Tata Technologies hit by Hunters International ransomware attack. The group threatened to leak 1.4TB of data. Learn about the extortion, potential data leak, and the connection to Hive ransomware.
Tata Technologies, a subsidiary of Indian multinational conglomerate Tata Motors, has reportedly been targeted by the ransomware group Hunters International. The attackers claim to have exfiltrated a massive 1.4 terabytes of data, encompassing over 730,000 files, from the engineering firm.
This incident follows a mandatory disclosure made by Tata Motors to the Indian stock exchange in January 2025, where they reported a “ransomware incident” that had temporarily disrupted some of their IT services.
“The Company has become aware of a ransomware incident that has affected a few of our IT assets. As a precautionary measure, some of the IT services were suspended temporarily and have now been restored,” the disclosure read.
While Tata Technologies acknowledged the incident at the time and stated that client delivery services remained unaffected, they did not disclose the identity of the attackers or the extent of the data breach.
Hunters International has now claimed responsibility for the attack. They are threatening to publicly release the stolen data unless a ransom is paid, although the specific amount demanded has not been disclosed.
For your information, Hunters International is a notorious ransomware gang known for pursuing high-value targets. The group has a history of targeting organizations across various sectors, including automotive, finance, and healthcare.
There is speculation that Hunters International may be a rebranded version of the now-defunct Hive ransomware gang, which was disrupted in a joint operation by the FBI, German, and Dutch law enforcement agencies in 2023 leading to the seizure of their site The Hive Leak..
This suspicion arises from the observation that both groups utilize the same strain of ransomware. Notably, Hive had previously targeted Tata Power in 2022, leaking stolen data after the company refused to pay the ransom.
The current situation with Tata Technologies remains unresolved. The company has not publicly commented on the ransom demand or confirmed whether they are in contact with the attackers.
Nonetheless, the incident reignites concerns about the potential resurgence of the Hive ransomware gang under a new guise, raising questions about the effectiveness of law enforcement disruptions. It also reinstates the persistent threat of ransomware attacks and the vulnerability of even large multinational corporations to sophisticated cybercriminal groups.
Moving forward, this situation highlights the critical need for organizations to prioritize advanced cybersecurity measures, incident response planning, and proactive threat intelligence to mitigate the impact of such attacks. The outcome of Tata Technologies’ response to this incident will undoubtedly serve as a case study for other organizations facing similar threats.
Camellia Chan, CEO and co-founder of X-PHY commented on the latest development stating, “The industrial sector was the most attacked sector in 2024. With the news that Hunters International has allegedly listed 1.4TB of Tata Technologies’ data, it’s clear this trend shows no signs of slowing down.”
“Due to the scale of their operations, industrials are perceived as having high ransom potential compared with other businesses. Take Tata Technologies as an example. Their customers are household automotive and aerospace engineering names like Jaguar, Airbus, Ford, and Honda which screams ‘cash’ for cybercriminals,” Camellia added.
“The only – and I mean only – way to stop this from happening is AI-first and multi-layer defence strategy that combines software and hardware solutions. This will proactively seek out threats before bad actors have a chance to gain access,” she explained.