Cyber Incident Victim: National Disaster Response Force

The official Twitter account of India's National Disaster Response Force (@NDRFHQ) was compromised on January 21, 2022, at approximately 10:45 PM local time. Attackers gained unauthorized access to the social media account, altering both the profile display name and photograph while posting unspecified random messages. The intrusion was detected in real-time by NDRF personnel monitoring the account. Technical experts from the disaster response organization initiated immediate containment measures, successfully restoring the original profile name and image within 2-3 minutes of the breach being identified. Despite this rapid partial remediation, Twitter's security systems independently detected anomalous activity and implemented platform-level protective actions by temporarily freezing account access. This protective measure by the social media company resulted in the temporary invisibility of all previously published NDRF content on the platform for several hours following the incident.

Full restoration of operational control to NDRF authorities occurred by 6:12 PM on January 22, 2022, when the verified account resumed normal operations by quote-tweeting a message from the National Disaster Management Authority (NDMA). Director General Atul Karwal confirmed the completion of restoration efforts and disclosed that the organization had formally reported the cybersecurity breach to the Delhi Police Cyber Cell for criminal investigation. The incident occurred three days after NDRF's 17th Raising Day anniversary commemorating its 2006 establishment as India's federal disaster response organization. As a direct consequence of the breach, NDRF leadership announced plans to conduct a comprehensive security audit of their digital assets to strengthen defenses against future cyber intrusions. No operational disruptions to physical disaster response capabilities were reported in connection with the social media compromise.