Cyber Incident Victim: Nepal

On February 8, 2014, the official website of Nepal’s Office of the President (presidentofnepal.gov.np) was compromised and defaced by multiple attackers. The initial breach was conducted by an Iranian hacker using the alias Dr.3v1l, who uploaded a defacement page to the specific subdirectory presidentofnepal.gov.np/banner. This attacker also extracted and publicly leaked administrator credentials from the website’s database, including usernames and passwords. Within 24 hours of this initial compromise, a second hacker originating from India exploited either the leaked credentials or an unidentified vulnerability to deface the website’s main homepage. Both defacements remained publicly visible for over 24 hours after the first attack, with the website still unremediated at the time of reporting.

The attacks displayed no overt political motivations, as neither hacker posted ideological statements or demands on the defaced pages. This suggested the intrusions were primarily executed to demonstrate technical capability rather than to advance a specific agenda. The Iranian hacker’s leak of administrative credentials indicated potential unauthorized database access, though the full scope of data exposure was not detailed in available reports. A mirror of the defacement was archived on the website zone-h.org, and additional visual documentation was referenced in a gallery accompanying source reporting. No information regarding official remediation efforts, forensic investigations, or broader organizational impacts was disclosed in the immediate aftermath.