{
	"id": "8a8cde29-2051-456b-82e0-423fc159e80a",
	"created_at": "2026-04-06T00:10:35.279489Z",
	"updated_at": "2026-04-10T13:12:11.013695Z",
	"deleted_at": null,
	"sha1_hash": "5929ba4f26abca0b2a27bdd71d207d0b4c62c3c4",
	"title": "BlackCat Adds Indian Missile Fuel Maker to Its Victims List",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 289394,
	"plain_text": "BlackCat Adds Indian Missile Fuel Maker to Its Victims List\r\nBy Jayant Chakravarti\r\nArchived: 2026-04-05 13:00:56 UTC\r\nFraud Management \u0026 Cybercrime , Ransomware\r\nRansomware-as-a-Service Group Purports to Sell Indian Military Data on Dark Web (@JayJay_Tech) • February\r\n2, 2023    \r\nBlackCat hackers say they stole sensitive data about the propellant in fuel used for Akash surface-to-air missiles, seen here at a parade in 2007. (Image: India Ministry of Defense)\r\nAn Indian rocket propellant manufacturer is facing the possibility of the BlackCat ransomware-as-a-service group\r\nleaking what it says is more than 2 terabytes of sensitive data.\r\nSee Also: AI Pushes Cyberattacks to New Speed Levels\r\nBlackCat, also known as Alphv, says it stole from Solar Industries specifications for the propellant used in a slew\r\nof Indian military missile and rocket systems as well as warhead data and personal information pertaining to the\r\ncompany's employees and customers.\r\nThe ransomware group, suspected of being the successor to DarkSide and BlackMatter with ties to some former\r\nREvil members, says the data is for sale. Nagpur-based Solar Industries has not addressed the matter publicly. The\r\ncompany’s website has been offline for days now. Nagpur Today reported that senior officials from the ministries\r\nof defense and home affairs and intelligence agencies descended on the city and that the Central Bureau of\r\nInvestigation is poised to investigate.\r\nhttps://www.bankinfosecurity.com/blackcat-adds-indian-missile-fuel-maker-to-its-victims-list-a-21089\r\nPage 1 of 2\n\nThe stolen data also apparently includes security camera footage of Solar Industries' factory, audits and reports of\r\nflaws and vulnerabilities in the company's products and information about supply chain vendors.\r\nThe publicly traded company, founded in 1983 as a maker of mining explosives, has a 28% share of India's\r\ncommercial and military explosives market, market analysis shows.\r\n\"BlackCat has one of the most sophisticated malware programs that can purportedly infect various Windows and\r\nLinux operating system versions,\" researchers from cybersecurity firm CloudSEK tell Information Security Media\r\nGroup.\r\n\"It is customizable and heavily human-operated, which is especially important since it primarily targets large\r\nentities. The malware can employ four different encryption routines, use several cryptographic algorithms,\r\nproliferate via local networks - i.e., spread between computers, terminate virtual machines, etc.,\" they say.\r\nNaavi Vijayashankar, chairman of the Foundation of Data Protection Professionals in India, tells ISMG that\r\nnational authorities will almost certainly classify the hack as a \"'cyber terrorist attack,' considering the sensitive\r\nnature of the activity of the company and the nature of data lost.\"\r\nHe adds that Solar Industries could face its own investigation. Existing Indian law requires the private sector\r\ncompany to have appropriate security measures in place.\r\nSource: https://www.bankinfosecurity.com/blackcat-adds-indian-missile-fuel-maker-to-its-victims-list-a-21089\r\nhttps://www.bankinfosecurity.com/blackcat-adds-indian-missile-fuel-maker-to-its-victims-list-a-21089\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bankinfosecurity.com/blackcat-adds-indian-missile-fuel-maker-to-its-victims-list-a-21089"
	],
	"report_names": [
		"blackcat-adds-indian-missile-fuel-maker-to-its-victims-list-a-21089"
	],
	"threat_actors": [
		{
			"id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b",
			"created_at": "2022-10-25T16:07:23.303713Z",
			"updated_at": "2026-04-10T02:00:04.530417Z",
			"deleted_at": null,
			"main_name": "ALPHV",
			"aliases": [
				"ALPHV",
				"ALPHVM",
				"Ambitious Scorpius",
				"BlackCat Gang",
				"UNC4466"
			],
			"source_name": "ETDA:ALPHV",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BlackCat",
				"GO Simple Tunnel",
				"GOST",
				"Impacket",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Munchkin",
				"Noberus",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"WebBrowserPassView"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434235,
	"ts_updated_at": 1775826731,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5929ba4f26abca0b2a27bdd71d207d0b4c62c3c4.pdf",
		"text": "https://archive.orkl.eu/5929ba4f26abca0b2a27bdd71d207d0b4c62c3c4.txt",
		"img": "https://archive.orkl.eu/5929ba4f26abca0b2a27bdd71d207d0b4c62c3c4.jpg"
	}
}