Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label India. Show all posts
phishing
ceasefire Cyber Attacks Cybersecurity DDoS disinformation Hacking India Infrastructure Pakistan phishing

Cyber Warfare After Pahalgam: Over 1.5 Million Cyberattacks Target Indian Infrastructure

 

Following the Pahalgam terror incident, India experienced a massive wave of cyberattacks launched by hostile hacker groups operating from Pakistan, Bangladesh, Indonesia, and parts of the Middle East. As per a detailed investigation by the Maharashtra Cyber Cell, over 1.5 million cyber intrusions targeted Indian websites and digital systems in a deliberate, coordinated assault meant to disrupt national infrastructure and spread psychological unrest.

According to a government report titled “Road of Sindoor,” the cyber onslaught was a retaliatory move against India’s military operation conducted under the same name. The attacks aimed at government portals, municipal databases, aviation systems, and other vital infrastructure.

Despite the scale of the offensive, only 150 of the attacks showed limited success, marking a mere 0.01% success rate. This reflects India’s growing cyber resilience and the relatively low effectiveness of these foreign cyber operatives.

7 Pakistani-Backed Hacker Groups Identified

The Maharashtra Cyber Cell report identified seven key hacker groups orchestrating the campaign:
  • APT 36
  • Pakistan Cyber Force
  • Team Insane PK
  • Mysterious Bangladesh
  • Indo Hacks Sec
  • Cyber Group HOAX 1337
  • National Cyber Crew (Pakistan-allied)
These collectives employed tactics such as DDoS attacks, malware deployment, GPS spoofing, and website defacements. One of the more visible intrusions was the defacement of the Kulgaon Badlapur Municipal Council website. Additionally, several unverified claims circulated online, alleging cyber breaches of the Mumbai airport systems and telecom infrastructures.

More concerning was the coordinated use of disinformation, which sought to falsely portray that India's banking sector, power grid, and satellite systems had been compromised. The report revealed that over 5,000 fake social media posts linked to the India-Pakistan conflict were detected and removed.

Ceasefire Didn’t Halt Cyber Assaults

Even as a ceasefire agreement remained in place between India and Pakistan, cyber offensives continued, especially from Bangladesh, Indonesia, and allied Middle Eastern entities. While officials observed a decline in attack frequency post-ceasefire, they confirmed that the attacks never fully stopped.

Authorities stated, “These campaigns weren’t amateur attempts. They were designed to destabilize. Though thwarted, they signal a persistent digital threat landscape India must be prepared for.”

State and national intelligence units are now working in tandem to bolster surveillance, reinforce cybersecurity protocols, and pre-empt future threats.

The “Road of Sindoor” report has been formally shared with the Director General of Police, the State Intelligence Department, and other key law enforcement bodies, affirming India’s strategic focus on digital sovereignty and cybersecurity preparedness.
Read more »
Pakistan
Cyberattack Cybersecurity Cyberwarfare Data Breach DDoS defacement Hacktivists India Pakistan

Cyber War Escalates Between Indian and Pakistani Hacktivists After Pahalgam Attack

 

kAs tensions continue to rise in the wake of the Pahalgam terror attack and India's subsequent launch of Operation Sindoor, a fierce cyber confrontation has simultaneously unfolded in the digital realm. Hacktivist groups aligned with both India and Pakistan have been engaged in a sustained virtual clash.

A cyber threat intelligence assessment by Kochi-based cybersecurity firm Technisanct highlights how pro-Pakistan and Bangladeshi hacktivist groups have launched a wave of cyberattacks on Indian institutions. While not all incidents were listed in the public report, Technisanct noted key Indian targets including BSNL, the Income Tax Department, Hindustan Aeronautics Ltd, various state government websites, and Indian Railways. In retaliation, pro-India hacktivists focused their attacks on Pakistani establishments such as the Pakistan Air Force, Punjab Emergency Service Department, the Bank of Punjab, Ministry of Finance, and Jinnah International Airport.

The report identifies more than 200 cyber incidents between April 22—the day of the Pahalgam attack—and May 8, just after Operation Sindoor was launched. This data, compiled using threat intelligence sources like falconfeeds.io, Technisanct’s monitoring tools, public disclosures, and threat actor communications across Telegram and X, signals the heightened scale of this cyber offensive.

Among the reported incidents, 111 were DDoS (Distributed Denial of Service) attacks, which aim to overwhelm target servers and disrupt online services. DDoS attacks made up 55.5% of the total. Other forms of attacks included website defacements (35.5%), general cyber alerts (11%), data breaches (7.5%), unauthorized access attempts (2%), and data leaks (1.5%). For context, there were only 147 DDoS attacks in India between February and April, while 112 DDoS cases were recorded from May 1 to 9 alone.

Government and public sector entities bore the brunt of the offensive, accounting for 52% of incidents (104 cases). Educational institutions followed with 43 attacks (21.5%), and technology or IT service firms recorded 13 attacks (6.5%). The focus on essential public sectors and IT infrastructure signals a calculated effort to disrupt public services and potentially compromise broader networks.

"The targeting of technology & IT services organisations could indicate an attempt to leverage these entities for further attacks or to compromise supply chains," the report noted.

Technisanct identified 36 pro-Pakistan hacktivist groups responsible for the digital assaults, with 14 Indian groups retaliating. Leading the offensive from the Pakistani side were:
  • Nation of Saviors (34 incidents)
  • Keymous+ (26)
  • Electronic Army Special Forces (25)
  • KAL EGY 319 (16)
  • GARUDA ERROR SYSTEM (15)
  • AnonSec (14)
  • Sylhet Gang-SG (13)
  • Mr Hamza (11)
  • Dark Cyber Gang (9)
  • INDOHAXSEC (8)
"These groups have aggressively pursued ideologically motivated cyber operations targeting Indian government domains, military assets, and financial platforms. Their tactics largely revolve around DDoS attacks, defacement campaigns, and selective data leaks, often coordinated through Telegram, X and other encrypted channels. The prominence of these actors underscores an organised and sustained campaign against Indian interests in cyberspace, leveraging real-world conflicts to justify digital aggression," the report states.

Technisanct CEO Nandakishore Harikumar told Onmanorama,

"The physical war is highly proportional to digital war. When a single missile is launched in the physical space, thousands of missiles can be launched in the cyber space. The intention is to hit services directly. I believe that, gradually, maybe in the next 50 years, 50 per cent of the war will be fought in the digital space. Even the flood of fake news and misinformation we see is kind of a warfare. We started seeing a huge pattern of this during the Ukraine-Russian crisis, followed by the Israel-Palestine clash."

The report concluded that the cyber activities post-Pahalgam represent a major and evolving national threat.

“The high volume of incidents, the increasing number of participating threat actors, the focus on critical sectors, and the escalating daily activity underscore the urgent need for a robust and comprehensive national cybersecurity strategy that explicitly addresses both cyberattacks and related disinformation, while also considering the dynamics of cyber conflict escalation.”
Read more »
Pakistan Hacker
Cyber Attacks Cyber Crew Cyber Hacking Cyberhackers CyberThreat Dark Web Digitl war Hacktivist group India National Cyber Security Pahalgam Attack Pakistan Hacker

Cybersecurity Agencies on High Alert as Attacks Spike After Pahalgam Incident



A rising tension between India and Pakistan has resulted in an intensified digital war, whose hacktivist groups have launched coordinated cyber offensives targeting government systems and critical infrastructure as a result of increasing tensions between the two countries. The attacks, which are fueled by geopolitical conflict, have expanded beyond the immediate region. 

A report suggests that hacktivist collectives from Asia, the Middle East, and North Africa (MENA) have united to disrupt the Indian cyber ecosystem, according to the report. There was a tragic incident on April 22, when armed terrorists shot a group of tourists in Pahalgam, the serene hill town in Kashmir administered by the Indian government, which was the trigger for this wave of activity. 

According to researchers from NSFOCUS, there had been an immediate and significant surge in cyber activity, which shook the nation. In the aftermath of the attack, cyber activity on both sides of the border intensified. It appears that the initial wave of cyberattacks has stabilised, however, cybersecurity threats persist. India witnessed an increase of 500% in targeted cyber intrusions, and Pakistan faced a rise of 700%. It was reported recently that several Pakistani hacker groups have attempted to breach Indian websites as part of an ongoing digital aggression campaign. 

The Indian cybersecurity agencies have responded robustly to these attempts, which have successfully detected and neutralised most of these threats, despite their efforts to undermine this. According to the reports, hacker collectives such as 'Cyber Group HOAX1337' and 'National Cyber Crew' have targeted websites belonging to the Army Public Schools in Jammu in the past. 

In their attempt to deface the websites, the attackers mocked the victims of the Pahalgam terror attack, which was widely condemned as both distasteful and inflammatory. As a result of the rise in cyber hostilities, we have seen the importance of digital warfare in modern geopolitical conflicts grow. This highlights the need for enhanced cyber vigilance and cross-border security collaboration that must be enhanced. 

The cyber threat landscape has intensified further since India launched Operation Sindoor in retaliation for a military operation targeting suspected terror camps across the border. It has been estimated that the launch of Operation Sindoor on May 7 has resulted in a sharp increase in malicious cyber activity as a result of these attacks, as reported by cybersecurity researchers at Radware and Cyble. 

As a result of the coordinated attacks conducted by hacktivist groups from across the eastern hemisphere, a substantial surge in cyber attacks was recorded on that day alone, with dozens of hacktivist groups actively participating. The Indian government, already dealing with the aftermath of the Pahalgam terror attack, which took place on April 22, has become the primary target of these attacks. Several threats have been launched against Indian institutions by groups aligned with pro-Pakistan and Bangladeshi interests, as well as with groups aligned with pro-Bangladeshi interests.

Technisanct, a cybersecurity firm based in Kochi, released a report recently in which they noted that there has been a steady increase in offensive operations against government infrastructure, educational platforms, and public services. In various online forums and dark web communities, this wave of cyber aggression has been informally referred to as #OpIndia. 

In many ways, the campaign resembles past hacktivist movements which targeted nations like Israel and the United States, usually motivated by ideological motives, but not necessarily sophisticated enough to threaten the nation's security. The current attacks, experts caution, however, demonstrate a coordinated approach to threats, where threat actors are using both denial-of-service DosS) and defacement attacks to spread propaganda and disrupt networks. 

A sustained cyber battle has been waged between India and Pakistan, marked by both nationalist fervour and geopolitical tension as part of the India-Pakistan conflict, which has clearly evolved into a digital dimension of the conflict. Indian cybersecurity agencies must remain vigilant as they attempt to counter these persistent threats through proactive monitoring and rapid incident response, along with strengthened defensive protocols. 

It was decided by Prime Minister Narendra Modi to convene a cabinet committee on security (CCS) on April 30, 2025, to assess the evolving security situation in Jammu and Kashmir amid rising tensions in the region. During the high-level meeting, which took place at the Prime Minister's official residence on Lok Kalyan Marg, members of the national security apparatus, including Rajnath Singh, Amit Shah, and S. Jaishankar, were present, as well as key national security officials. 

In the discussion, Jaishankar discussed the recent wave of violence in the Kashmir Valley, concerns about cross-border security, and the threat of cyberattacks from hostile actors, as well as the threat of cyberterrorism. The Pakistani government has issued a provocative statement warning of a possible Indian military attack within a 24 to 36-hour window, which is similar to the one issued by Pakistan in a provocative statement. 

According to what Islamabad called credible intelligence, New Delhi is preparing to launch retaliatory strikes. The allegations of Pakistan's involvement in the Pahalgam terror attack of April 22 are supposedly based on unsubstantiated accusations. There has been public criticism of India's fabrication of an offensive narrative by Pakistan's Federal Minister for Information, Attaullah Tarar, cautioning that any such move would result in serious consequences if followed. 

It has been revealed that diplomatic and military signals have increased the level of tension in the existing volatile situation, with both sides locked in a tense standoff that spans both physical and virtual borders. There has been news that threat actors have attempted to deface the official website of Armoured Vehicle Nigam Ltd, which is another indication of the intensification of cyberhostility. It is a public sector company operated by the Ministry of Defence. 

It was reported that the attackers defaced the website by showing images associated with Pakistan, including the national flag and images of the 'Al Khalid' battle tank, an act that was seen as both provocative and symbolic by officials. This development has spurred the Indian cybersecurity agencies and expert teams to increase their real-time monitoring of the digital landscape, as a result of which they are concentrating their efforts on identifying threats that have been linked to Pakistani state-sponsored or affiliated groups. 

The authorities have confirmed that this increased surveillance is part of a greater effort to avert further attacks as well as neutralise any new threats that may arise. To counter the increasing wave of cyberattacks, a series of robust countermeasures is being put in place to strengthen the nation's digital security posture in response. For example, fortifying critical infrastructure, strengthening incident response protocols, and increasing online platform resilience across key industries are all examples of strengthening the nation's digital security posture. 

There was no doubt that the authorities were concerned that these proactive actions were aimed at ensuring India's defence and civilian systems were protected as well as that India's digital frontline was prepared to repel and withstand future cyberattacks as well. It has become increasingly apparent that cyberwarfare has become a central theatre of geopolitical rivalry in the modern world as the contours of contemporary conflict continue to evolve. 

Digital infrastructure, in the same way that physical borders play a crucial role in national security, has recently been heightened by several recent developments, and this serves as a reminder to all of us. Because of this, India needs to enhance its investments in advanced cybersecurity capabilities, establish strong public-private partnerships, and establish a comprehensive national cyber defence strategy that is both responsive and flexible. 

To isolate and neutralise transnational cyber threat actors, it is not only necessary to implement technical fortification but also to conduct strategic diplomacy, share intelligence, and engage in international cooperation. It will be crucial to cultivate a culture of resilience, both at the institutional and individual levels, by cultivating cyber awareness. 

With the increasingly contested digital frontier, India must remain proactive, unified, and forward-thinking at all times if it is to ensure that it is secured, sovereign, and fully “digitally self-reliant” as the threat of hybrid threats rises.
Read more »
Terrorism
Banking CERT-In Cybe Security Cyberattack DDoS defacement Digital Finance India Infrastructure Misinformation Pahalgam SocialMedia surveillance Terrorism

India Strengthens Cybersecurity Measures Amid Rising Threats Post-Pahalgam Attack

 

In response to a surge in cyberattacks targeting Indian digital infrastructure following the Pahalgam terror incident, the Indian government has directed financial institutions and critical infrastructure sectors to enhance their cybersecurity protocols. These instructions were issued by the Computer Emergency Response Team (CERT-In), according to a source familiar with the development, Moneycontrol reported.

The precautionary push isn’t limited to government networks — private sector entities are also actively reinforcing their systems against potential cyber threats. “We have been extra alert right from the Pahalgam attack, in terms of ensuring cyber security speedily not just by government agencies but also by the private sector,” the source stated.

CERT-In, India’s central agency for cyber defense, has released advisories to banking institutions and other essential sectors, urging them to tighten their digital safeguards. In addition, the government has engaged with organizations like NASSCOM to facilitate a collaborative cyber alert framework.

Recent attacks primarily involved DDoS, or distributed denial-of-service incidents, which overwhelm servers with excessive traffic, rendering websites inaccessible and potentially causing financial damage. Attempts to deface websites — typically for political messaging — were also reported.

This intensified focus on digital defense follows India’s military action against terrorist hideouts in Pakistan, occurring nearly two weeks after the Pahalgam incident, which resulted in the deaths of Indian tourists in Kashmir.

Moneycontrol previously highlighted that cyber surveillance across India's vital digital infrastructure is being ramped up following the Pahalgam attack and the subsequent Operation Sindoor. Critical sectors and strategic installations are under strict scrutiny to ensure adherence to robust cybersecurity practices.

Amid these developments, misinformation remains a parallel concern. Daily takedown requests under Section 69A of the IT Act have surpassed 1,000, as the government works with social media platforms to curb the spread of fake news, the source noted.
Read more »
Pakistan
Cyber Attacks Cyber Warfare Hacking India Internet Pakistan

Pakistan State-sponsored Hackers Attack Indian Websites, Attempts Blocked

Pakistan State-sponsored Hackers Attack Indian Websites, Attempts Blocked

Pakistan's cyber warfare against India

Recently, Pakistan state-sponsored hacker groups launched multiple failed hacking attempts to hack Indian websites amid continuous cyber offensives against India after the Pahalgam terror attack. These breach attempts were promptly identified and blocked by the Indian cybersecurity agencies. 

In one incident, the hacking group “Cyber Group HOAX1337” and “National Cyber Crew” attacked the websites of the Army Public School in Jammu (a union territory in India), trying to loiter on the site with messages mocking the recent victims of the Pahalgam terror attack.

State-sponsored attacks against Indian websites

In another cyberattack, hackers defaced the website of healthcare services for ex-servicemen, the sites of Indian Air Force veterans and Army Institute of Hotel Management were also attacked. 

Besides Army-related websites, Pakistan-sponsored hackers have repeatedly tried to trespass websites associated with veterans, children, and civilians, officials said.

Additionally, the Maharashtra Cyber Department defected more than 10 lakh cyberattacks on Indian systems by hacking gangs from various countries after the April 22 terror attack on tourists in Pahalgam. 

Rise of targeted cyberattacks against India

A Maharashtra Cyber senior police official said that the state’s police cybercrime detection wing has noticed a sudden rise in digital attacks after the Kashmir terror strike.

Experts suspect these cyber attacks are part of a deliberate campaign to intensify tensions on digital platforms. These attempts are seen as part of Pakistan’s broader hybrid warfare plan, which has a history of using terrorism and information warfare against India. 

Besides Pakistan, cyberattacks have also surfaced from Indonesia, Morocco, and the Middle East. A lot of hacker groups have claimed links to Islamist ideologies, suggesting a coordinated cyber warfare operation, according to the police official. 

Read more »
Threat Intelligence
Crypto Crime Crypto Funds Cyber Crime India ISKP Threat Intelligence

Terror Ourfits Are Using Crypto Funds For Donations in India: TRM Labs

 

Transaction Monitoring (TRM) Labs, a blockchain intelligence firm based in San Francisco and recognised by the World Economic Forum, recently published a report revealing the links between the Islamic State Khorasan Province (ISKP) and ISIS-affiliated fund-collecting networks in India. ISKP, an Afghan terrorist outfit, is reportedly using the cryptocurrency Monero (XMR) to gather funds.

Following the departure of US soldiers from Afghanistan, the ISKP terrorist group garnered significant attention. The "TRM Labs 2025 Crypto Crime Report," published on February 10th, focusses on unlawful cryptocurrency transactions in 2024. According to the reports, illicit transactions have fallen by 24% compared to 2023. 

The "TRM Labs 2025 Crypto Crime Report," published on February 10th, focusses on illicit cryptocurrency transactions in 2024. According to the reports, illicit transactions have fallen by 24% compared to 2023. However, it also emphasises the evolving techniques employed by terrorist organisations. 

TRM Labs' report uncovered on-chain ties between ISKP-affiliated addresses and covert fundraising campaigns in India. The on-chain link is a component of the Chainlink network that runs directly on a blockchain, featuring smart contracts that handle data requests and connect to off-chain oracles. The TRM report states that the ISKP has begun receiving donations in Monero (XMR). 

News reports state that Voice of Khorasan, a periodical created by ISKP's media branch, al-Azaim, announced the commencement of the organization's first donation drive in support of Monero. Since then, Monero's fundraising activities have consistently included requests for donations. 

According to the report, ISKP and other terrorist organisations are favouring Monero more and more because of its blockchain anonymity capabilities. Monero is now worth ₹19,017.77. This powerful privacy tool aids in transaction concealment. However, the report emphasises that terrorist groups will choose more stable cryptocurrencies over Monero money for the foreseeable future due to its volatility and possible crackdowns. 

Furthermore, reliance on cryptocurrency mixers and unidentified wallets has risen. The primary venues for exchanging guidance on best practices and locating providers with the highest security requirements are now online forums. Fake proofs are being used by people to get over Know Your Customer (KYC) rules enforced by exchanges, which makes it challenging for law enforcement to follow the illicit transactions. 

In contrast to Bitcoin and other well-known digital assets, Monero gained attention for its sophisticated privacy features that make transactions trickier to identify. Because of this, they are a tempting option for people who engage in illicit financial activity.
Read more »
User Safety
Banking Security Cyber Security India RBI User Safety

RBI Launches "bank.in" Domain to Combat Digital Banking Scam

 

The Reserve Bank of India (RBI) has made the "bank.in" domain exclusive to all authorised banking institutions in India in an effort to strengthen digital banking security and shield customers from online banking fraud. This effort aims to minimise the rising threat of digital banking fraud by establishing a secure and verified online presence for the banks across the nation.

Due to the surge in online banking transactions, fraudsters have taken advantage of vulnerabilities by impersonating actual banks via phishing attacks, phoney banking websites, and fraudulent email campaigns. The only registrar for this will be the Institute for Development and Research in Banking Technology (IDRBT).

It is expected that domain registration will get underway in April 2025. By implementing an exclusive bank.in domain strategy, the RBI lowers the risk of financial fraud by ensuring that users can quickly recognise and trust legitimate banking websites.

Importance of “bank.in” domain in banking security

The increased use of digital banking has transformed financial transactions in India, providing easy access to banking services. However, this digital transformation has resulted in an increase in cyber threats, with scammers creating fake banking portals to trick users into disclosing sensitive data such as login credentials, OTPs, and banking details. The RBI's special domain for banks called "bank.in" intends to: 

  • Enhance banking fraud prevention by eliminating fake sites that pose as authentic banking portals. 
  • Increase consumer trust and awareness by ensuring that all Indian banks use a single, verifiable domain structure.
  • Strengthen India's digital banking security by creating a centralised domain that is challenging for fraudsters to replicate.

The "bank.in" domain will be reserved solely for RBI-regulated banking institutions, guaranteeing that only reputable financial institutions can use this domain extension. Each bank's official website will be hosted under the bank.in domain, making it easy for consumers to check legitimacy. For example, a major bank like State Bank of India (SBI) may have an official URL such as sbi.bank.in, indicating that the website is trustworthy. 

To facilitate this transition, the RBI is working with financial institutions, cybersecurity professionals, and domain regulatory agencies to ensure a smooth transition to the new domain. Banks will be expected to phase out their current domains and redirect consumers to their new "bank.in" addresses, ensuring a smooth transition and avoiding confusion.
Read more »
WhatsApp
Banking Scams Cyber Crime India WhatsApp

The Rising Problem of Banking Scams in East India

The Rising Problem of Banking Scams in East India

Currently, India is battling with a fake banking applications spoofing genuine institutions to loot credentials and money.

The scale of the campaign is massive, impacting around 900 different malware samples linked to more than 1000 different contact numbers used to commit frauds/scams. Experts from Zimperium found that malware was hiding in apps that imitiate financial institutions worth billion-dollars, aimed to target common man in India. 

The rise of banking scams in East India

Throughout India, majority of the people have been getting WhatsApp messages containing malicious Android Package Kit (APK) files. When downloaded, these malicious files change into  fake apps spoofing one or multiple banks- ICICI Bank, State Bank of India (SBI) and more. 

The apps demand targets to provide their personal financial info- this includes ATM PINs, debit/credit card numbers and PAN card deta- used for different government and financial reasons, for instance, opening a bank account or paying taxes- adhar card. 

Stealing confidential info

To let hackers get access into victims' bank accounts, the malware hacks one-time passwords and resends them either to a threat actor-controlled phone number or C3 servers operating on Firebase. 

Additionally, the malware uses stealth and anti-analysis measures such as "packing," where the malware is hidden, compressed, and encrypted in ways that its almost impossible to notice them. It self installs by exploiting accessibility service, and get all required permissions on users' devices by just poking a user to careless click "Allow" when the malware asks nicely. 

Zimperium chief scientist Nico Chiaraviglio says "since we don't see the app, it's not easy to uninstall it." He adds "you [have to deal with the] higher permissions. So if you want to uninstall the app, the device will say you cannot install it because it's a system app. You basically need to connect the phone to a computer and uninstall it using the Android Debug Bridge (ADB). It's not something that you can do from a regular user's standpoint."

The success behind scams in India

Dark Reading reports "Phone numbers tied to the campaign lovingly named "FatBoyPanel" have tended to concentrate in eastern states: West Bengal (30.2%), Bihar (22.6%), Jharkjand (10%)."

According to experts, two reasons add to the problem- use of outdated phones in India that aren't equipped with latest updates, and the rise of scammers trapping innocent victims.

Read more »
Subscribe to: Posts (Atom)