Cyber Incident Victim: Mercantile Communications Pvt Ltd
Date:
Feb 2014
Location:
Nepal
Summary
A Turkish hacker group known as Ajan breached a major Nepali internet service provider, compromising internal systems and leaking database structures along with over 100 employee records containing names and email addresses. The attackers claimed to have accessed additional sensitive data, including phone numbers and physical addresses, but withheld it to protect individual privacy, stating the breach was primarily to announce their resurgence. The group declared intentions to shift focus toward government targets in the US, Israel, and China, citing political and religious grievances against these nations. The victim organization did not publicly respond to requests for comment regarding the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In February 2014, Turkish hacker collective Ajan announced its return to cyber operations by breaching Mercantile Communications Pvt Ltd, a major internet service provider based in Nepal. The attackers infiltrated the company's systems and exfiltrated database structure information alongside over 100 employee records containing names and email addresses. While claiming to have accessed additional sensitive data including phone numbers and physical addresses, the group selectively leaked only partial datasets, citing privacy concerns for affected individuals as justification for withholding the full cache. No technical details regarding exploitation methods or duration of system access were disclosed by the perpetrators. The breach represented Ajan's first publicly claimed operation of the year, continuing their pattern of targeting commercial entities. Mercantile Communications, operating under the domain mos.com.np, did not issue immediate public statements regarding the intrusion's validity or scope when contacted by journalists.
Ajan representatives characterized the attack as opportunistic rather than ideologically motivated against Nepal specifically, framing it primarily as a symbolic resurgence announcement. However, the group outlined forthcoming operational shifts toward targeting government infrastructure in the United States, Israel, and China. They justified these declared intentions by accusing the US of being a "terrorist country" opposed to Islam, while condemning China and Israel for alleged persecution of Muslim populations. No specific timeline, target lists, or attack methodologies accompanied these geopolitical threats. The Mercantile breach demonstrated Ajan's continued focus on data exfiltration and selective disclosure tactics, though the limited record count suggested either constrained access or deliberate leak curation. The incident exposed operational vulnerabilities within a critical regional communications provider while highlighting the group's evolving targeting rationale blending publicity stunts with stated political grievances.