Cyber Incident Victim: National Informatics Centre

A cyber security breach occurred at India's National Informatics Centre (NIC) on September 19, 2020, involving malware that compromised approximately 100 computers. The NIC, operating under the Ministry of Electronics and Information Technology (MeitY), serves as the government’s nodal agency for securing critical cyber infrastructure and implementing national e-governance projects. An employee at MeitY reported being unable to access his email and noted suspicious activity, prompting an internal investigation. Authorities discovered that multiple systems across the NIC’s network had been affected after users clicked on a malicious email. The malware’s origin was traced to an IT company based in Bengaluru. Delhi Police’s Special Cell registered a case under the Information Technology Act and initiated an investigation, with preliminary findings confirming the email as the attack vector.

This incident marked the second major cyber attack on Indian government infrastructure within a month, following an August 2020 Maze ransomware attack on the National Highways Authority of India (NHAI) that crippled systems for 48 hours. The NHAI breach had involved compromised Windows Active Directory, mail servers, and antivirus servers, with unauthorized logins linked to IP addresses in Taiwan and Hong Kong. The NIC breach raised heightened concerns due to the compromised systems’ storage of sensitive data related to national security, citizen records, and communications involving high-ranking officials including the Prime Minister and National Security Advisor. Central agencies were already on high alert amid geopolitical tensions and recent reports of Chinese espionage targeting Indian leadership. Forensic analysis indicated the Bengaluru-originating malware exploited user interaction with the malicious email, though specific technical details of the malware family or data exfiltration were not publicly disclosed in initial reports.