Cyber Incident Victim: Tribhuvan International Airport
Date:
Jan 2023
Location:
Nepal
Summary
A cyberattack involving a Distributed Denial of Service (DDoS) targeted Nepal's Government Integrated Data Centre, disrupting over 400 government websites and critical systems at Tribhuvan International Airport. The attack overwhelmed servers, forcing immigration authorities to manually process visas and passports, leading to extensive passenger queues and delays for international flights. While no data was compromised, the incident caused operational chaos, particularly affecting visa verification, passport scanning, and Interpol database checks. The National Information Technology Centre mitigated the attack by isolating servers from foreign access but acknowledged systemic vulnerabilities. The outage also impacted other government portals, heightening concerns about future security risks and potential data breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 27, 2023, a Distributed Denial of Service (DDoS) attack targeted Nepal’s Government Integrated Data Centre (GIDC) starting at noon and lasting at least four hours. The attack overwhelmed servers at the National Information Technology Centre (NITC)-managed facility in Singha Darbar, Kathmandu, which hosts over 400 government websites under the gov.np domain. This caused widespread outages of government ministry websites and critical systems, including the Department of Immigration’s passport and visa databases. The disruption severely impacted operations at Tribhuvan International Airport, where immigration desks became inoperable due to the failure of visa machines, passport scanners, and Interpol vetting consoles. Immigration officials resorted to manual processing of arrivals and departures, recording data by hand in ledgers and issuing visas without digital verification. The resulting delays created chaotic queues in both arrival and departure areas, affecting multiple international flights to destinations including Delhi, Mumbai, Bangalore, Kuala Lumpur, and Doha, with delays extending up to three hours. Domestic flights remained unaffected. The backlog persisted into Saturday evening despite partial restoration of services after technicians isolated the GIDC mainframe from foreign access.
The NITC confirmed in a statement that the attack involved intentionally generated fake internet traffic that triggered automatic server shutdowns but asserted no data compromise occurred. A probe was launched to identify system vulnerabilities that enabled the incident. Broader consequences included the simultaneous downtime of the Prime Minister’s Office and other ministry websites, raising concerns about future attacks compromising national security or personal data. Critical services disrupted during the outage included passport verification for Nepalis traveling abroad, e-visa checks for foreigners, migrant worker permit validations, and real-time Interpol database screenings. The incident highlighted systemic risks to Nepal’s centralized digital infrastructure, as the GIDC had experienced prior breaches—though none as prolonged or operationally damaging. Flight schedules normalized gradually after systems resumed, but the manual processing bottleneck extended passenger wait times well beyond the attack’s technical resolution.