Cyber Incident Victim: Nepal
Date:
Jan 2023
Location:
Nepal
Summary
A distributed denial-of-service attack targeted Nepal's central government data infrastructure, overwhelming servers at the Government Integrated Data Centre and knocking over 400 official websites offline for several hours. The disruption severely impacted immigration operations at Kathmandu airport, forcing manual processing of visas and passport checks that caused extensive passenger queues and delayed international flights. While no data breaches occurred, critical services including passport verification, permit systems, and ministerial portals became inaccessible until technicians isolated the mainframe from foreign access. The incident exposed systemic vulnerabilities in national digital infrastructure, prompting an official investigation into security weaknesses while highlighting potential risks to both service continuity and sensitive personal data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Saturday, 28 January 2023, a Distributed Denial of Service (DDoS) attack targeted Nepal’s Government Integrated Data Centre (GIDC), disrupting over 400 government websites under the gov.np domain for at least four hours starting at noon. The attack overwhelmed servers at the National Information Technology Centre (NITC)-managed facility in Singha Darbar, Kathmandu, triggering automatic shutdowns that knocked out critical systems including the Department of Immigration’s passport and visa databases. While government offices were closed due to the holiday, the most severe operational impact occurred at Tribhuvan International Airport, where immigration consoles and visa machines became inoperable. Immigration staff resorted to manual processing of arrivals and departures using paper ledgers, causing chaotic queues in both arrival and departure halls. International flights to destinations including Delhi, Mumbai, Bangalore, Kuala Lumpur, and Doha experienced delays of up to three hours due to processing backlogs, though domestic flights remained unaffected. The GIDC technicians restored services by isolating the mainframe from foreign access, but flight disruptions persisted into the evening.
The incident marked the longest and most severe disruption to Nepal’s central government data infrastructure, though NITC confirmed no data compromise occurred. Affected systems included not only immigration controls but also the Prime Minister’s Office and multiple ministry websites, raising concerns about future attacks compromising national security or personal data. The NITC initiated an investigation to identify system vulnerabilities that permitted the attack, attributing the outage to intentionally generated fake traffic that exceeded server capacity. The disruption prevented all standard digital functions: Nepali travelers could not have passports scanned or permits verified, while foreign arrivals lacked automated e-visa validation, Interpol vetting, or visa-on-arrival processing. Despite service restoration, the event exposed systemic vulnerabilities in Nepal’s centralized digital infrastructure and its critical dependence on the GIDC’s single data repository for government operations.