A hacker group has claimed to have hacked the “Hello Sarkar” website under the Prime Minister’s Office in Nepal. The group, called “Ghudra,” posted about the hack on the breach forum, a platform where data is bought and sold.
The Hacker Group and Its Connections The Ghudra group claims to be part of the “Fancy Bears APT 28” group, which is believed to have ties with the Russian military intelligence. This group is known for stealing sensitive data and installing harmful software on devices, with a focus on government offices.
The Hacker’s Statement The hacker posted that the Nepalese government refused to contact them, forcing them to sell the stolen data. They also shared a screenshot of the “Hello Sarkar” system’s file manager, showing a link to the website’s system. The screenshot indicates access to security settings, file management, and other system options.
Details of the Stolen Data The hacker claims to have backup copies of all the stolen databases. The screenshot shows that the system had 49.98 GB of storage, with 8.32 GB remaining. The hacker also mentioned having access to usernames, encrypted passwords, mobile numbers, and account creation dates. A Pastebin link was shared, which contained sensitive information like names, numbers, emails, and passwords.
Attempts to Verify the Data Tech experts tried to verify the accounts listed in the data. Of the 17 accounts they contacted, most confirmed their names and numbers but denied any knowledge of the associated email addresses or complaints. The email addresses seemed to belong to administrative heads in local municipalities.
Official Response Attempts to reach “Hello Sarkar” for a statement have been unsuccessful. Cybersecurity experts believe the data could be real, though it is still unclear whether the hacker actually has data from 100,000 users.
Sale of Stolen Data on the Dark Web The hacker also shared a link to a Telegram channel, claiming to have access to the data from the Prime Minister’s Office. The price for this data is listed as $1,000 (about 13 lakh Nepali Rupees), while a live shell access can be purchased for $1,300.
System Down Since February 27 Since February 27, the “Hello Sarkar” website has been down. The government confirmed this via social media but has not disclosed the cause of the website’s shutdown.
