Indian Import Export Data for Sale
Published 18 May 2021
- CloudSEK discovered a post, on a cybercrime forum, advertising an Indian customs database
- The database contains 130 million records including importer, supplier details
Share this Threat Intel:
CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a cybercrime forum, advertising an Indian customs database that contains 130 million records. The database purportedly contains Import/ Export data from 2019 to 2020.
On 29 April 2021 a threat actor shared a post selling Indian Customs data for USD 500 on a popular underground data sharing forum.
Information from Source
The threat actor claims that the database contains the following records:
|40 million records||31 million records|
|35 million records||30 million records|
The threat actor has provided sample data for both Import and Export data:
Import Data Sample:
Export Data Sample:
- Port names
- IEC (Importer-Exporter Code)
- Importer name
- Importer Address
- Supplier name
- Supplier Address
- Invoice details
- Pricing information
- Exchange rates
Based on the data schema, there is no PII (Personally Identifiable Information) of individuals. Also, most of the data in the database sample are public, except the invoice details and other administrative data.
- Secure web applications from injection attacks.
- Ensure proper maintenance of network connected systems, especially those exposed to the internet.
- Use strong/complex passwords and MFA (Multi Factor Authentication) for administrative logins and VPN endpoints.
- Use efficient NIDPS (Network Intrusion Detection and Prevention Systems) and XDR (Extended Detection and Response) systems to prevent intrusions.