India and Pakistan's Cyberwar Gets Worse

Tensions between India and Pakistan have dangerously escalated since the April 22 Pahalgam terror assault, which left 26 people dead in Jammu and Kashmir.  While the Line of Control (LoC) in Kupwara, Uri, and Akhnoor has been the scene of cross-border shooting for seven days in a row, a parallel fight is taking place online that is more difficult to identify, track down, and respond to.

A number of Indian digital assets were targeted in the early aftermath of the terror act.  The website of the Army College of Nursing was compromised on April 25.  The perpetrators wrote a provocative message in Urdu and English that was full of antagonistic references to the Two-Nation Theory and religious indoctrination.  The tone was similar to recent remarks made by Asim Munir, the chief general of the Pakistan Army, who is thought to have sparked the Pahalgam incident with a contentious speech that rekindled ideological tensions.

Soon after, cyberattacks attempted to access the portals of the Indian Air Force Placement Organization and the Army Welfare Housing Organization (AWHO), targeting Army Public Schools Ranikhet and Srinagar.  These assaults included attempted database invasions, Distributed Denial of Service (DDoS) attempts, and vandalism of websites.  Additionally, the hackers shared divisive posts that made fun of India's security apparatus and mentioned the 2019 arrest of IAF officer Abhinandan Varthaman.

Introducing the Cyber Adversaries: Internet of Khilafah, Transparent Tribe, and Team Insane PK

A well-known pro-Pakistani hacker collective known as Team Insane PK is at the vanguard of these cyberattacks.  The organization took credit for the website defacement at the Army College of Nursing.  According to intelligence assessments and cybersecurity professionals, the gang is responsible for more over 2,400 attacks under the #OpIndia campaign, including the hacking of Burger Singh's official website and high-profile disruptions ahead of the 2023 G20 Summit.

Another organization, the Internet of Khilafah (IOK), has been connected to the dissemination of anti-Indian propaganda and jihadi narratives through the hacking of government websites.  These organizations frequently obtain access by exploiting simple flaws in publicly accessible websites, leaving behind symbolic messages intended to sow division and inspire fear.

 Furthermore, through phishing efforts, the well-known Advanced Persistent Threat organization APT36 (Transparent Tribe), based in Pakistan, has used advanced tools like MeshAgent and CrimsonRAT.  Cybersecurity company Quick Heal discovered a PDF file called "Report & Update Regarding Pahalgam Terror Attack" linked to a spoof domain: indiadefencedepartment[.]link.  These phony portals are designed to look like legitimate Indian government websites in order to trick people into downloading malicious software.

For more than ten years, cybersecurity companies such as BlackBerry and Seqrite have linked the actions of Transparent Tribe to Pakistan's cyber-espionage network, which targets India's military, aerospace, and educational sectors.

Although secret data has not been lost as a result of these intrusions, Indian intelligence services caution about their strategic and symbolic importance.  These platforms were accessible to the public.  According to an official familiar with ongoing investigations, they targeted softer, more visible sites when national defense networks proved resistant.

 These attacks had purposefully psychological messaging; on compromised websites, phrases like "The next hit won't be bullets — it'll be bytes" were widely displayed.  Messages propagated misinformation narratives and fostered mistrust among Indian viewers by portraying the Pahalgam incident as a "inside job."

Experts in cybersecurity, such as Sundareshwar Krishnamurthy of PwC India, describe this as a classic instance of geopolitical hybrid warfare, in which digital and physical strikes are coordinated to increase impact.  "Cyberattacks are no longer sporadic disruptive acts...  According to him, they have evolved into intentional extensions of geopolitical strategy.  A estimated 10–15% increase in fraudulent ads using the Pakistani flag on OTT platforms, another means of covertly introducing propaganda into Indian digital spaces, raises even more concerns.

 Indian cyber units are currently conducting investigations and making concerted efforts to identify the source of the assaults, restrict phishing domains, and improve multi-layered cybersecurity safeguards throughout government agencies.  Authorities stress how urgently resilience-building is needed, particularly for public sector portals that frequently lack sophisticated safeguards.