Indian cybersecurity firm Innefu labs suffered a cyber attack
Innefu Labs, an Indian cybersecurity firm known for its advanced AI and data analytics solutions, has reportedly fallen victim to a sophisticated cyberattack. This narrative unfolds in the backdrop of similar incidents targeting Indian cybersecurity firms setting a foreboding tone for the story.
The Innefu Labs breach is not just a blow to the company, with its annual revenue exceeding $25 million, but also to its wide array of clients, including corporate and government sectors.
On January 10, 2024, a threat actor identified as ‘PreciousMadness’ announced on the RAMP forum their possession of unauthorized access to Innefu’s systems.
PreciousMadness’s offering includes unauthorized access to crucial components of Innefu’s infrastructure, such as Fortinet VPN and Microsoft 365 Services, priced at USD 1,300. Moreover, the Innefu data breach involves 54 GB of exfiltrated data, available for an additional cost.
The threat actor has encouraged potential buyers to contact privately for proofs and more details, a standard practice in such underground forums.
Innefu lab was founded in 2012 by Tarun Wig and Abhishek Sharma, Innefu Labs offers products for identity authentication, predictive intelligence, and data protection to various corporate and government clients.
The trend of cyberattacks against Indian cybersecurity companies, epitomized by these high-profile breaches, signals a concerning shift in the landscape of digital security.
These incidents are not isolated events but rather indicative of a broader, more systemic challenge facing the cybersecurity sector in India and globally.
The intricate story of Innefu Labs further intertwines with the Donot Team and Bahamut APT, a cyber threat group associated with spyware attacks. While Innefu Labs denied any involvement, an Amnesty International report suggests potential connections based on digital forensic evidence.
