Serial cyber threats on rise! Vianet, Mercantile, kathmanduexpress

In the previous post we have covered detail about the data breach of Foodmandu. Now, in this post we will cover the overview of threats imposed on Vianet, Kathmandu express, Mercantile communications. Lets discuss one by one.

1. Vianet attack:

Vianet Communications on April 8 have faced the data breach, a month later Foodmandu have faced the same case. Now Vianet got its 1.7 Lakh data breached and dumped where foodmandu case was 50K users.

In twitter, a handler “Narpichas“, have publicly shared the users data and shared the link of around 1.7 lakh users. The data consist of name, number, and address. The tweeter handler is given below.

According to Teklekh, they have crossed check the users data and they found legitimate. So, this was a similar attack as happened with Foodmandu. Both attacker have gained the users data aimed using the weaken loophole.

Later, Vianet communications have issued the notice on the same stating they have their system under control and urges the customer to join the team to cope the situation. Here is below details of the notice:

“Dear Valued Customers,

It is to acknowledge that Vianet Communications Pvt. Ltd. has detected a cyber incident on its customer’s information systems, which resulted in unauthorized access to some personal data; particularly Name, Location, Email Address, Phone number.

We have identified and fixed the source of the breach. Our technical team has taken appropriate and immediate actions to reinforce existing security measures and are monitoring our systems for any further possible vulnerabilities.

We are in contact with the Cyber Crime Bureau of Nepal Police and have sent a takedown request to relevant authorities where the data has been uploaded. This incident is being thoroughly investigated from the internal team, cybersecurity experts and the Bureau to mitigate its potential impacts and we hope to resolve it at the earliest.

In this difficult time, we seek your support and request our valued customers to kindly take the following precautions as a safety measure:

1. Please do not entertain calls or SMS from unknown numbers or answer non-verified or suspicious emails. Please do not give out your private information to such sources.
2. If you receive any calls on behalf of Vianet, please ensure the call is coming from any one of the following verified numbers before answering our calls:
   • 9801046410
   • 01-5970444, or
   • 01-4217555 We request our customers to kindly save these numbers to easily verify calls from Vianet.
3. If you receive any emails on behalf of Vianet, please ensure it has the official domain “@vianet.com.np”. Kindly do not open or reply to any suspicious emails.
4. Please reach out to us if you have any issues using the following means:
   • Call Centre: 01-5970444, 9801046410
   • Facebook Chat Support: fb.com/vianetnepal
   • Email: customercare@vianet.com.np

Please accept our deepest apologies for the worry and inconvenience that this criminal activity has caused. We understand the severity of the situation are working relentlessly to get to the bottom of this and make things right. We will update as soon as there are any significant developments on this case.

Binay Bohra
Managing Director
Vianet Communications Pvt. Ltd.”

So the access of data due to weak security have lead to violates the users confidentiality.

Read Also: China installed 5G in Everest !

2. Kathmanduexpress wesbite access and deletion of news:

Siran tech, a sister company of F1 soft, a popular brand behind Esewa, have allegedly logged into the kathmandu express website and delete the news. Kathmanduexress website was made by siran tech. Kathmandu express have published the news stating Agsar Ali, the startup team member of Esewa, that he have been indirectly involved during the procurement of health materials from china for covid-19.

According to news portal, kathmanduexpress, esewa team members have repeatedly forced to delete the news. But despite of their force, they haven’t delete. Later, the siran tech tech team have gained the website under their control and delete the news which was against the Esewa and Agsar Ali. Later, siran tech accepted the unauthorized access and deletion of news.

This, incident have burn out the market creating a next level thinking towards user data security. People were against the F1 soft and it has been the number 1 software company for handling banking apps of majority of commercial banks. So people were worried about their banking information which could be catastrophic in gone to negative hand and negative minded people.

3. Mercantile Communications attack:

A group of hackers have managed to gain unauthorized access to the dot np (.np) domain of Mercantile Communications Pvt Ltd.

According to Mercantile, which provides the .np domain, the hackers had informed the company that they had managed to access the domain server on Monday night 13th April. “The majority of data in this server is public information available via the ‘whois’ query. Our preliminary investigations suggest that all other .np domain services remain uncompromised,” it said in a press statement.

After this incident, company have temporarily stopped to register the new domain.

A twitter handler”satan” have warned and get into the mercantile database. From this, we can say that our tech firms are not really caring our data and security.

Similar warnings have been given by the tweeter handler to other tech firm including prabhu money transfer, government website, daraz nepal, kantipur publication, national museum website and many more.

From all the scenario above, we can say that our national security defense towards cyber threats is very poor. Any new bi can easily get access to the sensitive data and exploit it for their need. So the strict control measure should be immediately implement to cope such security threats.