The notorious BASHE ransomware group has reportedly breached the ICICI Bank database, one of India’s leading private sector banks, and claimed responsibility for the attack.
The alleged attack has surfaced on the dark web, where the hackers have set a ransom deadline of January 24, 2025, threatening to expose sensitive information if their demands are not met.
The BASHE group, also known as APT73 or Eraleig, has been active since April 2024 and employs tactics similar to LockBit, targeting critical industries across developed nations. Using a TOR-based Data Leak Site (DLS), the group uses data extortion to pressure victims into compliance.
This group has a reputation for targeting high-value businesses across multiple sectors globally, including banking, healthcare, and technology. Their operations involve sophisticated strategies, often employing Tor networks for anonymity.
ICICI Bank, which serves millions of customers across India and has a significant international presence, has not officially acknowledged the breach.
However, posts on social media platforms like X have been buzzing with concerns from users and cybersecurity enthusiasts, highlighting the potential severity of the situation given the bank’s classification as “critical information infrastructure” by the Indian government in 2022.
The BASHE group is demanding an undisclosed ransom, with a countdown timer on their dark web site providing a stark ultimatum to ICICI Bank.
This incident follows a pattern seen with the group’s previous targets, including Federal Bank in December 2024, where they claimed to have stolen a database with over 600,000 entries.
Cybersecurity experts are urging ICICI Bank to respond swiftly to mitigate customer data risks. Suggestions include enhancing security protocols, notifying affected users, and working closely with law enforcement and cybersecurity agencies to track down the perpetrators.
The Indian Computer Emergency Response Team (CERT-In) has not yet commented on the matter, but given the potential national security implications, involvement at the governmental level is anticipated.
As the deadline looms, the banking community and its customers are watching closely, hoping for a resolution that prevents the potential fallout of a major data leak.
The incident underscores the escalating cyber threats to financial institutions and the importance of robust cybersecurity measures in protecting digital assets and personal information.
ICICI Bank has not publicly acknowledged any breach related to the alleged ransomware attack by the BASHE group. The claims regarding the breach are primarily based on dark web research and reports from cybersecurity sources.
ICICI Bank has previously denied similar data breach allegations, emphasizing that leaked data could not be conclusively linked to their systems.
Cyber Security News contacted ICICI Bank for a comment but has not received a response. This remains a developing story, and further verification is needed to confirm the authenticity of these claims.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known…
Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as "Salt…
A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen™ Master…
Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql. …
A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute…
Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as…