India and Pakistan may have reached a status quo of ceasefire on ground, air and sea for now, but the two neighbors are still going hard at each other in cyberspace.
In the aftermath of the Pahalgam terror attack, Indian cybersecurity agencies detected a significant surge in coordinated cyber offensives targeting the country’s digital infrastructure. An intelligence report from a state agency attributed these attacks to Pakistan-aligned Advanced Persistent Threat (APT) groups that launched 1.5 million intrusion attempts against Indian websites and systems.
These numbers coincide with the findings of private sector cybersecurity firm Cyble, which recorded more than 40 hacktivist groups actively targeting Indian organizations after the Pahalgam terror attack and India’s retaliation through “Operation Sindoor.”
Also read: Post Pahalgam, Over 40 Hacktivist Groups Targeted India: High Noise, Low Impact
Only 150 Cyberattacks Successful
According to the Maharashtra Cyber Department, the state’s cybersecurity task force, only 150 of the cyberattacks were successful. While the overall damage was limited, the massive volume of attempted breaches reveals an alarming pattern of persistent, state-aligned digital aggression.
“These were not random hits. The sheer coordination and volume point to a structured campaign, likely with state backing,” said a senior official, requesting anonymity.
The threat actors reportedly used a mix of Distributed Denial of Service (DDoS) attacks, malware payloads, and website defacements to overwhelm systems and spread propaganda. Cyble’s report corroborates these findings. It said that more than half of these attacks were DDoS aimed at overwhelming systems while the others were mainly website defacement, which is primarily used for propaganda.
Hybrid Warfare in the Digital Age
The government’s findings are detailed in a classified intelligence document titled “Road of Sindoor,” which outlines how these cyber operations are part of a broader hybrid warfare strategy aimed at destabilizing society and sowing discord through online misinformation. The attackers allegedly weaponized digital platforms to circulate fake news, provoke communal tension, and erode trust in national institutions.
The authorities explicitly named seven APTs in the report, as per ET India: Pakistan Cyber Force, Team Insane Pakistan, Mysterious Bangladesh, Indo Hacks Sec, Cyber Group HOAX 1337, APT36 and National Cyber Crew.
According to Cyble, the majority of these hacktivists like Pakistan Cyber Force and Mysterious Bangladesh operationalized DDoS attacks against government institutions but some like Team Insane Pakistan claimed data breaches related to government databases. These claims, however, could not be verified.
APT36 was another threat actor that was caught spoofing infrastructure of India’s Ministry of Defence. Cybersecurity firm hunt.io, in the initial days after the Pahalgam terror attack, observed delivering cross-platform malware through a ClickFix-style infection chain. The phishing or spoofed website mimicked government press releases, staged payloads through a possibly compromised [.]in domain, and used visual deception to appear credible during execution.
The state cyber agency believes these APTs operate not only out of Pakistan but also leverage networks in Bangladesh, Indonesia, Morocco, and parts of the Middle East to obfuscate origins and bypass geolocation-based defenses. This distributed operational model makes attribution complex and response efforts more resource-intensive.
Resilience Over Retaliation
The fact that more than 99.99% of the attacks were repelled indicates India’s maturity when it comes to cybersecurity infrastructure. However, cybersecurity experts caution against complacency.
The senior official noted, “APT groups play the long game. Even failed intrusions offer them valuable intelligence on network configurations, firewall behavior, and incident response times. Every attempt is a reconnaissance opportunity.”
He added that small breaches can still lead to serious consequences. “Compromised websites, even if minor, can become launchpads for phishing campaigns or be used to push disinformation under the guise of legitimate Indian domains.”
A Geneva Convention for Cyberspace?
Unlike physical aggression, cyberattacks transcend borders with ease, making traditional diplomacy and deterrence frameworks less effective. Another example of this is the ongoing cyberwar between Russia and Ukraine that supports kinetic warfare.
The anonymous nature of cyberspace often allows adversaries to operate in gray zones, using civilian infrastructure to conduct hostile operations. This environment complicates both domestic response and international collaboration. Owing to this, “the world needs a Geneva Convention for cyberspace,” the senior official said.
Beware of Misinformation
Apart from cyberattacks, the state agency also warned of psychological operations (PsyOps) from these hacktivist groups who have not only presented a false narrative or propaganda but also spread misinformation about several non-existent events like the downing of 70% of the electric grid across the nation through a cyberattack, disruption of satellite and telecommunication, and an alleged targeting of a missile storage facility in India.
The extent of fake news, including articles, videos and images, has grown so much that the government’s Press Information Bureau Fact Check account on platform X posted a cautionary note: “YOUR SOCIAL MEDIA FEEDS ARE UNDER ATTACK. Beware of suspicious videos related to #IndianArmedForces or the ongoing situation. These are key tools of malicious manipulation.“
The state cyber agency has already removed more than 5,000 posts related to misinformation on the Indo-Pak conflict circulating on several social media platforms and has flagged another four dozen that are in the process of takedown, it added.
