Alphv Hacker Group Alleges Breach of Sun Pharmaceutical Industries Ltd.

News originally published on 25 March:
Alphv hacker group claims to have breached Indian pharmaceutical company Sun Pharmaceutical Industries Ltd., stating that they have over 17TB of stolen data.

The company has downplayed the incident, calling it a “small incident,” while the hackers claim it is much more severe.

Update 27 March: After we first broke the story on March 25, a day later, Sun Pharma finally added more details about the security incident that took place on March 2.

In a press release, the company commented that the breached data ” includes a breach of certain file systems and the theft of certain company data and personal data.”

They added that affected systems had been isolated to mitigate harm.

This, however, still contradicts what the hackers have claimed and still downplays the severity of the attack:

• The hackers claim that they have been in contact with the company for weeks, trying to extract a transom
• The hackers claim that as of March 25, they still had access to Sun Pharmas’ internal systems
• Hackers allege that they are in possession of a large trove of employee personal data such as ID cards and passport scans – they have posted samples of this alleged data
• Hackeds claim to possess documents related to confidential research the company carried.

The hackers publicly posted a series of samples allegedly from the breached data. Samples include passport scans of US employees and sensitive company documents.

Here is an example of a passport allegedly leaked (we hid all personal information – the original was in plain view):

Another alleged passport leak:

The alleged leak also includes sensitive documents. The hackers posted this sample (among many others):

The Alphv hacker group claims to have breached Sun Pharmaceutical Industries Ltd. and stole over 17TB of data, including the personal information of more than 1,500 employees, some of them from the USA and Europe.

The hackers state that they attempted to extract a ransom through “dialogue” with the company, but Sun Pharmaceuticals refused to engage with them.

The hackers assert that Sun Pharmaceuticals deliberately minimized the impact of the breach, stating publicly that it was merely a “minor event.”

Additionally, the hackers contend that the company’s IT department is persistently working to apprehend the culprits within their network by implementing a range of honeypot traps.

Here is a sample of an alleged passport scan that was leaked online by the hackers:

The hackers have issued threats to disclose information related to the company’s purported doping research. At present, the veracity of the breach and the hackers’ assertions cannot be independently verified.

The potential implications of the alleged data breach at Sun Pharmaceutical Industries Ltd. are significant and far-reaching.

If the hackers’ claims are indeed accurate, the affected individuals, as well as the company, could face serious consequences.

With personal information of over 1,500 employees at risk, those affected may face potential identity theft or fraud.

The stolen data could be misused by cybercriminals for various nefarious purposes, such as phishing attempts, targeted attacks, or even extortion.