A trove of highly sensitive defence data—including weapon engineering designs, procurement plans, details of an upcoming Air Force facility, and India’s strategic military collaborations—has reportedly been stolen by a hacker group and put up for sale. The breach has raised alarms over national security, particularly given the classified nature of the exposed information.
The compromised data is believed to belong to the Defence Research and Development Organisation (DRDO), an institution with strict security protocols that prohibit scientists and staff from carrying personal mobile phones within certain premises.
However, an initial analysis by a cybersecurity firm suggests the data may have been exfiltrated from the personal device of a former Defence Ministry official. The leaked files also reportedly contain evacuation protocols for the President, Prime Minister, and other high-ranking officials in the event of an aerial attack, exacerbating the gravity of the situation.
ALSO READ: Empanelment for Speakers, Trainers, and Cyber Security Experts Opens at Future Crime Research Foundation
Breach Claims and Official Response
The ransomware group Babuk Locker 2.0 took responsibility for the breach on March 10, 2025, claiming to have stolen 20 terabytes of data from DRDO’s systems. The hackers released a 753-megabyte sample, which includes classified documents related to the modernization of the T9 Bhishma Tank and strategic defence partnerships with Finland, Brazil, and the United States.
Despite the serious nature of the claims, DRDO officials have denied any breach of their core IT infrastructure, stating that the leaked data does not belong to their organization. However, they have refrained from offering further clarification regarding the extent or origins of the alleged compromise.
Investigation and Attribution
An analysis of the breach suggests that Babuk Locker 2.0 operatives communicated in Indonesian, indicating potential links to cybercriminals from Indonesia.
However, the firm cautions that the group’s assertions regarding the magnitude of the breach may be overstated. The investigation identified a former Joint Secretary in the Defence Ministry as a possible point of compromise, as his Aadhaar details, financial records, and personal travel documents were among the leaked materials. This suggests that the breach may have originated from an individual’s personal device rather than DRDO’s central network.
ALSO READ: Now Open: Pan-India Registration for Fraud Investigators!
Cybersecurity Implications and Urgent Concerns
The exposure of such classified defence data underscores critical vulnerabilities in India’s cybersecurity framework, highlighting risks posed by insider threats and inadequate endpoint security measures. Experts warn that if the hackers indeed obtained credential repositories, the potential for further intrusions into highly secured systems remains a significant threat.
The presence of sensitive documents on an unsecured personal system raises troubling questions about data-handling policies and the necessity of stricter enforcement measures.
As investigations continue, cybersecurity specialists urge the government to reinforce defences against sophisticated cyber adversaries to prevent further breaches that could jeopardize national security.