A notorious threat actor that goes by the name ‘Kill Security’ has asserted responsibility for the Delhi Police data breach on its dark web leak site. The claims for this cyberattack on Delhi Police surfaced on April 3, 2024.
According to the disclosures made by Kill Security, the Delhi Police data leak involves the exfiltration of sensitive data from Delhi Police servers. This includes a substantial 4 GB cache of images and records documenting a staggering 254,629 traffic violation incidents.
“We managed to export all the data except for the pictures which we exported only 4GB, but all the photos are visible in the dump, only that are stored in their systems. It would take around 3 weeks to 1 month to complete the photos export because they have a shit server”, reads the threat actor’s post.
Alleged Delhi Police Data Breach Surfaces on the Dark Web
The compromised information allegedly encompasses crucial details such as vehicle numbers, geo-locations, types of offenses, and even specifics regarding the involved traffic police officials.
The Cyber Express has reached out to the Indian law enforcement department to learn more about this alleged Delhi Police data leak. However, at the time of writing this, no official statement or response has been received, leaving the claims for the Delhi Police data breach unconfirmed.
Moreover, as evidence of their successful infiltration, the group has provided five screenshots showcasing details of violation incidents reported as recently as April 2, 2024. The threat actors have also set a deadline of April 15, 2024, threatening to release the pilfered data publicly if their ransom demands are not met. This breach adds to the group’s track record, having previously targeted entities such as the Kerala Police and Paschim Banga Gramin Bank.
The gravity of this breach extends beyond the confines of law enforcement, posing implications for both public safety and individual privacy. Talking about the ransom remands, the threat actor said, “for us to wipe the data breach, we ask for a ransom of ??.??? EUR (Don’t know yet xD). Also, if you’re from Delhi, India, you might want to check out”.
Cyberattack on Indian Law Enforcement
This incident is but one instance of a disturbing trend of cyberattacks targeting Indian infrastructure. In January 2024, hacktivist groups launched coordinated cyberattacks on various government institutions, including law enforcement agencies and critical government websites.
These attacks, attributed to groups like ‘THE ANONYMOUS BD,’ ‘GARUDA FROM CYBER,’ and ‘SYLHET GANG-SG,’ commenced on January 10, 2024, with the disclosure of compromised data surfacing recently. The Ministry of Power, Jammu & Kashmir Police, and Mumbai Police were among the prime targets of these cyber assaults. Notable websites, including jkpolice.gov.in, uday.gov.in, and mumbaipolice.gov.in, allegedly fell victim to these cyberattacks.
Following the breaches, the stolen data was advertised on the dark web, further amplifying the threat posed by these nefarious actors. The perpetrators, under names like ‘SYLHET GANG-SG’ and ‘GARUDA FROM CYBER,’ left digital footprints across compromised websites, boasting of their exploits and affiliations with hacktivist collectives.
As for the Delhi Police data breach, this is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged Delhi Police data leak or any official confirmation.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
