18 June 2024

Former IT consultant sentenced to 2.5 years for wiping nearly 200 virtual servers


Former IT consultant sentenced to 2.5 years for wiping nearly 200 virtual servers

A Singapore court has sentenced Kandula Nagaraju, a former employee of the NCS Group, to two years and eight months in prison for accessing the company's software test environment and wiping 180 virtual servers. The incident, which occurred months after his employment ended, caused damages estimated at $678,000.

NCS (National Computer Systems) is a Singapore-based subsidiary of the Singtel Group. Operating in over 20 cities across the Asia-Pacific region, NCS employs 13,000 people.

Nagaraju, an Indian national, joined the Singtel-owned IT services company as a hybrid cloud consultant in November 2021. However, NCS terminated his services in November 2022 due to poor performance. Despite his dismissal, the company overlooked invalidating his system credentials, allowing him unauthorized access.

Nagaraju was a member of the quality assurance (QA) team, responsible for testing new software and programs before their official launch.

According to court documents, Nagaraju accessed NCS systems over thirteen times between January and March 2023 using his non-invalidated account credentials. During these unauthorized accesses, he tested custom scripts to wipe virtual servers managed by the QA team. On March 18-19, he executed the wiper script, which led to the deletion of 180 virtual servers.

The attack was discovered when NCS realized that the deleted servers could not be restored, prompting the company to report the incident to the police. On April 11, 2023, law enforcement authorities traced the malicious activity to an IP address associated with Nagaraju. A subsequent investigation led to the confiscation of his laptop, where the wiper script was found.

Investigators revealed that Nagaraju developed the wiper script using Google searches on how to delete virtual servers.

NCS said that no sensitive information was exposed during the incident, as the affected environment was solely a software testing platform.


Back to the list

Latest Posts

Daggerfly APT targets Taiwanese orgs and US NGO in China with upgraded malware arsenal

Daggerfly APT targets Taiwanese orgs and US NGO in China with upgraded malware arsenal

The attackers exploited a bug in an Apache HTTP server to deliver the MgBot malware.
23 July 2024
New FrostyGoop ICS malware left over 600 apartment buildings in Ukraine without heat

New FrostyGoop ICS malware left over 600 apartment buildings in Ukraine without heat

The attackers likely gained access through a vulnerability in an externally facing Mikrotik router.
23 July 2024
NCA infiltrates, disrupts Digitalstress DDoS-for-Hire service

NCA infiltrates, disrupts Digitalstress DDoS-for-Hire service

The crackdown follows the arrest of one of the site's suspected admins earlier this month.
23 July 2024