The ransomware group Hunters International has claimed responsibility for a significant cyberattack on Tata Technologies, a global engineering and digital solutions provider. Here are the key details of the incident:
Overview of the Attack
- Date of Incident: The attack reportedly occurred in January 2025, with Hunters International publicly claiming responsibility in March 2025.
- Data Compromised: The group alleges that they have stolen 1.4TB of sensitive data, including 730,000 files. These files are said to contain proprietary documents, intellectual property, and client communications.
- Targeted Sectors: Tata Technologies specializes in the automotive, aerospace, and industrial sectors, making the stolen data potentially critical to high-profile clients such as Ford, McLaren, Honda, and Airbus.
Attack Details
- Modus Operandi: Hunters International is known for using advanced ransomware techniques, including exploiting vulnerabilities like CVE-2020-14644 in Oracle WebLogic servers. They typically exfiltrate data to cloud platforms like MEGA and encrypt files using AES and RSA ciphers.
- Extortion Threat: The group has threatened to release the stolen files on their dark web extortion portal if their ransom demands are not met within a week. However, they have not yet provided samples of the stolen data to substantiate their claims.
Tata Technologies’ Response
- Impact on Operations: Tata Technologies has stated that the incident caused minimal disruption to its operations and did not affect client delivery services.
- Mitigation Efforts: The company has been actively restoring affected IT systems and conducting an internal investigation with the support of industry experts.
About Hunters International
- Background: Emerging in late 2023, Hunters International is believed to be a rebrand of the Hive ransomware group. They have been linked to several high-profile attacks, including those on Austal USA (a US Navy contractor) and Hoya (a Japanese optics giant).
- Tactics: The group employs unethical extortion practices, targeting sensitive sectors and even individuals, such as cancer patients at Fred Hutch.
Implications
This attack underscores the growing threat of ransomware campaigns targeting critical industries like manufacturing and engineering. The potential exposure of intellectual property and client data could have severe consequences for Tata Technologies’ reputation and its clients’ operations.
