A threat actor on the dark web forum Ghudra has claimed possession of a database backup allegedly sourced from Nepal’s Office of the Prime Minister and Council of Ministers, containing 100,000 rows of user data.
The dataset is being sold for $1,000, with “live shell access” — enabling direct remote control of systems — priced at $1,300.
This incident raises urgent concerns about cybersecurity vulnerabilities in Nepal’s government infrastructure, echoing recent cyberattacks and longstanding transparency disputes.
The threat actor, operating under the pseudonym ShadowLeak, advertised the database on Ghudra, a forum notorious for trading stolen data.
The listing includes personally identifiable information (PII), potentially encompassing names, contact details, and administrative records.
Live shell access suggests attackers exploited vulnerabilities like SQL injection or privilege escalation to gain persistent access to government servers.
This breach follows a pattern of cyber attacks on Nepali institutions. In March 2025, a distributed denial-of-service (DDoS) attack crippled over 400 government websites, including immigration systems at Kathmandu Airport.
Earlier breaches, such as the 2020 Vianet Communications hack exposing 160,000 customers’ data, underscore systemic weaknesses in Nepal’s cybersecurity defenses.
Cybersecurity Implications and Government Responses
The alleged breach highlights critical gaps in database security, including insufficient encryption, access controls, and auditing mechanisms.
Nepal’s National Cyber Security Centre (NCSC) issued a 102-point advisory in January 2025 mandating regular software updates, multi-factor authentication (MFA), and network segmentation for government systems.
However, compliance remains inconsistent, as seen in the delayed disclosures of officials’ asset details under Prime Minister KP Sharma Oli’s administration.
Madan Krishna Sharma of Transparency International Nepal criticized the government’s opacity, stating: “Refusing to disclose property details or secure databases reflects a lack of accountability, enabling corruption and cybercrime”.
The NCSC has yet to confirm the breach but emphasized efforts to strengthen defenses, including appointing focal persons for incident reporting and conducting security audits.
Technical Vulnerabilities and Mitigation Strategies
- Attack Vectors: The breach likely involved credential stuffing or phishing to bypass authentication, followed by lateral movement within the network.
- Data Exfiltration: Attackers may have used DNS tunneling or encrypted protocols to evade detection while transferring data.
- Recommendations:
- Implement end-to-end encryption for sensitive databases.
- Enforce zero-trust architecture to limit lateral access.
- Conduct penetration testing and dark web monitoring to identify leaks proactively.
This incident serves as a stark reminder of Nepal’s escalating cyber risks.
With critical systems repeatedly targeted, experts urge the swift adoption of the NCSC’s guidelines and international collaboration to combat advanced persistent threats (APTs).
As digital transformation accelerates, robust cybersecurity frameworks are indispensable to safeguarding national integrity and public trust.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The dataset is being sold for $1,000, with “live shell access” — enabling direct remote control of systems — priced at $1,300.){kind=link}