With rising military tensions between India and Pakistan, hacktivists across Asia, the Middle East, and North Africa (MENA) have launched a digital campaign aimed at disrupting India’s government and critical infrastructure.
On April 22, violence erupted in Pahalgam, India, where terrorists attacked a group of tourists in Kashmir. This triggered a wave of cyberattacks, with hackers on both sides of the conflict activating their forces. NSFOCUS researchers noted a dramatic 500% increase in cyberattacks on India and a 700% surge on Pakistan targets in the days that followed.
India has been the primary focus of attacks, especially following its military airstrikes in Pakistan, known as “Operation Sindoor.” Security firms Radware and Cyble reported sharp increases in malicious activities on May 7, the day the airstrikes began. This spike in cyber activity is being referred to as #OpIndia, a term used for hacktivist campaigns targeting nations like Israel and the United States in the past.
Cyberattack Surge and Targets
The majority of attacks have taken the form of distributed denial-of-service (DDoS) strikes. According to Cyble, over 50% of these attacks have been DDoS-related, while around 36% involved website defacements. Claims of full data breaches have also surfaced but remain unverified.
Both Radware and Cyble report that Indian government entities are being targeted the most, followed by the finance and telecommunications sectors. Some attacks have even affected portals that connect multiple organizations or government departments.
In response, India’s Computer Emergency Response Team (CERT-In) issued a warning to the finance sector, followed by the Bombay Stock Exchange (BSE) advising investors of increased cyberattack risks. The BSE and National Stock Exchange of India also restricted foreign IP addresses from accessing their websites.
Declining Cyberattacks and Weekend Surge
Data from Radware shared on May 9 revealed a significant decrease in cyberattacks since the peak on May 7. However, Radware’s Pascal Geenens cautions that cybercriminals tend to target systems hardest on Friday evenings and weekends, exploiting moments when security teams are less active.
While India faces heavy cyberattacks, Pakistan has also been targeted. NSFOCUS reported that DDoS attacks took down websites belonging to Pakistan’s Ministry of Commerce, Emergency Services Department, Quaid-i-Azam University, and WorldCall Telecom Limited.
The majority of cyberattacks on India in recent weeks have originated from Bangladesh, with many hacktivist groups already involved in cyber campaigns against India prior to April 22. New groups have emerged, joining forces via social media and underground forums. Over 40 hacktivist groups from countries like Egypt, Morocco, Kuwait, Indonesia, and Vietnam have been involved in these attacks.
The formation of these alliances is part of a broader trend in the hacktivist scene, according to Geenens. Groups such as “Holy League” — a collective of pro-Russian, pro-Palestinian, and pro-Muslim hacktivists — have grown more collaborative in recent months.
Although groups like the Iranian “Vulture” and pro-Palestinian “RipperSec” and “Mysterious Team Pakistan” have publicly pledged support for actions in India, none have claimed responsibility for specific attacks yet. Despite speculation, Geenens notes that pro-Russian hackers have largely stayed out of this conflict, likely due to India’s strong relations with Russia.
