Cyberattack On Uhbvnl Cripples Critical Electricity Services In Haryana, India

A targeted cyberattack disabled the official website of Uttar Haryana Bijli Vitran Nigam Limited (UHBVNL)—a major electricity distribution utility in India. The attack rendered core digital services, including new electricity connections, complaint registration, and bill payment portals inoperable. Over 50,000 consumers have been affected. The cybersecurity emergency response was activated, and recovery operations are ongoing.

Severity Level: High

INCIDENT OVERVIEW:

1. The cyberattack caused operational disruptions across several districts in Northern Haryana, highlighting the regional criticality of the incident.
2. While the exact infection vector remains unconfirmed, preliminary assessments suggest exploitation of vulnerabilities in UHBVNL’s public-facing web infrastructure.
3. The type of malware used in the attack remains unknown, as forensic teams are still investigating the breach. The threat actors behind the intrusion have not yet been identified, but the attack is believed to have been deliberate and coordinated.
4. The attack has severely impacted the digital infrastructure supporting UHBVNL’s consumer services, underlining the cyber risk faced by India’s public utility sector.
5. Although there is no confirmed data exfiltration, the attackers rendered UHBVNL’s website inoperative, disrupting key services such as bill payments, new connection processing, and complaint redressal.

LESSONS LEARNT:

1. Public utilities like power distribution systems are high-value targets. This attack demonstrates that cybersecurity must be as integral as physical infrastructure, with dedicated resources for monitoring, defense, and recovery.
2. The disruption of essential services to over 50,000 consumers highlight the need for business continuity planning (BCP). Offline fallback procedures, backup communication channels, and rapid recovery mechanisms must be predefined and tested.
3. The disruption occurred via the public-facing website, a common entry point. Many government utilities still lack robust patch management, secure coding practices, and regular vulnerability scanning.

Recommendations:

1. Isolate public-facing applications from core operational technology (OT) and internal services.
2. Conduct regular vulnerability assessments and penetration tests on all public-facing applications.
3. Use Web Application Firewalls (WAFs) to block SQL injection, XSS, & other application-layer attacks.
4. Disable unused web services & block direct access to administrative panels from the public internet.
5. Keep all systems patched and updated, especially critical CVEs affecting web servers, databases, and CMS platforms.
6. Maintain encrypted, offline backups and test disaster recovery scenarios regularly.
7. Establish RPO (Recovery Point Objective) and RTO (Recovery Time Objective) standards based on criticality of services.
8. Prepare public advisories in advance for cyber incidents to reduce panic and misinformation.
9. Use verified communication channels only and encourage citizens to ignore unofficial messages during outages.

Source:

• https://the420.in/haryana-power-utility-cyberattack-uhbvnl-website-down-electricity-services-hit

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.