Disgruntled Former Employee Hacks Singapore IT Firm, Deletes 180 Virtual Servers, Highlighting Human Factors in Enterprise Security

In today’s rapidly changing tech industry, layoffs are common and some disgruntled programmers resort to retaliatory attacks against former employers.

The case involves Kandula Nagaraju, a 39‑year‑old Indian programmer who worked in the Quality Assurance (QA) team of Singapore‑based IT services firm NCS from November 2021 to October 2022 before being terminated for alleged poor performance.

After failing to secure new employment in Singapore and returning to India, Nagaraju used his personal laptop to log into NCS’s internal systems without authorization from 6 January to 17 January 2023, making six illegal accesses to the company’s testing environment.

In February 2023 he obtained a new job in Singapore, yet continued to access NCS’s systems via a shared Wi‑Fi network with a former colleague, conducting further unauthorized logins throughout March.

During the two‑month intrusion period he wrote and tested scripts aimed at deleting servers, accessing the QA system 13 times in March 2023 alone.

On 18–19 March 2023 he executed a script that erased 180 virtual servers from the NCS QA environment, resulting in an estimated loss of US$678,000.

Police recovered his laptop and found the deletion script, confirming that he had searched online for server‑deletion code and adapted it for the attack.

Nagaraju was subsequently sentenced to two years and eight months in prison for unauthorized access to computer data, with additional charges pending.

Security experts, including Synopsys senior security engineer Boris Cipot and KnowBe4 chief security awareness advocate Javvad Malik, cite the incident as a stark reminder that beyond technical safeguards, enterprises must promptly deactivate accounts of terminated employees, continuously monitor privileged access, and consider the human emotional factors that can lead to insider threats.

Reference links: Channel News Asia ; ITPro .