Key Points
- Over 1.5 million cyber attacks launched on Indian critical infrastructure since April 22 Pahalgam terror attack
- Attacks traced to seven major hacking groups from Pakistan, Bangladesh, Indonesia, and the Middle East
- Only 150 attacks succeeded; most were neutralized by Indian cyber agencies
- Tactics included DDoS, malware, website defacement, and GPS spoofing
- Maharashtra Cyber removed over 5,000 fake news posts fueling hybrid warfare
- Officials urge public to verify information and not spread unverified claims
Mumbai: India’s digital infrastructure has come under unprecedented assault, with Maharashtra Cyber reporting more than 1.5 million cyber attacks targeting government and critical infrastructure websites in the aftermath of the April 22 Pahalgam terror attack. The attacks, orchestrated by at least seven advanced persistent threat (APT) groups, primarily from Pakistan, Bangladesh, Indonesia, and the Middle East, represent one of the largest coordinated cyber offensives against the country in recent years.
Attack Patterns and Methods
The barrage began immediately after the Pahalgam incident, with daily cyber attacks ranging from 30 to 40 major attempts, initially focusing on the financial sector before spreading to power grids, telecom, and government portals. The primary tactics included:
- Distributed Denial-of-Service (DDoS): Flooding websites with fake traffic to disrupt operations
- Malware Campaigns: Attempting to infiltrate and compromise sensitive systems
- Website Defacement: Altering content on government and municipal websites
- GPS Spoofing and Espionage: Targeting critical infrastructure for intelligence gathering
Despite the scale, Indian agencies successfully thwarted the vast majority of these attacks, with only 150 breaches reported. Notable incidents included the defacement of the Kulgaon Badlapur Municipal Council website and claims of data theft from Mumbai’s Chhatrapati Shivaji Maharaj International Airport and telecom companies, some of which allegedly surfaced on the darknet. The Defence Nursing College in Jalandhar was also targeted.
Who’s Behind the Attacks?
The Maharashtra Cyber report, titled “Road of Sindoor,” identifies the following groups as key perpetrators:
- APT 36 (Pakistan-based)
- Pakistan Cyber Force
- Team Insane PK
- Mysterious Bangladesh
- Indo Hacks Sec (Indonesia)
- Cyber Group Hoax 1337
- National Cyber Crew (Pakistan-allied)
These groups have a history of targeting India’s defense, energy, and financial sectors, and are known for combining technical attacks with psychological operations.
Hybrid Warfare: Misinformation as a Weapon
Beyond technical breaches, the report highlights a surge in misinformation and fake news campaigns. Hackers spread false claims about power grid failures, banking hacks, satellite jamming, and attacks on military assets to create panic and erode public trust. Maharashtra Cyber has removed over 5,000 such posts from social media and continues to monitor and counter these narratives.
Of 80 specific misinformation cases flagged for removal, 35 have been taken down, with action pending on the rest. Officials emphasize that these campaigns are part of a broader hybrid warfare strategy, aiming to destabilize India both digitally and socially.
Ongoing Threat Despite Ceasefire
Even after the ceasefire agreement between India and Pakistan, cyber attacks have persisted, though their frequency has declined. The attacks now also originate from Bangladesh, Indonesia, Morocco, and several Middle Eastern countries, indicating a widening threat landscape.
Government Response and Public Advisory
Indian cybersecurity agencies have ramped up defenses with advanced surveillance, honeypot traps, and regular security audits. The Department of Telecommunications has tightened firewall protocols, and CERT-In (Indian Computer Emergency Response Team) has issued multiple advisories to secure communications and data centers.
Authorities urge citizens to:
- Avoid sharing unverified or sensational content, especially on social media
- Fact-check information from credible sources before forwarding
- Report suspicious activity or misinformation to authorities
India’s digital resilience has been tested by an unprecedented wave of cyber attacks linked to regional tensions and hybrid warfare. While most technical attacks have been neutralized, the battle against misinformation and psychological manipulation remains ongoing. Vigilance, public awareness, and robust cybersecurity measures are crucial to safeguarding national interests in this evolving digital battlefield.
