India’s Ministry of New and Renewable Energy (MNRE) Breached, Threat Actor Claims on Hacking Forum

• The Ministry of New and Renewable Energy in India was reportedly hit by a data breach.
• A hacker claimed to be holding the exfiltrated database that is supposedly for sale for a small price.
• Leaked data may include admin credentials, full names, phone numbers, dates of birth, email addresses, and more.

India’s Ministry of New and Renewable Energy (MNRE) has reportedly been the victim of a cyberattack, with a threat actor claiming to have exfiltrated sensitive data from the ministry’s official website, mnre.gov.in. 

The breach was announced on a prominent hacking forum on Monday, January 27, where the cybercriminal is offering the stolen data for sale.

The MNRE data set is being sold for $150 and is alleged to include the following details:

• Full names
• Administrative user credentials - Username and Password
• User Status
• Logs
• Mobile phone numbers
• Date of birth
• Email address 
• Home address
• Company Name
• Type of Company

TechNadu has cross-checked the data from the leaked sample, and it appears some details match personalities from the energy sector.

The hacker has not disclosed the exact method used to breach the government portal nor provided extensive proof of the compromised data’s authenticity beyond the claims made in their forum post.

At the time of writing, the MNRE has not yet issued an official statement regarding the attack. Their website currently operates as usual, with no visible disruptions or acknowledgments of the alleged breach. 

TechNadu has reached out to the MNRE for an official stance on the alleged security breach.

The Ministry’s main focus is promoting renewable energy initiatives like solar, wind, and bioenergy projects. This domain typically handles large volumes of data from various stakeholders, from policymakers to private sector collaborators. 

This breach adds yet another incident to the growing list of cyberattacks targeting high-profile government entities, both in India and globally. Such breaches can have far-reaching consequences, particularly when sensitive personally identifiable information (PII) is exposed.