Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Analyze » Delhivery » MINDEL1766563271

Incident Score: Analysis & Impact (MINDEL1766563271)

The details regarding individual company incidents & reports gives you full view from every side.

Rankiteo Score Impact Analysis

Rankiteo Incident Impact-13
Company Score Before Incident765 / 1000
Company Score After Incident752 / 1000
INCIDENT NUMBERMINDEL1766563271
Type of Cyber IncidentCyber Attack
ATTACK VECTORSMS (Smishing)
DATA EXPOSEDCredit/debit card details (number, expiry...
INCIDENT DATE23/12/2025
STATUSOngoing (infrastructure analysis and tracking)

Key Highlights From The Incident Analysis

  • Timeline of Delhivery's Cyber Attack and lateral movement inside company's environment.
  • Overview of affected data sets, including SSNs and PHI, and why they materially increase incident severity.
  • How Rankiteo’s incident engine converts technical details into a normalized incident score.
  • How this cyber incident impacts Delhivery Rankiteo cyber scoring and cyber rating.
  • Rankiteo’s MITRE ATT&CK correlation analysis for this incident, with associated confidence level.

Full Incident Analysis Transcript

In this Rankiteo incident briefing, we review the Delhivery breach identified under incident ID MINDEL1766563271.

The analysis begins with a detailed overview of Delhivery's information like the linkedin page: https://www.linkedin.com/company/delhivery, the number of followers: 1206197, the industry type: Transportation, Logistics, Supply Chain and Storage and the number of employees: 30999 employees

After the initial compromise, the video explains how Rankiteo's incident engine converts technical details into a normalized incident score. The incident score before the incident was 765 and after the incident was 752 with a difference of -13 which is could be a good indicator of the severity and impact of the incident.

In the next step of the video, we will analyze in more details the incident and the impact it had on Delhivery and their customers.

Indian vehicle owners recently reported "RTO Scam Campaign Targeting Indian Vehicle Owners via E-Challan Phishing", a noteworthy cybersecurity incident.

A renewed RTO scam campaign targeting Indian vehicle owners is gaining momentum, exploiting trust in government transport services through browser-based e-challan phishing.

The disruption is felt across the environment, and exposing Credit/debit card details (number, expiry date, CVV, cardholder name), plus an estimated financial loss of Card data harvested for unauthorized transactions.

Formal response steps have not been shared publicly yet.

The case underscores how Ongoing (infrastructure analysis and tracking), teams are taking away lessons such as Shift from malware-based attacks to browser-driven financial theft highlights the need for continuous threat intelligence, infrastructure tracking, and coordinated action across telecoms, banks, and security teams. Awareness alone is insufficient; proactive mitigation is required, and recommending next steps like Leverage AI-powered threat intelligence to detect and disrupt phishing campaigns, Implement rapid takedowns of fraudulent domains and infrastructure and Enhance monitoring of SMS-based phishing (smishing) campaigns, with advisories going out to stakeholders covering Vehicle owners advised to verify e-challan notices via official government portals and avoid clicking unsolicited SMS links.

Finally, we try to match the incident with the MITRE ATT&CK framework to see if there is any correlation between the incident and the MITRE ATT&CK framework.

The MITRE ATT&CK framework is a knowledge base of techniques and sub-techniques that are used to describe the tactics and procedures of cyber adversaries. It is a powerful tool for understanding the threat landscape and for developing effective defense strategies.

MITRE ATT&CK® Correlation Analysis

Rankiteo's analysis has identified several MITRE ATT&CK tactics and techniques associated with this incident, each with varying levels of confidence based on available evidence. Under the Initial Access tactic, the analysis identified Phishing: SMS Phishing (T1566.002) with high confidence (95%), with evidence including unsolicited SMS messages warning recipients of overdue traffic fines, and embedded links in SMS redirecting to fraudulent portals. Under the Credential Access tactic, the analysis identified Modify Authentication Process (T1556) with moderate to high confidence (80%), supported by evidence indicating fake portals prompt victims to enter vehicle/license details and card data and Input Capture: Keylogging (T1056.001) with moderate to high confidence (70%), supported by evidence indicating all entered card data is transmitted to attacker-controlled servers. Under the Collection tactic, the analysis identified Command and Scripting Interpreter: JavaScript (T1059.007) with moderate to high confidence (75%), supported by evidence indicating browser-based fraud harvesting card data via fake payment pages and Data from Local System: Input Capture (T1213.003) with moderate to high confidence (80%), supported by evidence indicating victims enter credit/debit card details on fraudulent portals. Under the Exfiltration tactic, the analysis identified Exfiltration Over C2 Channel (T1041) with high confidence (90%), supported by evidence indicating all entered card data is transmitted to attacker-controlled servers. Under the Defense Evasion tactic, the analysis identified Subvert Trust Controls: Code Signing (T1553.002) with moderate to high confidence (70%), supported by evidence indicating phishing pages replicate government branding (MoRTH, NIC) and Masquerading: Match Legitimate Name or Location (T1036.005) with moderate to high confidence (85%), supported by evidence indicating fraudulent portals mimic official e-challan domains. Under the Impact tactic, the analysis identified Resource Hijacking (T1496) with moderate to high confidence (70%), supported by evidence indicating financial theft via harvested card data for unauthorized transactions. These correlations help security teams understand the attack chain and develop appropriate defensive measures based on the observed tactics and techniques.

Initial Access
Phishing: SMS Phishing (95%)
Credential Access
Modify Authentication Process (80%)
Input Capture: Keylogging (70%)
Collection
Command and Scripting Interpreter: JavaScript (75%)
Data from Local System: Input Capture (80%)
Exfiltration
Exfiltration Over C2 Channel (90%)
Defense Evasion
Subvert Trust Controls: Code Signing (70%)
Masquerading: Match Legitimate Name or Location (85%)
Impact
Resource Hijacking (70%)

Sources & References