By Ashwani Mishra, Editor-Technology, 63SATS
According to cybersecurity firm Athenian Tech, a tranche of classified data, allegedly extracted from the personal device of a former Defence Ministry official, is now circulating on dark web forums, reportedly up for sale by a notorious ransomware group.
The compromised data includes engineering schematics of advanced weapon systems, details of a new Indian Air Force facility, procurement strategies, and records of India’s confidential defence collaborations with foreign allies.
Even more disturbing are evacuation protocols for the country’s top leadership—the President, Prime Minister, and other VVIPs—in the event of an aerial attack. If verified, the implications of such a breach are nothing short of catastrophic.
DRDO in the Spotlight
The Defence Research and Development Organisation (DRDO), India’s leading defence R&D agency, has found itself at the centre of this cybersecurity firestorm. DRDO, known for enforcing strict internal security protocols—banning even mobile phones in select high-security zones—has denied any internal breach. Officials maintain that the leaked data does not originate from DRDO servers. However, no detailed clarification has been issued to support or disprove the authenticity of the exposed files.
This ambiguity, coupled with the scale and sensitivity of the data in question, has triggered alarm across strategic and cybersecurity communities.
The Attackers: Babuk Locker 2.0
The breach was announced on March 10, 2025, by the ransomware group Babuk Locker 2.0—also known by aliases such as Bjorka and SkyWave. The group claimed to have siphoned off a staggering 20 terabytes of data, releasing a 753 MB sample online to validate their claim. The data dump reportedly includes credential logs, classified communications, and technical documents linked to India’s defence apparatus.
Babuk2 is not a newcomer to the world of cyber extortion. Its predecessor, Babuk, emerged in early 2021 and quickly gained notoriety for its aggressive targeting of high-value entities—ranging from corporations to government institutions across Europe and North America. Operating under the Ransomware-as-a-Service (RaaS) model, Babuk2 deploys a dual-threat strategy: encrypting files to cripple operations, while simultaneously stealing sensitive data to apply ransom pressure.
Their tools are tailored to exploit systems running on Windows, NAS, and ESXi platforms, and their victims typically include sectors with high payment potential—transportation, healthcare, industrial manufacturing, and now, defence.
The Larger Pattern
This isn’t an isolated event. In recent years, several Indian institutions have been victims of data theft, ransomware, and nation-state-backed cyber espionage. From power grids to AIIMS, breaches have disrupted services and eroded public trust. What sets the DRDO-linked breach apart is the potential exposure of classified national security information.
If data such as evacuation protocols and military engineering plans are now accessible to hostile actors, it introduces risks that go far beyond digital—it impacts operational readiness, geopolitical strategy, and public safety.
Final Thoughts
In today’s hyperconnected world, data is power—and in the wrong hands, it can be a weapon. The DRDO-linked leak may or may not be officially acknowledged, but its implications are undeniable. This isn’t just about one agency or one breach—it’s about the future of national cybersecurity.
As adversaries grow smarter and bolder, India must match that intensity with equally advanced digital defences. The price of inaction is far greater than any ransom demanded.
