LockBit, a prolific ransomware group, has claimed responsibility for hacking Motilal Oswal, one of India's leading securities firms. Indian authorities said they were aware of the incident and were investigating.
Rockbit on Tuesday added leading Indian brokerage firm Motilal Oswal to its dark web leak site, according to a list seen by TechCrunch. Cybercriminal groups often use leak sites to extort ransom payments from victims, threatening to release their stolen data if they fail to pay.
Rockbit claims to have accessed “confidential company data.”
Motilal Oswal serves approximately 6 million customers across hundreds of cities in India and has approximately $53 billion in assets under advice.
It is unclear whether securities companies are experiencing any disruption to their operations. Motilal Oswal's spokesperson did not respond to multiple emails seeking comment but did not dispute the incident.
The Computer Emergency Response Team of India (CERT-In) told TechCrunch in an email on Thursday that it is aware of the issue and “has already taken appropriate steps.”
Founded in 1987, Motilal Oswal operates a range of financial services including asset and asset management, equity and commodity trading, investment banking, institutional brokerage and mutual fund distribution. The financial giant also owns a private equity subsidiary called Motilal Oswal Alternatives, which backs a wide range of companies including electronics maker Dixon and VVDN Technologies, as well as startups such as KreditBee.
Since 2022, LockBit has emerged as one of the most deployed ransomware variants worldwide. A Russian-linked ransomware group claimed to have attacked tech companies including Taiwanese chipmaker TSMC, IT services company Accenture, and manufacturing company Foxconn. Last year, the Rockbit group also attacked Indian pharmaceutical company Granules India and India's state-run National Institute of Aeronautics and Space Research.