Did Hackers Infiltrate CRPF’s Internal Email Network? Cybersecurity Warning Issued | Exclusive

Last Updated:March 13, 2026, 13:34 IST

According to the advisory, reviewed by News18, a suspicious email containing a malicious link was circulated on March 11, 2026, to multiple CRPF offices across the country

The Central Reserve Police Force (CRPF) has issued an urgent cybersecurity warning after an official email account was suspected to be compromised by threat actors, triggering concerns about a coordinated phishing attack targeting the paramilitary organisation’s internal communication network.

According to the advisory, reviewed by News18, a suspicious email containing a malicious link was circulated on March 11, 2026, to multiple CRPF offices across the country. The email carried the subject line “Advisory – List of Fake Websites," a title designed to appear legitimate and lure unsuspecting officials into clicking the embedded phishing link sent from official email server ID.

As per the warning, CRPF believes the email account may have been compromised by cyber threat actors who exploited it to distribute malware or harvest sensitive credentials from CRPF personnel.

The incident highlights growing concerns about cybersecurity vulnerabilities within government communication systems.

Importantly, Central government in response to an escalating threat of digital espionage and device compromise, is set to introduce stringent security protocols governing the procurement, handling and use of digital hardware and personal electronic gadgets by police officers, security personnel, and intelligence agencies.

The move is aimed at preventing hostile exploitation of devices and safeguarding hyper-sensitive operational data amid growing evidence of foreign-backed espionage networks targeting Indian personnel.

Immediate Action Ordered

CRPF has directed all officials who may have interacted with the suspicious email to immediately disconnect their devices from the internet and conduct full system scans using the Trellix antivirus tool. Officials have also been instructed to change their passwords from verified malware-free systems and ensure operating systems are updated with the latest security patches.

The advisory further prohibits installation of remote desktop applications such as Any Desk and warns against using browser-stored passwords, which could be exploited if systems are compromised.

Officials have been asked to delete the phishing email immediately from their inboxes and submit a compliance report to headquarters, confirming all mitigation steps have been completed.

Cybersecurity experts note that phishing attacks disguised as official security advisories are an increasingly common tactic used by threat actors to penetrate government networks, making staff awareness and prompt response critical to containing potential damage.

News india Did Hackers Infiltrate CRPF’s Internal Email Network? Cybersecurity Warning Issued | Exclusive

Read More