Top Hacking Incidents in Nepal (2015-2025)
Nepal has witnessed a significant rise in cyberattacks over the past decade, targeting government institutions, financial systems, and private companies. This comprehensive timeline explores major hacking incidents that have exposed vulnerabilities in Nepal’s cybersecurity landscape.
Table of Contents [Hide]
- Introduction
- 2015: Hacking of Presidential Website
- 2017: Massive Government Website Breaches
- 2019: ATM Cash-Out Attack
- 2020: Data Breaches in Private Companies
- NIC Asia Bank SWIFT Server Hack
- 2023: Government Server Attack
- 2024: Tribhuvan University Website Hack
- 2024: Engineering Students Data Leak
- 2024: Nepal Rastra Bank Data Sold on Dark Web
- Recurring Issues and Lessons Learned
- Conclusion
Introduction to Nepal’s Cybersecurity Landscape
As digital transformation accelerates across Nepal, the country has become an increasingly attractive target for cybercriminals. From sophisticated attacks on government infrastructure to data breaches affecting thousands of citizens, Nepal’s journey through the digital age has been marked by significant security challenges. This timeline examines the most impactful cybersecurity incidents that have shaped Nepal’s digital security posture over the past decade.
Hacking of Presidential Website
In what marked one of the earliest high-profile cyberattacks in the country, hackers successfully breached the official website of the President of Nepal. This incident served as an early warning sign of vulnerabilities in government systems and highlighted the emerging threat landscape facing Nepal’s digital infrastructure.
58 Government Websites Hacked
A group identifying themselves as “Paradox Cyber Ghost” orchestrated a massive breach, successfully hacking 58 government websites, including critical infrastructure like the Ministry of Defence and the Office of the Auditor General. The hackers claimed they breached all sites in just three minutes, demonstrating serious security gaps in government servers. Remarkably, the group stated they were merely “testing vulnerabilities” rather than engaging in malicious activity.
19 Government Websites Breached
Just four months after the massive July breach, a supposed Palestinian hacker group called “Hacker CWNE” targeted 19 additional government websites. Among the compromised sites were the Ministry of Physical Infrastructure and Transport and the Nepal Seismological Centre. This second major attack within the same year raised serious concerns about recurring vulnerabilities and the government’s ability to secure its digital assets.
ATM Cash-Out Attack
In a sophisticated operation, hackers conducted a coordinated ATM cash-out attack using cloned debit cards across Nepal. Five Chinese nationals were arrested for stealing approximately NPR 34.5 million (roughly USD 290,000) from ATMs across Nepal and India. The attackers exploited vulnerabilities in Nepal Electronic Payment Systems (NEPS), the interconnection system that links multiple banks for card transactions. This incident exposed critical weaknesses in Nepal’s financial infrastructure.
Foodmandu Data Breach
In a significant breach affecting the private sector, hackers leaked personal data of approximately 50,000 users from Foodmandu, Nepal’s popular food delivery platform. The stolen information included sensitive data such as names, addresses, phone numbers, and even GPS coordinates of customers. This marked one of the first major data breaches targeting Nepal’s growing e-commerce sector.
Vianet Customer Data Breach
Shortly after the Foodmandu incident, personal details of around 170,000 customers of Vianet, one of Nepal’s leading internet service providers, were leaked online. The breach included sensitive personal information such as names, email addresses, phone numbers, and addresses. This incident raised serious questions about data protection practices in Nepal’s private sector and highlighted the growing vulnerability of consumer data.
NIC Asia Bank SWIFT Server Hack
During the Tihar festival, NIC Asia Bank’s SWIFT server (the international banking transfer system) was compromised, allowing hackers to initiate fraudulent transactions to six countries, including Japan and the United Kingdom. While the bank managed to recover most of the funds, approximately NPR 60 million (roughly USD 500,000) was permanently lost to the attackers. Investigations revealed that internal security lapses, including poor access controls and inadequate monitoring, significantly contributed to this breach.
Government Integrated Data Centre Attack
In one of the most severe cyberattacks targeting Nepal’s central infrastructure, the Government Integrated Data Centre (GIDC) suffered a massive Distributed Denial-of-Service (DDoS) attack that took over 400 government websites offline simultaneously. Critical services including immigration and passport databases were disrupted for hours, causing significant operational challenges. This coordinated attack exposed systemic weaknesses in Nepal’s core digital infrastructure and demonstrated the potential for widespread disruption from cybersecurity incidents.
Tribhuvan University Website Hack
In February 2024, Tribhuvan University (TU) faced a significant cybersecurity incident when its newly launched online services system was compromised. Just two days after the official launch on Magh 15, a 12th-grade student named Rohit Rokaya successfully hacked the Examination Control Office’s website. The breach occurred despite TU’s ambitious efforts to modernize its operations through the implementation of 11 online services. The hack disrupted essential administrative functions that served over two thousand students nationwide, forcing them to revert to traditional paper-based methods for transcript requests and certificate verifications. Despite assurances from university officials that critical student data remained secure, the prolonged downtime—lasting more than a week—raised serious concerns about data protection and the institution’s technical preparedness. This incident highlighted the substantial gap between TU’s digital modernization goals, which began with the “Examination Management Information System” initiative in 2075 BS, and its actual cybersecurity capabilities.
7,800 Engineering Students Data Leak
In a targeted attack against Nepal’s educational sector, personal data belonging to approximately 7,800 engineering students was exfiltrated and subsequently offered for sale on dark web forums. The compromised information included names, addresses, phone numbers, email addresses, enrollment numbers, and in some cases, scanned copies of identification documents. The breach was discovered when researchers monitoring dark web marketplaces found listings advertising the data for sale. This incident raised serious concerns about identity theft risks for the affected students.
Nepal Rastra Bank Data Sold on Dark Web
In what may be the most concerning financial sector breach to date, sensitive internal data from Nepal Rastra Bank (NRB), the country’s central banking institution, appeared for sale on dark web marketplaces. The leaked information reportedly included internal communications, regulatory documents, and limited financial data. While the NRB initially denied the breach, independent security researchers confirmed the authenticity of sample data being circulated. This incident raised significant concerns about potential impacts on Nepal’s financial stability and central banking operations.
Recurring Issues and Lessons Learned
An analysis of Nepal’s major cybersecurity incidents over the past decade reveals several recurring issues that have contributed to the country’s vulnerability:
Key Vulnerabilities in Nepal’s Cybersecurity Landscape
- Outdated Systems and Software: Many government and private organizations continue to operate without regular updates and patches, leaving known vulnerabilities unaddressed.
- Weak Authentication Practices: Simple passwords, lack of multi-factor authentication, and poor access controls are common across many organizations.
- Insufficient Security Audits: Regular penetration testing and security assessments are not standard practice in most Nepali organizations.
- Inadequate Investment in IT Security: Limited budgets for cybersecurity infrastructure and personnel have hampered effective defense mechanisms.
- Lack of Specialized Expertise: A shortage of trained cybersecurity professionals has left many organizations vulnerable.
Essential Security Measures
These incidents highlight several critical security practices that must be implemented:
- Implementation of robust encryption for sensitive data at rest and in transit
- Regular software updates and security patches for all systems
- Strengthened multi-factor authentication systems across all critical infrastructure
- Enhanced cybersecurity training and awareness programs for employees
- Development of comprehensive incident response plans
- Regular security audits and vulnerability assessments
Conclusion
The period from 2015 to 2025 has been marked by escalating cyber threats in Nepal. From government website breaches to financial frauds and private sector data leaks, these incidents underscore an urgent need for comprehensive cybersecurity reforms. As Nepal continues its digital transformation journey, the lessons learned from these breaches must inform a more robust approach to safeguarding digital assets in an increasingly interconnected world.
The recent attacks on educational institutions and financial systems demonstrate that cybercriminals are becoming more sophisticated in their targeting and methods. Without significant improvements in cybersecurity infrastructure and practices, Nepal remains vulnerable to potentially more damaging attacks in the future.
A Call to Action
For both public and private sectors in Nepal, these incidents should serve as a wake-up call. Investing in cybersecurity is no longer optional but essential for national security, economic stability, and protection of citizens’ privacy. As digital adoption accelerates across the country, so too must the commitment to securing Nepal’s digital frontier.
