A massive leak of sensitive defence data has emerged, reportedly stolen from the device of a former Defence Ministry official, according to an analysis by cybersecurity firm Athenian Tech. The leak involves crucial information from the Defence Research and Development Organisation (DRDO), a government agency known for its stringent security protocols, including restrictions on staff carrying personal mobile phones inside certain facilities.
DRDO Data Leak Poses Serious Security Risks
A hacker group has sold the data, which includes weapon design engineering, details of a new Air Force facility, and India’s strategic defence collaborations. The breach reportedly originated from the device of Puneet Agarwal, a former Defence Ministry official, potentially compromising national security. The leak also revealed evacuation protocols for top Indian leaders, including the President and Prime Minister, in case of an aerial attack, further amplifying the severity of the situation.
Babuk Locker 2.0 Claims Responsibility for Defence Data Leak
The ransomware group Babuk Locker 2.0 claimed responsibility for the leak, which it announced on March 10, 2025. The group stated that it had exfiltrated 20 terabytes of data from DRDO’s systems, including classified defence documents and a large repository of credential logs. The group released 753 MB of the data as a sample. Among the leaked data, files related to the upgradation of the T9 Bhishma Tank and India’s defence collaborations with countries such as Finland, Brazil, and the United States were included.
Cybersecurity Concerns and Insider Threats in Defence Data Leak
Athenian Tech’s analysis found that while the ransomware group likely exaggerated the scale of the breach, much of the leaked data linked to Puneet Agarwal. The leaked data contained details of his Aadhaar, financial records, and personal travel documents, indicating that the breach did not originate from DRDO’s core IT infrastructure. Moreover, the presence of sensitive defence files on a personal system raises serious concerns about cybersecurity vulnerabilities, insider threats, and the resilience of India’s critical defence infrastructure against sophisticated cyber adversaries.
Security Implications and Need for Stronger Measures
The exposure of confidential defence files — even from a single system — highlights an urgent need for stringent cybersecurity measures, improved access controls, and proactive monitoring to prevent further exposures of critical defence data. The presence of sensitive files on a personal system indicates potential lapses in endpoint security and inadequate data handling policies, posing risks to national security. The potential misuse of the exposed credentials could lead to further access to secured systems and sensitive data.
