Dec 23, 2023

Nepal Government Web Server Used as Cyber Criminals Command and Control Server

In a critical revelation, the analysis underscores a pressing concern involving the Nepal Government’s web server. Disturbingly, our findings indicate that this official web infrastructure has been exploited as a CNC server by malicious actors. The gravity of the situation becomes evident with the identification of over 2000 malicious files engaged in communication with the IP address hosting the compromised web server. What sets this analysis apart is the revelation that numerous official government websites are now flagged as malicious. This abrupt transformation of legitimate government platforms into potential vectors for cyber threats demands urgent attention and decisive action.
The single largest takeaway from this analysis is the alarming convergence of government infrastructure with malicious activities. The new information at hand not only exposes a vulnerability at the heart of Nepal’s digital presence but also signals a potential threat to national security and data integrity. The audience must comprehend the gravity of this situation, as the compromise of government sites not only jeopardizes sensitive information but also undermines public trust in online government services.

Key Takeaways:

  1. A staggering count of nearly 3000 malicious files is actively communicating with the server’s IP address.
  2. A concerning number of official sites have been identified and flagged as either malicious or phishing entities.
  3. The server has recently been exploited by Agent Tesla for Command and Control (CNC).
  4. The malicious files engaging with the IP address of the webserver are linked to the malware families: sality, gen2, and kuku.

Please find more detail in our advisory report.

It is important to remember that the cyber adversaries behind these attacks are likely to constantly evolve their methods, tools, and techniques to evade detection and continue to be successful. Therefore, organizations and individuals must stay informed about the latest tactics, techniques, and procedures (TTPs) and take proactive steps to protect themselves.