Pierluigi Paganini March 05, 2025

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 TB of stolen data.

The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary.

The group claims the theft of 1.4 terabytes of data and is threatening to leak it.

The ransomware attack took place in January as per a regulatory filing with the Indian National Stock Exchange. The company, which is engaged in product engineering, provides services to automotive and aerospace original equipment manufacturers as well as industrial machinery companies. 

As of 2023, the IT giant has over 11,000 employees across 18 delivery centers worldwide, including India, North America, Europe, and Asia-Pacific.

“Pursuant to Regulation 30 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, this is to inform you that the Company has become aware of a ransomware incident that has affected a few of our IT assets.” reads the filing. “As a precautionary measure, some of the IT services were suspended temporarily and have now been restored. Our Client delivery services have remained fully functional and unaffected throughout.”

The company revealed that it has disconnected some of its IT services to contain the threat, however all the systems have been restored.

The company notified the competent authorities and is investigating the incident with the help of external experts.

The Hunter International group recently added the Indian company to the list of victims on its Tor leak site.

According to the announcement, the group claims to have stolen 1.4 TB of data stored in over 730,000 files.

On October 14, 2022, Tata Power, India’s largest power generation company, announced a cyber attack hit its infrastructure. Threat actors hit the company’s information technology (IT) infrastructure.

The company confirmed that the security breach impacted “some of its IT systems.” The electricity giant immediately started operations to respond to the incident and restore the impacted systems.

A few days later, the ransomware gang Hive leaked the alleged stolen files on its Tor leak site. The gang claims to have breached the corporate network on October 3rd, 2022.

Stolen data include contracts, financial and business documents, engineering projects, and employees’ personally identifiable information (PII), including Aadhar card numbers.

Who is Hunters International?

The ransomware group emerged in the threat landscape after international authorities seized the Hive gang’s infrastructure. Hunters International is suspected to be a sort of rebrand of the Hive ransomware gang.

Experts noticed that the Hunters International group is using a code that is very similar to the one used by the Hive gang.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware attack)