Pakistan-Linked Hackers Deface Meerut Development Authority Website; Portal Restored After Cyberattack

MEERUT,India
The website belonging to the Meerut Development Authority (MDA) in Meerut has been defaced recently following an attack by some anonymous threat actors that resulted in the defacement of the government-run website with anti-India and pro-Pakistan messages.
Those attempting to visit the MDA website recently were met with a black screen with political slogans, instead of visiting the normal interface of the website offering services like construction approval, announcements, etc. The attackers have also revealed their identity through the defacement of the site, with "Overthrush1337" being the name used by them.
This is obviously a typical case of website defacement in which the attackers gain access to the web server and deface it to make changes to the content available on the website.
Attack Timeline
Initial Compromise and Defacement of Website
Based on preliminary reports, it appears that the hackers could have taken advantage of an unpatched vulnerability or poor admin credentials in order to access the server. Once gaining access, the hackers proceeded to deface the homepage of the website with messages that were politically motivated and seen by all visitors.
Website Off the Air
As soon as the defacement was noticed on Saturday, MDA took down the website off the air to begin containment and remediation processes.
Cyber Crime Case Registered with Police
Later in the day, Superintendent of Police (City) Vinayak Gopal Bhosale revealed that the police were aware of the cyber attack. The relevant provisions under the Information Technology (IT) Act have been filed for the crime.
Digital Forensics Investigation Ongoing
A digital forensics investigation will be carried out by forensic experts who will analyze server logs and other forms of digital evidence to find out the entry point, IoCs, and if any government or citizens’ sensitive information was accessed by the attackers.
Website Restoration
Following completion of the containment steps and security checks, the MDA’s IT staff managed to restore its website at the beginning of the early morning of Monday. Although public services have since then resumed operation, the forensic examination and the criminal investigation continues in order to find out the exact magnitude of the case.
Data Exposure Not Yet Established
As of the moment of writing, no confirmation about citizen records or other government databases having been compromised is known. As part of the forensic examination, it will be decided if the defacement was merely cosmetic or if there had been some deeper unauthorized access.
Website defacements against government websites are normally considered an act of cyber propaganda; however, cybersecurity professionals warn that this type of attack should never be underestimated because it may expose vulnerabilities in system security. Specialists advise conducting forensic examinations, rotating credentials, remediating vulnerabilities, and monitoring the system for possible backdoor access after such cases happen.
Despite the restoration of the MDA website, the investigation into the breach is still underway and new security measures are expected to be implemented to protect the website from further cyberattacks.