Cyber Incident Victim: Rajasthan Education Department
Date:
Apr 2025
Location:
India
Summary
The official portal of Rajasthan's Education Department was compromised in a cyber attack that altered its homepage to show inflammatory messages attributed to the group 'Pakistan Cyber Force,' including claims that the Pahalgam terror attack was an inside job and a false flag operation by the Indian government, as well as offensive remarks about the wife of a deceased lieutenant. Following the breach, the site was taken offline while the department's IT wing initiated recovery efforts, notified cybersecurity agencies, and launched an investigation to identify the perpetrators and assess any data loss, with officials stating that no sensitive data leak has been confirmed and a full system audit is underway. Cyber experts noted that the incident reflects a broader trend, estimating that over two million government‑linked pages nationwide and more than eight hundred thousand in Rajasthan alone have been hijacked by criminal actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The official portal of Rajasthan's Education Department was targeted in a cyber attack on Tuesday, 28 April 2025, when attackers gained unauthorized access and modified the homepage to display a series of inflammatory messages attributed to a group calling itself 'Pakistan Cyber Force.' One of the posted messages claimed that the Pahalgam terror attack was an internal 'inside job,' while another described the incident as a 'false flag by the Indian government, designed to incite conflict and religious division.' In addition to these political statements, the hackers posted offensive comments about Himanshi Narwal, the wife of the late Lieutenant Vinay Narwal, whose photograph sitting beside her husband’s mortal remains had been widely circulated on social media shortly before the breach. The defacement was detected soon after it appeared, prompting the department to take the website offline to prevent further dissemination of the content and to begin an initial assessment of the compromise.
Education Minister Madan Dilawar publicly condemned the attack and stated that the IT wing of the Education Department had been activated to manage the situation, confirming that the website had been temporarily shut down while recovery efforts were underway at a rapid pace. He added that cybersecurity agencies had been informed of the incident and that an investigation had been launched to identify the responsible group and assess the extent of any damage, including whether any sensitive data had been accessed or exfiltrated. The minister emphasized that, as of his statement, there was no confirmation of any sensitive data having been leaked, but that a comprehensive audit of all systems was being conducted to ensure the security and integrity of the department’s data. Recovery work involved restoring the portal from clean backups, applying additional security patches, and performing validation checks before the site could be returned to service.
Cyber security experts commenting on the incident noted that over two million pages linked to various state departments across the country have been hijacked by cybercriminals, with more than eight lakh such pages believed to be compromised in Rajasthan alone, including several from the Home Department and district‑level police units. They observed that cyber threats are becoming more sophisticated and frequent, and stressed the urgent need for robust digital security frameworks and better monitoring to protect government web infrastructure. The experts’ remarks were presented as a call for improved defenses, reflecting the broader concern raised by the breach of the Education Department portal and highlighting the scale of the challenge facing government digital assets.