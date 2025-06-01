Srinagar: Just two days before major cyber attacks across the country, Kashmir’s Power utility completed migration to a secure Cloud platform, denying hackers access to confidential data of over a million consumers. Hackers struck Kashmir Power Development Corporation (KPDCL) alongside several other official websites in the middle of the night on May 7, said a senior government official, leaving the website ‘defaced’.

"The website was defaced with a message, and the incident was reported to the Cyber Police. The website was pulled down, but the damage assessment showed no compromise on consumer data or the billing Application,” said the official. The utility, according to a senior engineer, had moved consumer data and payment platforms of over 12 lakh power consumers to cloud technology in September last year.

“But the process was left incomplete as historic data of consumers was yet to be moved to the Cloud until May 4 due to the closing of fiscal and other official priorities,” he added. "The historical data includes settlement and dispute issues for each consumer. Consumers would not have been able to retrieve their past data of 10 years or more if the migration of data had not happened between May 1 and 4.”

KPDCL Chief Executive Officer (CEO) Engineer Shabir Ahmad Khan, who oversees the Information Technology and Communication (ICT), revealed that the data was not compromised and the services were restored within 10 days.

“Soon after the attack, our billing and consumer service platforms were audited by CERT-certified engineers. The goal was not revenue but the safety of consumers and their data,” he told ETV Bharat.

“The consumer user base was intact. Otherwise, we couldn’t have made a comeback within 10 days. Had we not moved to cloud technology, it would have taken more time with apprehension on theft of data.”

The CERT issued an advisory for a security audit of systems following the cyber-attack, and subsequently power utility enhanced the security features of the billing Applications. This includes replacing the authentication process with a more secure six-digit verification.

“The aim is to secure consumer data and payment security for the future. The audit report evaluated the vulnerabilities, and we are again live with over 1.5 lakh consumers registered on the billing Application so far,” Khan added.

But, the website of the corporation, alongside several others, is still offline after the Jammu and Kashmir government asked departments to shut down all their privately hosted and unauthorised departmental websites after the barrage of cyberattacks. An official order from the Jammu & Kashmir general administration department asked all government departments to migrate to the government domain for a "secure, standardised and policy-compliant digital and IT environment”.

About seven Advanced Persistent Threats (APTs) were identified for 15 lakh cyber attacks targeting critical infrastructure websites across the country by the Maharashtra Cyber Department during heightened tensions between India and Pakistan following 'Operation Sindoor' in retaliation against the Pahalgam terror attack, resulting in the killing of 26 people on April 22. But of them, officials said, a mere 0.01 per cent of incursions were successful with attacks originating from Pakistan, Bangladesh, Indonesia and the Middle East.

The failure of these attacks is attributed to alerts and advisories, including one from the Indian Ministry of Electronics and Information Technology (MeitY) to netizens about possible cyber attacks following Indian military strikes on terror camps of Lashkar-e-Toiba and Jaish-e-Mohammad in Pakistan.

“Following the initiation of 'Operation Sindoor' on May 7, a surge in hacktivist activities was observed, including coordinated defacements, data leaks and disruptive cyber campaigns,” reported Seqrite Labs, India’s largest Malware Analysis Lab. It identified multiple cyber events involving state-sponsored APT activity and coordinated hacktivist operations with tactics, including spear phishing, deployment of malicious scripts, website defacements and unauthorised data leaks.

In Kashmir, the cyber attack left the entire team of engineers scrambling for the restoration of the public service application, said Sheikh Ibad, who is an assistant engineer, network and security at the KPDC, describing the first 48 hours as challenging, prompting them to scan the entire network.

“We followed the protocol and isolated the threat,” he said. The CERT or the Indian Computer Emergency Response Team is the nodal agency of the Central government that issues advisories and protocols to public entities on cybersecurity.

“The main website was compromised, and we established a perimeter to block external access to our systems. All 200 machines were scanned, and the patches were updated across devices for security. We could have restored the Application quickly, but we followed protocol, including getting a security audit of the entire network,” said Engineer Sheikh.

