Over 650 cyber incidents were targeted at India's critical sectors in a coordinated offensive cyber campaign, launched by Pakistan-aligned state and non-state actors during heightened military tensions earlier this month.
Quick Heal Technologies’ Seqrite Labs, a malware analysis facility, identified spear-phishing attacks, malware infections, website defacements, and data leaks carried out by 35 hacktivist groups. Of these, seven groups are new entrants. These are — Death Slash Cyber Security, Rabbit Cyber Team, Red Wolf Cyber, Dark Cyber Gang, Moroccan Black Cyber Army, Ghosts of Gaza and Tengkorak Cyber Crew, the company said.
The cyber assault began on April 17, weeks before India's counterterrorism strikes between May 7-10. The attackers used malicious documents disguised as official advisories, named as “Final_List_of_OGWs.xlam” and “Preventive_Measures_Sindoor.ppam” to deploy malware.
At the heart of this digital siege was APT36, a Pakistan-linked advanced persistent threat (APT) group known for targeting Indian defense and government agencies, Seqrite said.
The attackers also spoofed legitimate Indian domains such as nationaldefensecollege[.]com and zohidsindia[.]com, using them to deliver payloads and communicate with command-and-control (C2) servers hosted at foreign locations. Infrastructure behind the operation was masked using VPS (virtual private servers) in Russia, Germany, Indonesia, and Singapore.
“This was not a standalone cyber espionage mission. It was a digitally coordinated war game,” Seqrite Labs said in a report released Friday. “APT36’s evolved tactics combined with simultaneous hacktivist disruptions show how cyber operations have merged with psychological warfare.”
Hacktivist groups used hashtags like #OpIndia and #OperationSindoor, claiming responsibility for data leaks from municipal databases, defense contractors, telecom operators and hospital networks.
“Operation Sindoor is a stark reminder of how modern conflicts transcend physical borders,” said Seqrite in its advisory. “The convergence of nation-state cyber units and ideologically driven hacktivists signals a new era of digital warfare—one designed to sow disruption, distrust, and disinformation.”
Quick Heal Technologies’ Seqrite Labs, a malware analysis facility, identified spear-phishing attacks, malware infections, website defacements, and data leaks carried out by 35 hacktivist groups. Of these, seven groups are new entrants. These are — Death Slash Cyber Security, Rabbit Cyber Team, Red Wolf Cyber, Dark Cyber Gang, Moroccan Black Cyber Army, Ghosts of Gaza and Tengkorak Cyber Crew, the company said.
The cyber assault began on April 17, weeks before India's counterterrorism strikes between May 7-10. The attackers used malicious documents disguised as official advisories, named as “Final_List_of_OGWs.xlam” and “Preventive_Measures_Sindoor.ppam” to deploy malware.
At the heart of this digital siege was APT36, a Pakistan-linked advanced persistent threat (APT) group known for targeting Indian defense and government agencies, Seqrite said.
The attackers also spoofed legitimate Indian domains such as nationaldefensecollege[.]com and zohidsindia[.]com, using them to deliver payloads and communicate with command-and-control (C2) servers hosted at foreign locations. Infrastructure behind the operation was masked using VPS (virtual private servers) in Russia, Germany, Indonesia, and Singapore.
“This was not a standalone cyber espionage mission. It was a digitally coordinated war game,” Seqrite Labs said in a report released Friday. “APT36’s evolved tactics combined with simultaneous hacktivist disruptions show how cyber operations have merged with psychological warfare.”
Hacktivist groups used hashtags like #OpIndia and #OperationSindoor, claiming responsibility for data leaks from municipal databases, defense contractors, telecom operators and hospital networks.
“Operation Sindoor is a stark reminder of how modern conflicts transcend physical borders,” said Seqrite in its advisory. “The convergence of nation-state cyber units and ideologically driven hacktivists signals a new era of digital warfare—one designed to sow disruption, distrust, and disinformation.”
You may also like
Inside Spain's 'zombieland' airport dubbed 'hidden city' as homelessness takes over
Pahalgam terror attack meant to create fear psychosis, sow religious discord: Jaishankar
Tourist who's visited all 197 countries in world names Asia's worst - 'not exciting!'
Gorgeous cove is so beautiful people travel from all over the world to see it
Princess Eugenie reveals her surprising tea order - and it's not what we expected
