The BASHE ransomware group has reportedly compromised the database of ICICI Bank, a prominent player in India’s private banking sector, and has claimed responsibility for the incident.
This alarming breach has come to light on the dark web. The hackers have issued a ransom deadline of January 24, 2025, threatening to release sensitive customer data if their demands remain unmet.
The BASHE group, also known as APT73 or Eraleig, has been active since April 2024 and employs strategies akin to those used by LockBit, focusing on critical industries in developed countries. They utilize a TOR-based Data Leak Site (DLS) to pressurize victims into compliance through data extortion.
Known for targeting institutions with substantial resources across various sectors, the group’s sophisticated methodologies often leverage Tor networks to maintain their anonymity. This includes the banking, healthcare, and technology industries, reflecting the prevalent threats in today’s cyber landscape.
Despite ICICI Bank’s extensive customer base and international footprint, the institution has yet to release an official statement regarding the breach. Conversations on platforms like X reveal significant unease among users and cybersecurity experts, who emphasize the gravity of the situation as the bank is recognized as “critical information infrastructure” in India.
The BASHE group has yet to disclose the amount of the ransom they are demanding, but their dark web site includes a countdown timer, creating a strong ultimatum for ICICI Bank.
This breach appears to follow a pattern similar to past incidents involving the BASHE group, such as their claimed attack on Federal Bank in December 2024, where the group asserted they had stolen a database containing over 600,000 entries.
Cybersecurity professionals are urging ICICI Bank to act promptly to minimize the potential risks to customer data. Recommended measures include enhancing security protocols, notifying impacted customers, and collaborating with law enforcement and cybersecurity entities to pursue the offenders.
The Indian Computer Emergency Response Team (CERT-In) has yet to issue a statement on the incident. However, due to the potential implications for national security, governmental involvement is likely forthcoming.
As the ransom deadline approaches, stakeholders in the banking community and customers alike are keenly monitoring the situation, hoping for a resolution that avoids the ramifications of a serious data leak.
This incident highlights the growing cyber threats targeting financial institutions and the pressing need for robust cybersecurity defenses to safeguard digital assets and personal information.
While ICICI Bank has not publicly committed to acknowledging any breach linked to the claimed ransomware attack by the BASHE group, the allegations predominantly stem from dark web investigations and reports articulated by cybersecurity professionals.
ICICI Bank previously denied allegations of similar data breaches, asserting that any leaked information could not be conclusively connected to their systems. Cyber Security News reached out to ICICI Bank for additional comment but has yet to receive a response. As the situation continues to unfold, further verification is necessary to ascertain the authenticity of these claims.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
