HYDERABAD: Telangana witnessed at least 17,128 malware attacks per day through 2024, the attackers spared no one — from your nondescript homemaker to government websites.
The Telangana Cyber Threat Report-2025 — compiled by the Data Security Council of India (DSCI), in collaboration with Seqrite and released at the ongoing SHIELD-2025 cybersecurity conclave on Wednesday — says that 62,52,023 malware instances were detected in 2024 in the state. This is roughly 2% of the 36.9 crore detections in the country.
Being an IT hub, it’s no surprise that Hyderabad was the most affected city with 59,81,619 detections, followed by Khammam with 52,518, Warangal with 52,037 and Nizamabad with 28,049 detections.
However, what is surprising is that the targets included government websites such as the deputy chief minister’s portal. Shockingly, the hackers not only leaked the login credentials but also sensitive data.
Hackers put sensitive data in public domain
Malware is a term derived from “malicious software.” It’s a broad term for any harmful software that’s designed to damage or steal data from computers. Common types of malware include viruses, worms, Trojan viruses, spyware, adware, and ransomware.
Cyber threat actors operating through Telegram targeted various sectors, breaching data and disrupting operations. Some of the significant incidents include the February 19, 2024, attack by the Telegram-based group “Black_Code,” which leaked credentials from the Telangana government portal (data.telangana.gov.in), the February 21, 2024, attack by “Nusantara” on the SC/ST Commission portal (scstcommission.telangana.gov.in), the March 2, 2024, targeting of Deputy Chief Minister Mallu Bhatti Vikramarka’s website and more.
Likewise, the group “Z-BL4CX-H4T” leaked credentials of the Telangana government’s official portal (telangana.gov.in), “Garuda Security” defaced the website jnafau.ac.in, “Bangladesh Dark Net Hacker Boys” launched a DDoS attack on www.uohyd.ac.in and many others. Even private entities like the Sri Sathya Sai Seva Organisation were not spared by malware, with the hackers making public sensitive government documents, citizen data and confidential communications.
A ransomware attack on one of Asia’s largest educational conglomerates targeted its hospitals and educational services, disrupting patient care and administrative operations.
The attackers likely gained access through phishing emails or RDP vulnerabilities, allowing them to install malware and deploy ransomware across critical systems.
The attack encrypted electronic medical records (EMR), billing systems, and student data, leaving hospital staff unable to access vital patient information. A ransom was demandedin cryptocurrency, but the group refused to pay, opting instead to restore systems from secure backups.
According to the report, the threat environment in Telangana is further complicated by a diverse range of attacks targeting critical sectors — government, banking, financial services and industries, healthcare, education, manufacturing and IT/ITES.
