-
A threat actor claims to be selling 31GB of alleged DRDO and Indian military data for $8,000.
-
The advertised files reportedly contain project documents, engineering records, employee details, and other sensitive materials.
-
No independent investigation has confirmed that the data is genuine or linked to a breach of DRDO systems.
A threat actor has claimed to possess thousands of files allegedly linked to India’s Defence Research and Development Organisation (DRDO) and military projects. The actor is now offering the archive for sale on a dark web forum.
The claim first came to light through a post shared by Dark Web Informer on X. According to the post, the seller is asking $8,000 for what they describe as 31GB of sensitive data.
The listing says the archive contains several types of internal records. These reportedly include project design documents, military engineering files, technical records, employee information, and materials the seller describes as classified. The seller also uploaded sample files. The samples were shared to convince buyers that the archive is real.
At the time of writing, however, no independent researcher has confirmed the authenticity of the files. There is also no evidence showing that the data truly came from DRDO or any Indian military system. Neither DRDO nor any Indian government agency has announced a cyberattack connected to the listing.
Dark Web Listing Raises Questions, But No Breach Has Been Confirmed
Threat actors often post stolen data for sale on underground forums. Some listings later turn out to contain genuine information. Others contain old records, public documents, or completely fabricated files. As such, cybersecurity researchers usually treat such advertisements with caution until they complete a proper investigation.
The same caution applies to other military breach claims; a hacker has alleged a major data breach of the Chinese military.
In this case, no cybersecurity company has verified the seller’s claims. No government agency has confirmed that classified military information has been exposed. That makes the listing an allegation rather than proof of a successful breach.
The advertised archive reportedly contains military project designs and engineering documents. The seller also claims it includes employee information and other internal records.
If those claims eventually prove true, the information could attract cybercriminals or foreign intelligence groups looking for sensitive defence material. Employee details could also become valuable for phishing attacks.
Criminals often use personal information to make fake emails or messages appear trustworthy. For now, though, there is no proof that the files are authentic. There is also no confirmation that secure defence systems were compromised.
Previous Defence Claims Show Why Experts Remain Careful
The latest listing follows another claim involving India’s defence sector earlier this year. The Babuk Locker 2.0 ransomware group previously claimed it had stolen 20TB of data from India’s Ministry of Defence and DRDO. The group later released a small collection of documents as proof of its claim.
However, later reporting by ThePrint, citing government officials and cybersecurity sources, suggested the hackers had greatly overstated the incident. According to those findings, investigators believed the exposed files likely came from an internet-connected computer used by an individual official.
They did not believe the attackers had broken into secure DRDO networks. That case reminded investigators that a small number of genuine files does not always prove a much larger claim.
A threat actor may possess authentic documents while exaggerating how much information was actually stolen. For that, security experts continue to examine new dark web listings carefully before accepting them as genuine.
Each case requires technical analysis. Researchers also need to confirm where the files came from and whether they contain sensitive information. Without that process, it is impossible to determine if a listing reflects a real breach or simply an attempt to attract buyers.
Investigation Still Needed to Verify Seller’s Claims
If the newly advertised archive eventually proves authentic, it could expose information related to defence research and military engineering projects. It could also place employee information at risk. Criminals sometimes use such records to launch phishing campaigns or gather intelligence for future attacks.
However, there is still no evidence showing that classified DRDO systems have been breached. No independent forensic investigation has verified the files. No official statement has confirmed the claims made by the seller.
For that reason, cybersecurity researchers continue to describe the listing as unverified. Dark web marketplaces regularly feature high-profile organizations to attract attention from buyers. Some listings later contain genuinely stolen information. Others fail independent verification or contain recycled material from older incidents.
This latest listing remains in that same category. Until researchers, government agencies, or DRDO confirm the authenticity of the advertised files, the alleged 31GB archive should be treated as an unverified claim rather than evidence of a confirmed cyber breach.