Nagpur Municipal Corporation Targeted in Massive Cyberattack
On October 28, the Nagpur Municipal Corporation (NMC) faced a coordinated cyberattack, with over 2,000 intrusion attempts detected within 24 hours. The assault primarily targeted NMC’s web servers, which host critical public services including property tax payments, water bill processing, birth and death certificates, and grievance redressal systems via its official website (nmcnagpur.gov.in) and the My Nagpur app.
Firewall logs from NMC’s XGS138 system revealed that 1,068 attacks were classified as major and 907 as critical, indicating a sustained and organized effort to exploit vulnerabilities. Among the most frequent attempts were 838 probes targeting the /etc/passwd file, which stores encrypted user credentials, and 111 exploits leveraging the Apache Log4j vulnerability, a known flaw allowing remote server control. Additional attacks focused on Atlassian Confluence and Sonatype Nexus, platforms used for document and content management.
Cybersecurity analysts identified the attack as a botnet-driven reconnaissance campaign, likely testing NMC’s defenses for weaknesses. Two foreign IP addresses 104.248.99.110 and 167.99.28.249, traced to servers in Singapore were responsible for nearly all malicious traffic. While NMC’s intrusion prevention system blocked the attacks, experts warn that this may be a precursor to more sophisticated breaches.
A successful compromise could expose sensitive data, including property records, tax receipts, employee information, and internal communications. Disruptions to NMC’s digital services could also paralyze online grievance systems, permit applications, and sanitation dashboards, affecting hundreds of thousands of citizens.
In response, NMC plans a comprehensive IT security audit, covering in-house systems, hardware, and third-party service providers. The audit will focus on identifying vulnerabilities, ensuring timely patching, and strengthening monitoring mechanisms to prevent future breaches. The incident highlights the growing cyber threats to public-sector digital infrastructure, where poorly secured systems risk severe operational and data security consequences.
Orange City Water - Nagpur Municipal Corporation (NMC) cybersecurity rating report: https://www.rankiteo.com/company/orange-city-water-nagpur-municipal-corporation-nmc
"id": "ORA1774722280",
"linkid": "orange-city-water-nagpur-municipal-corporation-nmc",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': 'Hundreds of thousands of '
'citizens',
'industry': 'Public Sector/Government Services',
'location': 'Nagpur, India',
'name': 'Nagpur Municipal Corporation (NMC)',
'type': 'Government/Municipal Corporation'}],
'attack_vector': ['Botnet-driven intrusion attempts',
'Exploitation of known vulnerabilities'],
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Property records',
'Tax receipts',
'Employee information',
'Internal communications']},
'date_detected': '2023-10-28',
'description': 'On October 28, the Nagpur Municipal Corporation (NMC) faced a '
'coordinated cyberattack, with over 2,000 intrusion attempts '
'detected within 24 hours. The assault primarily targeted '
'NMC’s web servers, which host critical public services '
'including property tax payments, water bill processing, birth '
'and death certificates, and grievance redressal systems via '
'its official website (nmcnagpur.gov.in) and the My Nagpur '
'app. Firewall logs revealed sustained and organized efforts '
'to exploit vulnerabilities, including probes targeting the '
'/etc/passwd file and exploits leveraging the Apache Log4j '
'vulnerability. The attack was identified as a botnet-driven '
'reconnaissance campaign, likely testing NMC’s defenses for '
'weaknesses.',
'impact': {'data_compromised': 'Sensitive data including property records, '
'tax receipts, employee information, and '
'internal communications at risk',
'identity_theft_risk': 'High (due to potential exposure of '
'personally identifiable information)',
'operational_impact': 'Potential paralysis of online grievance '
'systems, permit applications, and '
'sanitation dashboards',
'systems_affected': ['Web servers',
'Property tax payment systems',
'Water bill processing systems',
'Birth and death certificate systems',
'Grievance redressal systems',
'My Nagpur app']},
'lessons_learned': 'Growing cyber threats to public-sector digital '
'infrastructure, where poorly secured systems risk severe '
'operational and data security consequences',
'motivation': 'Reconnaissance (potential precursor to more sophisticated '
'breaches)',
'post_incident_analysis': {'corrective_actions': ['IT security audit',
'Vulnerability patching',
'Enhanced monitoring'],
'root_causes': ['Poorly secured systems',
'Known vulnerabilities (e.g., '
'Log4j)']},
'recommendations': ['Comprehensive IT security audit',
'Timely patching of vulnerabilities',
'Strengthening monitoring mechanisms'],
'references': [{'source': 'Incident description'}],
'response': {'containment_measures': 'Intrusion prevention system blocked '
'attacks',
'enhanced_monitoring': 'Strengthening monitoring mechanisms',
'remediation_measures': 'Planned comprehensive IT security '
'audit'},
'title': 'Nagpur Municipal Corporation Targeted in Massive Cyberattack',
'type': 'Cyberattack (Reconnaissance Campaign)',
'vulnerability_exploited': ['Apache Log4j vulnerability',
'Atlassian Confluence',
'Sonatype Nexus']}