C-Edge Technologies Details
C-Edge Technologies
Mimbai • 699 employees • Financial Services
India
Industry
Financial Services
Security Incidents
1
C-Edge is a joint venture formed by Tata Consultancy Services Ltd. (TCS) and State Bank of India (SBI) to offer advanced technology solutions tailored to the needs of the financial services sector in India and other emerging markets. The company was established to harness the technical prowess of TCS and the comprehensive banking expertise of SBI, providing integrated IT solutions and services that drive digital transformation within the industry.
One of the main focuses of C-Edge is to offer scalable and customizable software solutions to enhance efficiency, security, and customer experience...
Show more
Security Incidents
C-Edge Technologies Breach of Aug 2024
The RansomEXX ransomware group, known for targeting large organizations, was identified as the perpetrator. They leveraged the initial access likely obtained through an Initial Access B...
Show more
Show more
Fortunately, no direct customer data exposure was reported; however, the attack did result in systems going offline, causing disruptions to services offered by affected banks and payment providers. Internal company data was likely compromised, and there is a potential risk of sensitive data, including intellectual property, being stolen. The attack underscores the critical need for robust, regularly updated security configuration...
Show more
Severity Score
Significant to High
Type
Ransomware AttackSummary
C-EDGE (a joint venture between TCS and SBI), experienced a ransomware attack that disrupted India's banking ecosystem. The attack originated from a misconfigured Jenkins server at Brontoo Technology Solutions, vulnerable to CVE-2024-23897, a local file inclusion (LFI) vulnerability. Exploiting this vulnerability, the attackers gained secure shell access by reading private keys, facilitated by an open port 22.The RansomEXX ransomware group, known for targeting large organizations, was identified as the perpetrator. They leveraged the initial access likely obtained through an Initial Access B...
Show more
Severity
The incident involved a misconfigured Jenkins server that was exploited by the RansomEXX ransomware group, leading to unauthorized access and significant operational disruptions. Even though no direct customer data exposure was reported, the attack took several systems offline, affecting services provided by banks and payment processors. Compromise of internal company data, along with potential theft of sensitive information and intellectual property, highlights the severity and sophistication of this attack. Given the impact on critical financial services and the advanced tactics used, this i...Show more
Impact
The incident involved the exploitation of a misconfigured Jenkins server, leading to unauthorized access and subsequent disruption by the RansomEXX ransomware group.Fortunately, no direct customer data exposure was reported; however, the attack did result in systems going offline, causing disruptions to services offered by affected banks and payment providers. Internal company data was likely compromised, and there is a potential risk of sensitive data, including intellectual property, being stolen. The attack underscores the critical need for robust, regularly updated security configuration...
Show more
KEEP YOUR ENVIRONMENT SECURE
Weak credentials are the leading cause of breaches. Beyond Identity can help.
See MFA exploits in action
Watch how adversaries exploit companies in quick videos