Cyber Incident Victim: Andhra Pradesh Mahesh Co-Operative Urban Bank

The Andra Pradesh Mahesh Co-Operative Urban Bank experienced a significant cybersecurity breach beginning on or around November 30, 2021, when attackers sent over 200 phishing emails to bank staff across a three-day period. At least one employee fell victim to the phishing campaign, resulting in the installation of a Remote Access Trojan (RAT) on the bank's systems. The attackers exploited the bank's inadequate security posture, which included no valid firewall license, absence of phishing protection tools, and lack of intrusion detection or prevention systems. Without virtual LAN segmentation, the RAT provided unrestricted access to the bank's network, including its core banking application. Compounding these vulnerabilities, the bank maintained ten super-user accounts—some with identical passwords—which the attackers compromised to access databases containing customer information such as account balances. The attackers then created new bank accounts and transferred customer funds into them, moving over $1 million to hundreds of accounts at Mahesh Bank and other financial institutions.

Hyderabad City Police intervened during the attack, freezing approximately $2 million in funds before they could be withdrawn. The attackers had already executed cash withdrawals from 938 ATMs across India using the stolen funds. Investigators attributed the bank's compromise to multiple security failures, including improper network infrastructure, no isolation between head office applications and branch systems, and insufficient staff training to recognize phishing attempts. The police report confirmed the attackers operated from outside India, with primary suspects likely based in the UK and Nigeria. Stolen funds were transferred to Nigeria through Hawala networks or cryptocurrencies. The incident exposed the bank's systemic security deficiencies while highlighting the operational impact of the breach across its 45 branches and nearly $400 million in deposits.