A recent wave of India-Pakistan cyberattacks tied to renewed military tensions has had limited real-world impact, cybersecurity experts say. Most of the activity appears to have been driven by hacktivist groups aiming to create noise more than actual damage.
The digital escalation followed India’s May 7 military strikes on Pakistan, launched in retaliation for the killing of 25 Indian tourists in Kashmir in late April. According to cybersecurity firm CloudSEK, over 100 attacks were recorded in early May alone, mainly targeting government and educational servers. However, the vast majority had no lasting impact on critical infrastructure.
CloudSEK’s threat researcher Pagilla Manohar Reddy noted that many attacks involved defacing nonessential websites, such as personal pages and WordPress domains. In some cases, attackers leaked stolen credentials or publicized alleged data breaches—though many of these claims turned out to involve previously leaked or non-sensitive information. “There’s a lot of recycled data dressed up as something new,” he said.
Another key tactic involved short-lived distributed denial-of-service (DDoS) attacks, with hacktivists often sharing screenshots or uptime monitors to claim success. Yet most services remained online or recovered swiftly. In total, CloudSEK tracked more than 200 incidents during the conflict period, but estimates that 95% had no meaningful effect.
More Chaos Than Consequence in the Cyber Arena
Security researchers from Radware observed similar patterns. The company confirmed a brief spike in cyberattacks on May 7—coinciding with India’s strikes, dubbed Operation Sindoor—followed by a quick decline. According to Pascal Geenens, Radware’s director of threat intelligence, the attacks mostly originated from religiously motivated hacktivist groups already active in Southeast Asia.
India responded preemptively by restricting international access to key financial services like the National Stock Exchange and Bombay Stock Exchange, though no serious breaches were reported. “We saw the usual noise—lots of claims, but very few verified attacks after the weekend,” said Geenens.
While India-Pakistan cyberattacks have gained attention, analysts warn not to overstate their impact. Unlike the coordinated, destructive cyber campaigns seen in the Russia-Ukraine conflict, the activity between India and Pakistan lacks sophistication and military integration. “This is more noise than signal,” Reddy added, drawing comparisons to the ideological DDoS attacks seen in the Israel-Palestine cyber space.
The Kashmir conflict remains a major flashpoint, with both nations using digital skirmishes to amplify political messaging. Yet most attacks remain superficial—focused more on optics and disruption than actual sabotage. Even when downtime is achieved, it’s often fleeting, with little lasting consequence.
Ultimately, experts agree that basic security practices are enough to thwart most of these hacktivist campaigns. “Some groups build custom tools, but many are just trying to stir confusion,” said Geenens. “It’s about narrative, not capability.”
