Hacker army: Why India cannot let its guard down

India Today

11 hours ago

(NOTE: This article was originally published in the India Today issue dated July 28, 2025)Twenty-first century warfare isn't limited to ground, air and naval forces. With vital domains like defence, finance and communications dependent on sets of interconnected information systems on the internet, attacking these can grievously impair a nation's war-making capabilities. Cyber warfare has thus emerged as a low-cost weapon of modern conflict and cyber security is now an important factor in the national security matrix of every state. As in Russia's war on Ukraine and the recent Israel-Iran war, this whole spectrum played out during the recent face-off between India and Pakistan.advertisementStarting from the Pahalgam terror attack on April 22 and continuing through Operation Sindoor and the four-day conflict between the two neighbours (May 7-10), India faced an unrelenting wave of cyberattacks, primarily by Pakistani groups backed by Islamabad and Beijing, but also from hacker groups in Turkey, Bangladesh, Malaysia and West Asian countries. According to Indian government sources, these groups launched over 1.5 million cyber attacks targeting a wide swathe of India's critical infrastructure spanning defence, power, telecom, finance and transportation during this period. In a cabinet meeting in early June, Prime Minister Narendra Modi put the number of attacks at 100 million.
Predictably, India's military-industrial infrastructure came in for special attention, while the power ministry confirmed that over 200,000 cyber attacks on the Indian electricity grid were foiled between May 7-10. Their modus operandi comprised the full repertoire of hackers' mischief: website defacements, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks (aiming to overwhelm and impair a target server/ network), malware distribution (using viruses to infect systems and gain control) and phishing (use of deceptive emails to extract information). Their cumulative goal: to steal defence information, particularly missile technology, and to undermine vital sectors. Happily, Indian cyber-security agencies, including the Indian Computer Emergency Response Team (CERT-In), the Defence Cyber Agency and the National Critical Information Infrastructure Protection Centre (NCIIPC) successfully thwarted most attacks, with a mere 150 out of the 1.5 million attempts succeeding. Though cyber assets of government institutions, commercial enterprises and the better protected defence organisations attracted 28 per cent, 22 per cent and 17 per cent, respectively, of all attacks, the education (7 per cent), finance (4 per cent) and transport (3 per cent) sectors were not spared. In retaliation, Indian hacking groups took the attack to Pakistan, targeting and breaching critical digital assets of its military and government.
However, India's victory in repulsing these attacks was not absolute. Websites of several Indian military, defence production and defence research institutes, including the Defence Research and Development Organisation (DRDO), were successfully targeted. Clearly, more needs to be done to beef up India's cyber-security, as attacks on Indian cyber space continue.Tarun Wig, CEO of Innefu Labs, an agency that works closely with the ministry of defence (MoD), agrees that the attacks are a clarion call for the country's defence mechanism. 'These invasions are no longer just for ransom. They target critical infrastructures, steal sensitive data and attempt to disrupt essential services,' he says.
BARRAGE OF ATTACKSJaijit Bhattacharya, cyber-security expert and president of the Delhi-based Centre for Digital Economy Policy (C-Dep), says that the Pahalgam terrorist attack served as the ignition point for the hybrid war—an orchestrated blend of terrorism and cyber aggression—unleashed against India, signalled by a storm of attempted cyber intrusions and disruptions. Servers of the MoD, the Election Commission and key financial institutions were targeted, and cyber-security agencies like CERT-In and the National Technical Research Organisation (NTRO), which includes the NCIIPC, raised immediate alarms of an 'ongoing coordinated offensive'. 'The implications were serious—national security, economic stability and civil trust in digital systems were under siege,' Bhattacharya adds. Pakistan was the primary actor, while Malaysia and Turkey played subtler roles, he points out.advertisement
India's cyber agencies found that Pakistani group APT36 (a.k.a. Transparent Tribe), escalated phishing campaigns targeting armed forces personnel. Malware-laced documents mimicking internal communication were used to try and exfiltrate sensitive information, but were thwarted. However, its hackers gained access to data of the Military Engineer Services and the Manohar Parrikar Institute of Defence Studies and Analyses. Most worryingly, confidential data, including upgrade plans for T-90 tanks and certain projects under development by the DRDO was put on sale on the dark web. APT 36 is believed to behind this intrusion too.advertisementOther Pakistani groups like Team Insane Pakistan and HOAX1337 breached and defaced websites of the Assam Rifles, the Department of Atomic Energy and Armoured Vehicles Nigam Limited, forcing them to go offline for a few days. The Pakistan Cyber Force hacked the Rajasthan education department's website, posting false claims about the Pahalgam terror attack.Malaysian hacktivist groups like RipperSec launched social media propaganda campaigns to amplify anti-India narratives and targeted the vice president of India's website, while Turkish groups like the Turk Hack team carried out DDoS attacks on Indian banking websites and media portals. The Iranian hacker group Vulture carried out DDoS attacks on websites of CERT-In, the National Testing Agency, the office of the President of India and the Prime Minister's Office.The Bangladeshi government denied involvement, but Indian cyber agencies traced ransomware and hacktivist attacks to hacker forums in Dhaka and Chittagong. Groups like Mysterious Bangladesh targeted government portals like those of the CBI, Election Commission and BSNL. It is suspected that non-state actors with ideological alignment to Pakistan were operating from Bangladesh.China's cyber onslaught was more strategic. It conducted advanced persistent threats (APTs)—sophisticated and sustained cyber attacks that lodge themselves in a network—through groups like APT41 and Mustang Panda, attempting to disable India's power grids, logistics chains and telecommunications networks. A major concern was the attempted breach into India's railway network. Experts believe that Beijing's objective was to probe India's cyber resilience during a potential military standoff.advertisementA decentralised group called R3V0XAnonymous launched abortive DDoS attacks on the Central Board of Indirect Taxes and Customs and the Income Tax Department. Sensing the danger early on, the Bombay Stock Exchange issued a cyber-security advisory on May 7 following warnings from CERT-In about ongoing cyber threats targeting India's banking, financial services and insurance (BFSI) sector.Power distribution networks in western India were also probed by malware variants, prompting precautionary shutdowns in some areas. On May 10, the official website of the Ulhasnagar Municipal Corporation in Maharashtra was hacked.
INDIA'S RESPONSEadvertisementFacing attacks on every domain, India's cyber armies—independent and state-backed—launched thousands of attacks on Pakistan. Indian hacking groups like Indian Cyber Force, Indian Cyber Defender, WhiteHorse and Cyber Warriors India claimed successful attacks on crucial Pakistani infrastructure. India's elite cyber unit under the Defence Cyber Agency—a tri-service command of the Indian military—was mobilised and retaliatory digital strikes were carried out on critical assets. This included takedowns of social media troll farms, disruption of servers and digital forensics operations to trace and expose the origin of attacks. Pakistan's NCERT (National Cyber Emergency Response Team) was forced to issue a red alert for phishing targeting its organisations. Websites of Pakistan's Sindh Police and its airport systems were breached too.However, most of India's robust response was defensive in nature. It involved tripling cyber defence teams, deploying real-time intelligence-sharing and activating a joint task force led by the Data Security Council of India, coordinating government, private firms and industry bodies. Measures included temporarily blocking vulnerable financial sites, issuing CERT-In alerts and monitoring suspicious command servers. According to Bhattacharya, the Indian government activated a multi-pronged cyber defence operation. The Indian Cyber Crime Coordination Centre (I4C), under the Union ministry of home affairs, spearheaded counter-hack operations, reportedly taking down over 150 hostile command-and-control servers. India's proactive approach and coordination at the macro level helped it withstand the dynamic threat landscape in this virtual war.With cyber threats ever present and evolving, India cannot let its guard down. To effectively counter Chinese cyber attacks, Pakistani hacktivists and other hacking groups, India must expand AI-powered threat detection and real-time incident response systems and improve cyber-security training. Increased investment in quantum-resistant encryption, cloud security and resilient infrastructure for all vital sectors are critical.Wig says India has responded to growing cyber threats by fortifying its cyber defence through CERT-In and NCIIPC, indigenous cyber-security solutions and collaboration between government and private sectors. The Digital Personal Data Protection Act, 2023 has strengthened regulatory frameworks, while partnerships with Singapore, Japan and the UK have enhanced threat intelligence-sharing. India's determination to protect its digital infrastructure will shape the future of cyber-security in the region.Subscribe to India Today Magazine- EndsMust Watch