Hunters International underscores ongoing vulnerabilities within large multinational corporations, reiterating the significant threat posed by sophisticated ransomware attackers. Moreover, this incident serves as a critical reminder of the potential resurgence of defunct groups such as Hive, which raises questions about the efficacy of current law enforcement strategies aimed at deterring cybercrime.
The MITRE ATT&CK framework provides insight into possible tactics and techniques employed in this attack, including initial access, which may have involved social engineering or exploitation of network vulnerabilities. Following the initial breach, the attackers likely employed techniques for persistence and data exfiltration to successfully siphon large volumes of sensitive information.
Industry experts emphasize the importance of advancing cybersecurity measures in light of growing threats. Camellia Chan, CEO of X-PHY, commented on the persistence of attacks on the industrial sector, noting that high-profile companies like Tata Technologies attract the attention of cybercriminals due to their lucrative customer base, which includes renowned names in the automotive and aerospace industries.
Moving forward, organizations are urged to consider comprehensive multi-layered defense strategies that integrate both software and hardware solutions. Proactive threat intelligence and incident response planning are essential in mitigating the risks associated with such cyber incidents. The outcome of Tata Technologies’ handling of this ransomware attack will likely provide valuable lessons for businesses navigating an increasingly complex cyber threat landscape.
