Official Website of Nepal Valuers Association Hacked by #HACKMANDU

Butwal, The official website of the Nepal Valuers Association (NVA), www.nepalvaluers.org, has been compromised in a significant cybersecurity breach, with the hacking attributed to a group or individual identified by the hashtag “#HACKMANDU.” The message, accompanied by an illustration labeled “Ma Jholey” and imagery of protest, suggests the hackers accessed and altered the site to highlight their grievance against perceived censorship. The breach potentially disrupted access to critical resources for the NVA’s approximately 900 institutional members, who rely on the platform for professional valuation standards and communication. The exact scope of the compromise whether limited to defacement or extending to data theft remains undetermined, underscoring the need for a detailed forensic analysis.

When

The hacking incident was brought to public attention through by “TECH AWARE NEPAL,” with the timestamp indicating early 2025, aligning with the current date of July 24, 2025. The message within the image references an ongoing demand to unban Telegram, a platform that has faced restrictions in Nepal, suggesting the attack may have occurred in response to recent policy actions or enforcement efforts. This event follows a historical pattern of cyberattacks in Nepal, including the 2017 breach of 58 government websites by “Paradox Cyber Ghost” and the 2020 defacement of the Civil Aviation Authority of Nepal’s website by Indian hackers. The timing of this incident, occurring amidst a surge in cyber vulnerabilities, amplifies its significance.

What This Incident Means

The hacking of the NVA website by the “#HACKMANDU” group represents a deliberate act of digital protest, likely motivated by opposition to the Nepalese government’s censorship policies, particularly the ban on Telegram. This breach undermines the NVA’s operational integrity, as the website serves as a vital hub for the valuation profession, potentially exposing member data to risk. The accompanying message threatens further disruption, indicating a coordinated effort to pressure authorities, which could escalate into a broader cyber campaign if demands are unmet. This incident exposes systemic weaknesses in Nepal’s cybersecurity infrastructure, where over 80% of websites are vulnerable to attacks, as reported in recent analyses of SQL injection and DDoS vulnerabilities. The involvement of a group using a hashtag suggests a collective or symbolic identity, possibly linked to hacktivist movements, though no definitive evidence confirms their origin or membership.

The breach also raises concerns about the safety of sensitive professional data, which could be exploited for fraud or identity theft, especially given the 63% increase in cyber-enabled fraud cases in Nepal during the first five months of 2024. For the NVA, a member of the International Valuation Standards Council, this incident jeopardizes its credibility and necessitates immediate action to restore trust. The lack of a robust national response framework, as evidenced by past incidents where police investigations were delayed due to absent complaints, highlights the urgency for the Nepal Police’s Cyber Crime Investigation Bureau to initiate a proactive inquiry. This should include identifying the attackers, assessing data compromise, and collaborating with international cybersecurity experts to address potential foreign involvement, given Nepal’s history of cross-border hacking disputes.

Broader Implications and Response

This incident is not an isolated event but part of a recurring trend of cyberattacks targeting Nepali institutions, often driven by political or ideological motives. The “#HACKMANDU” claim aligns with previous hacktivist actions, such as those by “@satan_cyber_god” in 2020, which exposed vulnerabilities in government and private sector websites. The use of defacement as a tool to draw attention to censorship issues mirrors tactics employed during the 2020 India-Nepal border dispute cyberattacks, where websites were altered to send political messages. However, the focus on Telegram suggests a domestic agenda, potentially involving Nepali or diaspora hackers leveraging global platforms to amplify their cause.

The NVA must respond decisively by suspending the website to prevent further unauthorized access, engaging cybersecurity professionals to restore and secure the platform, and notifying members of the breach while advising them to monitor their data. The government should treat this as a wake-up call to strengthen national cybersecurity policies, investing in infrastructure upgrades and public awareness campaigns. The Nepal Police’s Central Investigation Bureau, with its experience in cybercrime cases, should lead the investigation, exploring whether “#HACKMANDU” operates as a standalone entity or connects to known groups like “Paradox Cyber Ghost” or international actors. Collaboration with telecom regulators and international partners could provide insights into the attack’s origin and prevent retaliatory strikes.

The hacking of the Nepal Valuers Association’s website by the “#HACKMANDU” group marks a significant cybersecurity challenge, blending protest with technical exploitation. Occurring in early 2025, this incident underscores the vulnerability of Nepali digital assets and the growing boldness of hacktivist groups. Its implications extend beyond the NVA, signaling a need for enhanced security measures and a coordinated national response to protect professional and governmental institutions. A thorough investigation is essential to uncover the perpetrators, mitigate risks, and restore confidence in Nepal’s digital ecosystem. Failure to address this breach promptly may invite further attacks, further eroding the nation’s cybersecurity posture in an increasingly interconnected world.