It has been reported that Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month. A subsidiary of the multinational conglomerate Tata Group, Tata Power is India’s largest integrated power company based in Mumbai.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
From our point of view, the scope of the attack is quite broad, affecting multiple departments of the company. Hive is a threat actor group that has been quite active in recent weeks. After a period in which it has kept a low profile, in the last 5 weeks, Hive has published 13 victims, most of them important targets.
Hive’s activity accounts for 5.6% of the attacks we have detected in 2022. While this figure does not stand out in terms of quantity, we would point out that the targets have usually been fairly large companies, with Hive opting for “quality” rather than quantity of targets. The group has no disregard targeting critical infrastructure, having victims from the healthcare and energy sectors.
Advanced persistent threat groups (APT) such as the Hive ransomware gang continue to display their desire to interrupt the daily activities of our lives by targeting critical infrastructure citizens rely upon, be it the delivery of electric power, ambulatory and in-patient services, or other basic services we take for granted every day. Properly segmenting critical infrastructure, monitoring activities in and out of OT operations, and having a play-book to properly triage events like this are of paramount importance to localizing the attacks to stop them before their spread and to keep our citizens safe and our operations resilient.