Cyber Attacks in Nepal

 


In recent years, Nepal has witnessed a surge in cyberattacks, posing significant challenges to its digital infrastructure and national security. From government servers to financial institutions, no sector remains immune to these insidious threats. In this comprehensive blog post, we delve into the world of cyber warfare, exploring incidents, vulnerabilities, and countermeasures within Nepal.

The Growing Threat of Cyber Attacks: Nepal's digital landscape has rapidly evolved in the past decade, with increased internet penetration, widespread use of smartphones, and the adoption of digital payment systems. While these advancements offer numerous benefits, they also attract cybercriminals seeking to exploit vulnerabilities for financial gain or malicious intent. Cyber attacks in Nepal encompass a wide range of threats, including malware infections, phishing scams, data breaches, ransomware attacks, and distributed denial-of-service (DDoS) attacks.

1. Singha Durbar Server Under Siege

The heart of Nepal’s administrative machinery, the Singha Durbar server, has been relentlessly targeted by cybercriminals. Despite restoring numerous official websites after a recent intrusion, the server continues to face distributed denial-of-service (DDoS) attacks. These attacks overload the system, rendering it vulnerable and disrupting essential services. Notably, even international travel was impacted due to the shutdown of the immigration server.

2. Common Cybersecurity Incidents

Nepal encounters a spectrum of cyber threats. Some commonly reported incidents include:

a. ATM Attacks

Financial institutions grapple with ATM breaches, jeopardizing customer data and funds.

b. Ransomware

Ransomware infiltrates systems, encrypting critical files and demanding ransom payments.

c. Spear Phishing

Sophisticated phishing attacks target specific individuals or organizations, often leading to data breaches.

d. Privacy Leaks

Personal information leaks compromise privacy and can have severe consequences.

e. Social Media-Related Crimes

From harassment to identity theft, social media platforms witness malevolent activities.

3. Notable Breaches

Several high-profile breaches have shaken Nepal’s cybersecurity landscape:

a. Paradox Cyber Ghost (2017)

Hacking 58 government websites, Paradox Cyber Ghost demonstrated the vulnerability of Nepal’s digital infrastructure.

b. NIC Asia Bank SWIFT System Hack (2017)

An unidentified hacker infiltrated the SWIFT system of NIC Asia Bank, making off with millions of dollars.

4. Strengthening Defenses

To combat cyber threats, Nepal must:

a. Enhance Infrastructure

Invest in robust cybersecurity infrastructure, including intrusion detection systems and firewalls.

b. Promote Awareness

Educate citizens, businesses, and government agencies about safe online practices.

c. Foster Collaboration

Collaborate with international agencies and neighboring countries to share threat intelligence.


What Makes Nepal Vulnerable?

  • Limited Cybersecurity Awareness: Lack of awareness among internet users regarding online safety practices makes them easy targets for cybercriminals.
  • Inadequate Infrastructure: Nepal's cybersecurity infrastructure is still under development, lacking robust defense systems to counter sophisticated attacks.
  • Outdated Laws: Existing cybercrime laws might not be comprehensive enough to address the evolving nature of cyber threats.
  • Limited Technical Expertise: Nepal faces a shortage of skilled cybersecurity professionals to effectively manage and respond to cyber incidents.



      The Major cyber attacks incident in Nepal 


The earliest recorded cyber incidents in Nepal date back to the early 2010s. While the exact first incident remains unclear due to many unreported cases, here are some notable early cybercrimes:

1.Online Swindling (July 2013):

In July 2013, an adolescent woman fell victim to online swindling. She transferred Rs. 110,000 for an online airline ticket booking but received only Rs. 15,000 back after seeking legal help.This in.cident highlighted the risks associated with online financial transactions.

2.First Known Cyberbullying Case (October 2014):


The first reported case of cyberbullying occurred on October 7, 2014, at the Kathmandu School of Law.
This incident raised awareness about the need to address online harassment and protect individuals from cyber threats.

3.Hacking of Government Websites (2017):


In 2017, a group called “Paradox Cyber Ghost” hacked 58 government websites simultaneously, compromising sensitive information and creating a significant security breach.
This incident underscored the importance of robust cybersecurity measures for government agencies.

4.SWIFT System Hack (2017):


In the same year, the SWIFT system of NIC Asia Bank was hacked by an unidentified individual. Approximately USD 4.4 million was intercepted from user accounts and transferred to six different countries. The bank managed to recover most of the funds.

5.Recent Data Breach (2020):


In March 2020, Foodmandu, an e-commerce firm providing food delivery services in Kathmandu, experienced a data breach. Hackers leaked a database containing over 50,000 user records, including personal details, addresses, emails, and phone numbers.

6.Hacking of the President’s Official Website (2021):

In 2021, the official website of Nepal’s President was hacked. The breach exposed security gaps and emphasized the importance of safeguarding government websites.

7.Massive Cyber Attack on Government Websites 2023:

In a remarkable and alarming incident, around 3,500 government websites hosted at the National Information Technology Center—Nepal’s exclusive data center—were simultaneously compromised. This cyber onslaught underscored the critical necessity for enhanced cybersecurity protocols to safeguard sensitive digital infrastructure. The attack disrupted essential services, prompting urgent remediation efforts by authorities. 

8.Nepal Rastra Bank Source code,Data available in Dark  Web

In 2024 The Nepal Rastra Bank (NRB), Nepal’s central bank, faced a significant security breach when sensitive data became available on the Dark Web. This incident, known as NepaLeaks, exposed confidential financial records and raised serious concerns about cybersecurity and data protection. The information and data sell on 14 lakhs nepalese rupees.the leak highlighted the urgent need for robust measures to safeguard critical financial information and prevent unauthorized access. Authorities and financial institutions must remain vigilant to prevent such breaches in the future


Previous Post Next Post