Friday , March 21 2025

LockBit 3.0 Leaks 600 GBs of Data Stolen From Indian Lender

infosecbulletin Tuesday , May 9 2023 Data Breach, International

The LockBit 3.0 ransomware group on Monday leaked 600 gigabytes of critical data stolen from Indian lender Fullerton India, two weeks after the group demanded a $3 million ransom from the company.

Fullerton India said on April 24 that it had suffered a malware attack that forced it to temporarily operate offline as a precaution. The company said it had resumed customer services and worked with global cybersecurity experts to make its security environment more resilient.

IBM and Veeam Release Patches in AIX System and Backup

By infosecbulletin / Friday , March 21 2025
IBM has resolved two critical vulnerabilities in its AIX operating system that could allow command execution. The list of shortcomings,...
Read More
IBM and Veeam Release Patches in AIX System and Backup

WhatsApp patched zero-click flaw exploited in spyware attacks

By infosecbulletin / Wednesday , March 19 2025
WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the...
Read More
WhatsApp patched zero-click flaw exploited in spyware attacks

CVE-2025-24472
CISA Warns of Fortinet FortiOS Auth Bypass Vuln Exploited in Wild

By infosecbulletin / Wednesday , March 19 2025
CISA has issued a critical alert about a critical vulnerability in Fortinet’s FortiOS and FortiProxy systems. CVE-2025-24472, an authentication bypass...
Read More
CVE-2025-24472 CISA Warns of Fortinet FortiOS Auth Bypass Vuln Exploited in Wild

11 state hackers exploit new Windows zero-day since 2017

By infosecbulletin / Wednesday , March 19 2025
11 nation-state groups from North Korea, China, and Russia are exploiting a vulnerability in a common feature of Microsoft Windows....
Read More
11 state hackers exploit new Windows zero-day since 2017

Hackers Exploit ChatGPT with CVE-2024-27564

By infosecbulletin / Tuesday , March 18 2025
Attackers are actively targeting OpenAI, exploiting CVE-2024-27564, a Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT infrastructure. Veriti’s latest research...
Read More
Hackers Exploit ChatGPT with CVE-2024-27564

(CVE-2024-540385)
CVSS 10 Alert! HPE Cray Vulnerability Authentication Bypass Threat

By infosecbulletin / Tuesday , March 18 2025
A critical vulnerability, CVE-2024-540385, has been found in HPE Cray XD670 servers using the AMI BMC Redfish API, allowing remote...
Read More
(CVE-2024-540385) CVSS 10 Alert! HPE Cray Vulnerability Authentication Bypass Threat

CVE-2025-24813
Apache Tomcat Flaw Exploited In The Wild

By infosecbulletin / Tuesday , March 18 2025
CVE-2025-24813, a critical remote code execution vulnerability, is actively exploited, enabling attackers to control vulnerable Apache Tomcat servers with a...
Read More
CVE-2025-24813 Apache Tomcat Flaw Exploited In The Wild

B1nary_Band1ts secure first for “MIST CyberTron 2025”

By infosecbulletin / Monday , March 17 2025
MIST Cyber Security Club hosted an exciting MIST CyberTron 2025, featuring a CTF competition, hacking sessions, live demonstrations, and real-world...
Read More
B1nary_Band1ts secure first for “MIST CyberTron 2025”

CVE-2025-24016
Critical RCE vulnerability affects Wazuh

By infosecbulletin / Monday , March 17 2025
Cybersecurity researchers unveil a critical remote code execution vulnerability (CVE-2025-24016) in Wazuh, a popular open-source SIEM platform. The vulnerability has...
Read More
CVE-2025-24016 Critical RCE vulnerability affects Wazuh

AWS SNS misused for Data Exfiltration and Phishing

By infosecbulletin / Monday , March 17 2025
A recent report from Elastic reveals that threat actors misuse Amazon Web Services (AWS) Simple Notification Service (SNS) for malicious...
Read More
AWS SNS misused for Data Exfiltration and Phishing

The ransomware group soon listed Fullerton India as a victim on its data leak site, stating it had stolen more than 600 gigabytes of “loan agreements with individuals and legal companies.”

The group set a deadline of April 29 for the company to pay the ransom to keep the group from publishing the stolen data. The group also gave the company the option to pay $1,000 to extend the deadline by 24 hours.

Fullerton India operates 699 branches across India that offer doorstep credit services to around 2.1 million customers. The company in 2022 had more than $2.5 billion worth of assets under management and employed over 13,000 people.

Ritesh Bhatia, noted cybercrime researcher and the founder of V4WEB Cybersecurity, shared evidence with Information Security Media Group about the LockBit group releasing documents related to Fullerton India on the dark web. He said the data leak occurred as a result of Fullerton India refusing to engage with the ransomware group, leading to the group initiating triple-extortion tactics to force the company to pay.

While double extortion involves ransomware actors encrypting a victim’s data and exfiltrating it to place additional pressure on the victim to pay, a triple-extortion tactic involves hackers contacting the victim’s clients, business partners, vendors and customers to make the breach public and force the victim to come to the negotiating table.

(Source: bank info security)

Check Also

Lost and Found

Nearly 1 million airport lost and found records leaked

Cybersecurity researcher Jeremiah Fowler found that over a dozen unprotected databases from the German firm …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin