Cyber Incident Victim: National Highway Authority of India

In August 2020, the National Highway Authority of India (NHAI) experienced a significant cyberattack involving Maze ransomware that infected multiple servers and personal computers. The attack resulted in a complete system shutdown lasting approximately 48 hours, severely disrupting operations. Attackers compromised NHAI's Windows Active Directory Server, gaining access to internal systems, mail servers, and antivirus infrastructure. Forensic analysis traced unauthorized login attempts to IP addresses originating from Taiwan and Hong Kong, though attribution remained unconfirmed. This incident occurred amid heightened geopolitical tensions along India's borders and followed reports of Chinese cyber espionage targeting Indian leadership. The breach represented a critical infrastructure compromise given NHAI's role in managing national transportation networks.

On September 19, 2020, a related cybersecurity breach was reported at the National Informatics Centre (NIC), the government agency responsible for securing India's critical cyber infrastructure under MeitY. Approximately 100 NIC computers were infected by malware delivered through a malicious email traced to an IT company in Bengaluru. An employee's inability to access email triggered the discovery, revealing widespread system compromises when users interacted with the suspicious message. NIC systems contained sensitive data regarding national security, citizen records, and communications of high-ranking officials including the Prime Minister. The Delhi Police Special Cell registered a case under the IT Act and initiated an investigation, marking the second major government network breach within a month. Both incidents demonstrated vulnerabilities in critical systems through email-based infiltration and network privilege escalation, though no explicit connection between the NHAI and NIC attacks was established in available reports.