Kochi: While the nation has been undergoing tense moments following the Pahalgam terror attack, leading to the retaliatory Operation Sindoor, the cyber space witnessed what looked like an intense battle between hacktivists supporting India and Pakistan.

According to a cyber threat intelligence report prepared by Kochi-based cybersecurity company Technisanct, India had to deal with a sustained cyber offensive targeting various institutions by a growing number of pro-Pakistan and Bangladeshi hacktivist groups.

Though not mentioned in the report, Technisanct said that pro-Pakistan groups focused on attacking Indian organisations, including BSNL, the Income Tax Department, Hindustan Aeronautics Ltd, state government portals, and Indian Railways. Pro-Indian groups, meanwhile, targeted the Pakistan Air Force, the Punjab Emergency Service Department, the Bank of Punjab, Pakistan’s Ministry of Finance, and Jinnah International Airport.

Over 200 cyber incidents were identified from April 22, the day of the Pahalgam attack, to May 8, the day after India launched Operation Sindoor. The significant volume of activity underscores the intensity of the cyber offensive following the Pahalgam attack on April 22, according to the report. 

The data encompasses threat intelligence feeds from falconfeeds.io, the company’s cybersecurity monitoring tool, publicly disclosed incidents, and information gleaned from threat actor communication channels, particularly Telegram and X.

Of the identified incidents, 111 were distributed denial of service (DDoS) attacks aimed at undermining target servers and rendering online services unavailable. DDoS cases account for 55.5 per cent of the identified attacks. The remaining cases fall into the categories of defacement (35.5 per cent), cyber attack alerts (11 per cent), data breach (7.5 per cent), initial access (2 per cent), and data leak (1.5 per cent).

To put it in perspective, only 147 DDoS attacks on India occurred between February and April, while 112 DDoS attacks were identified between May 1 and 9.

As many as 104 incidents (52 per cent) targeted institutions in the government and public sector, while 43 cases (21.5 per cent) were identified in education, followed by 13 (6.5%) in technology and IT services.

"The disproportionate targeting of the government and public sector and education verticals underscores a strategic focus on disrupting essential public services and potentially undermining public trust. The targeting of technology & IT services organisations could indicate an attempt to leverage these entities for further attacks or to compromise supply chains," the report states. The analysis has identified 36 pro-Pakistan hacktivist groups behind the attacks while 14 pro-Indian groups were involved in counter attacks during the period.

According to the report, the top 10 pro-Pakistani threat actors who led the cyber offensive are Nation of Saviors (34 incidents), Keymous+ (26), Electronic Army Special Forces (25), KAL EGY 319 (16), GARUDA ERROR SYSTEM (15), AnonSec (14), Sylhet Gang-SG (13), Mr Hamza (11), Dark Cyber Gang (9) and INDOHAXSEC (8).

"These groups have aggressively pursued ideologically motivated cyber operations targeting Indian government domains, military assets, and financial platforms. Their tactics largely revolve around DDoS attacks, defacement campaigns, and selective data leaks, often coordinated through Telegram, X and other encrypted channels. The prominence of these actors underscores an organised and sustained campaign against Indian interests in cyberspace, leveraging real-world conflicts to justify digital aggression," according to the report.

“The physical war is highly proportional to digital war. When a single missile is launched in the physical space, thousands of missiles can be launched in the cyber space. The intention is to hit services directly. I believe that, gradually, maybe in the next 50 years, 50 per cent of the war will be fought in the digital space. Even the flood of fake news and misinformation we see is kind of a warfare. We started seeing a huge pattern of this during the Ukraine-Russian crisis, followed by the Israel-Palestine clash,” Nandakishore Harikumar, CEO, Technisanct, told Onmanorama.

The Technisanct report concluded that the cyber offensive targeting India following the Pahalgam attack represented a significant and evolving threat. “The high volume of incidents, the increasing number of participating threat actors, the focus on critical sectors, and the escalating daily activity underscore the urgent need for a robust and comprehensive national cybersecurity strategy that explicitly addresses both cyberattacks and related disinformation, while also considering the dynamics of cyber conflict escalation,” the document states.