Grafana Labs has confirmed a cybersecurity incident after a hacking group allegedly gained unauthorized access to company systems and claimed to have stolen internal data in an apparent extortion attempt.

The company disclosed that it is actively investigating the breach with the support of external cybersecurity and digital forensic specialists. Officials said immediate containment measures were deployed after the organization became aware of suspicious activity linked to the claims made by the attackers.

Hackers Allegedly Stole Internal Information

According to reports, the threat actors claimed they had extracted sensitive corporate information from Grafana’s internal infrastructure. The attackers reportedly attempted to pressure the company through extortion demands, threatening potential disclosure of the allegedly stolen data.

Grafana stated that its security teams quickly initiated incident response protocols after being alerted to the claims. The company has not yet confirmed the exact type or volume of data that may have been compromised.

External Cybersecurity Experts Brought In

The investigation is currently focused on determining the scale of the intrusion and identifying which systems may have been accessed during the breach. Third-party forensic investigators are analyzing system logs, authentication records, and network activity to assess the attackers’ movements inside the environment.

Company officials said the review remains ongoing and emphasized that monitoring efforts have been intensified to detect any further malicious activity.

No Evidence of Direct Impact on Customer Services

Grafana noted that there is presently no indication that customer-hosted environments or Grafana Cloud services were directly compromised in the incident. However, the company cautioned that the investigation is still in progress and findings could evolve as forensic analysis continues.

The company added that any affected customers or partners would be notified if investigators discover evidence that sensitive customer data or operational systems were exposed.

Rising Threat of Cyber Extortion Attacks

The incident reflects the growing wave of cyber extortion campaigns targeting technology companies, software providers, and cloud-based platforms worldwide. Cybercriminal groups increasingly rely on data theft and public leak threats to pressure organizations into negotiations or ransom payments.

Security experts warn that businesses are facing escalating threats from ransomware operations, credential theft attacks, and supply-chain intrusions aimed at enterprise infrastructure. The latest Grafana incident highlights the continued pressure on technology firms to strengthen cybersecurity defenses and incident response capabilities.

Industry analysts believe such attacks are likely to increase as hackers focus on high-value technology providers with access to large-scale enterprise systems and cloud services.

Cyber fraudsters are allegedly targeting customers of Mahanagar Gas Limited through a sophisticated scam involving fake gas bill alerts, malicious Android APK files, and call forwarding tricks designed to steal banking credentials and drain victims’ accounts.

Cybersecurity officials have warned that the scam is spreading rapidly across Maharashtra and Karnataka, with fraudsters exploiting fears of gas service disconnection to pressure users into taking immediate action.

Fraudsters Impersonate Mahanagar Gas Customer Support

According to reports, victims receive SMS messages or WhatsApp calls claiming their gas connection is about to be disconnected because of unpaid bills. The scammers allegedly pose as MGL customer care representatives and create urgency to manipulate users into responding quickly.

Victims are then sent links to download fake APK applications disguised as official Mahanagar Gas apps. Cybersecurity experts warned that these APK files are malicious Android installation packages capable of giving attackers remote access to mobile devices.

Officials stated that the fraudsters often rely on panic tactics and fake payment deadlines to prevent victims from verifying the authenticity of the messages.

Malicious APKs Used to Capture Banking Data

Investigators said that once the fake app is installed, cybercriminals may gain access to banking applications, passwords, personal information, and one-time passwords (OTPs) stored on the device.

In several reported cases, scammers allegedly instructed victims to dial specific mobile codes under the pretext of customer verification or account activation. Cyber experts warned that these codes can enable call and SMS forwarding services, allowing attackers to intercept OTPs and banking alerts without the victim’s knowledge.

Authorities believe the combination of remote device control and OTP interception enables fraudsters to conduct unauthorized banking transactions within minutes.

Victims Across Multiple States Report Financial Losses

Reports suggest that more than 100 individuals were allegedly targeted over the past month, with financial losses in Mumbai alone reportedly exceeding ₹2.7 crore. Victims included senior citizens, business owners, teachers, and domestic workers from Maharashtra and Karnataka.

In one incident under investigation, a 60-year-old resident from Thane allegedly lost more than ₹3.1 lakh after installing a malicious APK sent by individuals pretending to represent Mahanagar Gas. Police said unauthorized withdrawals were detected shortly after the application was installed on the victim’s phone.

Authorities Issue Cyber Safety Advisory

Cybercrime officials have strongly advised users never to download APK files received through SMS messages, WhatsApp links, or unknown sources. Authorities clarified that legitimate Mahanagar Gas services do not require customers to install unofficial applications for bill payments or account verification.

Users have also been warned against sharing OTPs, banking credentials, or personal information over calls and messaging platforms.

Experts recommend verifying all payment requests directly through official customer care channels and reporting suspicious activity immediately through government cybercrime portals or local police units.

India has witnessed cyber fraud losses exceeding ₹52,000 crore over the last five years, according to fresh data released by the Department of Telecommunications. The figures underline the growing scale of online financial crime as cybercriminal networks increasingly target citizens through sophisticated digital scams.

Officials revealed that nearly 60 lakh cyber fraud complaints were registered nationwide during the period, covering crimes such as UPI fraud, phishing attacks, fake investment schemes, OTP theft, digital arrest scams, and fraudulent customer care operations.

Authorities warned that rapid digital adoption across banking, telecom, and online payment systems has created new opportunities for organized cybercrime groups operating with advanced technological methods.

Government Launches Massive Cybercrime Crackdown

To combat the rising threat, the government initiated a nationwide enforcement drive involving telecom operators, banks, digital payment platforms, and law enforcement agencies.

As part of the operation, around 3.4 crore suspicious mobile numbers were blocked after investigators linked them to online fraud, phishing campaigns, fake KYC update calls, and extortion activities.

Authorities also suspended nearly 16.97 lakh WhatsApp accounts allegedly connected to cyber fraud syndicates operating across different states.

Officials stated that enforcement teams targeted devices used by cybercriminals as well, blocking approximately 2.27 lakh mobile handsets found operating with cloned or fake IMEI numbers. Investigators believe such devices were used to avoid digital tracking and conceal criminal identities.

Nearly 59 Lakh Bank Accounts Frozen

The financial crackdown extended to the banking sector, where authorities froze around 59 lakh suspicious bank accounts linked to fraudulent transactions and money laundering activities.

Government officials estimated that early intervention measures prevented nearly ₹1,000 crore from being transferred to criminal networks.

Cybercrime investigators noted that many fraud operations now rely on complex networks involving mule accounts, fake SIM cards, digital wallets, and encrypted communication platforms to move stolen funds rapidly.

Experts Warn of AI-Powered Cybercrime Threats

Triveni Singh warned that modern cybercrime is increasingly focused on psychological manipulation rather than purely technical attacks.

According to Singh, fraudsters commonly exploit fear, urgency, and greed through tactics such as fake police calls, digital arrest threats, identity suspension warnings, and investment scams promising unusually high returns.

He also cautioned that artificial intelligence could significantly intensify cybercrime risks in the future. Experts fear the growing misuse of AI-generated deepfake videos, cloned voices, and advanced social engineering techniques could make fraud detection more difficult for ordinary users.

AI Surveillance and New Telecom Laws Strengthen Enforcement

To strengthen cyber defence capabilities, the government has deployed AI-based fraud detection and surveillance systems capable of monitoring telecom data, banking activity, and digital payment transactions in real time.

Officials said these tools help identify suspicious financial patterns quickly, allowing authorities to intervene before stolen money is moved beyond recovery.

The government has also strengthened legal enforcement through the implementation of the Telecom Act 2023 and the Telecom Cyber Security Rules 2024, giving authorities expanded powers to investigate and block suspicious telecom activity.

In addition, upcoming Telecommunication Biometric Identity Verification System Rules 2025 may introduce mandatory biometric verification for SIM card issuance. Violations involving fake identity documents could attract prison terms of up to three years along with penalties reaching ₹50 lakh.

Meanwhile, the government’s Sanchar Saathi initiative has reportedly helped trace or block nearly 10 lakh lost or stolen mobile phones valued at around ₹1,250 crore.

Authorities urged citizens to immediately report cyber fraud incidents through the national cybercrime helpline 1930, stating that complaints filed within the first 24 hours significantly improve the chances of recovering stolen funds.