Indian automaker Bajaj Auto confirmed on June 23, 2026, that a ransomware attack struck the systems of the company and its wholly owned subsidiary, Bajaj Auto Technology Ltd (BATL). According to a regulatory filing, the incident began at approximately 8:00 AM IST, triggering an immediate response from the company's technical teams and external cybersecurity experts. Bajaj Auto, one of the world's largest two-wheeler and three-wheeler manufacturers, reported that its containment measures have so far been successful in mitigating the impact.
What Happened
Bajaj Auto disclosed the cyber security incident in a regulatory filing as a matter of good governance. The company stated that upon becoming aware of the attack, its technical team, alongside cybersecurity experts and management, "responded promptly and initiated necessary precautionary actions and protocols to mitigate the impact of this incident."
The ransomware affected systems at both the parent company and BATL, its technology subsidiary. Bajaj Auto reported that, based on information available at the time of disclosure, the measures undertaken were successful in containing the threat. The company has notified the Indian Computer Emergency Response Team (CERT-In) in accordance with the provisions of the Information Technology Act, 2000.
What Was Taken
Bajaj Auto has not disclosed whether any data was exfiltrated or compromised in the attack. The regulatory filing did not detail the extent of the disruption, the volume or sensitivity of any affected data, or whether manufacturing and business operations were materially impacted.
This information gap is typical in the early hours of a ransomware response, when forensic investigation is still underway. No threat actor has publicly claimed responsibility at the time of this report, and no ransom demand or data leak listing has been confirmed. Defenders should treat the question of data theft as open until Bajaj Auto or investigators provide further detail.
Why It Matters
Bajaj Auto is a flagship Indian manufacturer with global export reach, making any disruption to its operations strategically significant for the automotive supply chain. A ransomware event that simultaneously hits a parent company and its technology subsidiary illustrates how attackers exploit shared infrastructure and trust relationships to maximize blast radius across a corporate group.
The incident also reflects a broader pattern of ransomware operators targeting manufacturing and industrial firms, where downtime is expensive and the pressure to restore operations quickly can push victims toward paying. Bajaj Auto's swift disclosure and CERT-In notification set a constructive transparency benchmark for Indian enterprises, even as key impact details remain undisclosed.
The Attack Technique
The specific initial access vector, ransomware family, and threat actor behind the Bajaj Auto incident have not been publicly confirmed. The company has not named the strain deployed or how the intruders gained entry.
Ransomware operators commonly breach manufacturers through phishing, exploitation of internet-facing vulnerabilities, compromised remote access services such as VPN or RDP, and abuse of valid credentials. The simultaneous impact across the parent company and BATL suggests lateral movement through interconnected networks or shared identity systems, a hallmark of modern human-operated ransomware campaigns. Until forensic findings are released, organizations should assume a multi-stage intrusion involving privilege escalation and lateral movement.
What Organizations Should Do
- Enforce phishing-resistant multi-factor authentication on all remote access, VPN, RDP, and privileged accounts to blunt credential-based entry.
- Segment networks between parent and subsidiary environments, limiting trust relationships and lateral movement paths between shared systems.
- Maintain tested, offline and immutable backups, and routinely rehearse restoration to ensure rapid recovery without paying a ransom.
- Patch internet-facing systems promptly and continuously monitor for exposed services, unpatched VPN appliances, and exploitable edge devices.
- Deploy endpoint detection and response tooling with alerting for the early indicators of ransomware staging, such as anomalous encryption activity and mass file changes.
- Prepare and exercise an incident response plan that includes regulatory notification obligations, such as India's CERT-In reporting requirements under the IT Act, 2000.
Sources: Bajaj Auto's systems hit by ransomware attack - The Economic Times