MP News: MP-CERT Foils Cyber-Attack On State Government Websites

Bhopal (Madhya Pradesh): Websites of the Madhya Pradesh state government were targeted by IcePeony, a known APT group associated with cyber espionage against government infrastructure. Officials said the attack was successfully neutralised by MP-CERT.

In December 2025, an SEO poisoning redirect attack alert was raised in the state. Acting promptly, MP-CERT and Madhya Pradesh State Electronics Development Corporation (MPSeDC) identified and neutralised the threat. The administration confirmed that no government services were impacted and no data was compromised.

All digital services of the state continued to operate securely. Following the alert, MP-CERT and MPSeDC launched a 48-hour intensive monitoring and response exercise to validate containment, verify system integrity and ensure uninterrupted service delivery.

Further analysis revealed the attack was not merely related to unauthorised betting or gaming links, but a state-sponsored threat. MP-CERT also found that multiple other states had been infected by similar SEO poisoning redirect attacks. A detailed report was shared with CERT-In, GoI.

The attack

Technical investigation showed the incident was not a simple redirect attack, but a highly sophisticated advanced persistent threat (APT).

Malware reverse engineering revealed it was heavily obfuscated and evaded detection by standard antivirus tools. It masqueraded as legitimate IIS components using deceptive DLL names, employed heavy packing and runtime decryption, and demonstrated advanced defense evasion techniques.

The review

MPSeDC conducted a comprehensive audit of government IT systems. Unnecessary access points were closed, obsolete websites removed and all servers patched and updated. Additional system-level security controls were implemented to strengthen defenses against future cyber threats.

Cybersecurity improvements included SBOM implementation, source code analysis, and regular audits. Antivirus systems were enhanced using malware signatures shared by MP-CERT, improving detection and prevention across the state s digital infrastructure.