Over 650 cyber incidents were targeted at India's critical sectors in a coordinated offensive cyber campaign, launched by Pakistan-aligned state and non-state actors during heightened military tensions earlier this month.
Quick Heal Technologies’ Seqrite Labs, a malware analysis facility, identified spear-phishing attacks, malware infections, website defacements, and data leaks carried out by 35 hacktivist groups. Of these, seven groups are new entrants. These are — Death Slash Cyber Security, Rabbit Cyber Team, Red Wolf Cyber, Dark Cyber Gang, Moroccan Black Cyber Army, Ghosts of Gaza and Tengkorak Cyber Crew, the company said.
The cyber assault began on April 17, weeks before India's counterterrorism strikes between May 7-10. The attackers used malicious documents disguised as official advisories, named as “Final_List_of_OGWs.xlam” and “Preventive_Measures_Sindoor.ppam” to deploy malware.
At the heart of this digital siege was APT36, a Pakistan-linked advanced persistent threat (APT) group known for targeting Indian defense and government agencies, Seqrite said.
The attackers also spoofed legitimate Indian domains such as nationaldefensecollege[.]com and zohidsindia[.]com, using them to deliver payloads and communicate with command-and-control (C2) servers hosted at foreign locations. Infrastructure behind the operation was masked using VPS (virtual private servers) in Russia, Germany, Indonesia, and Singapore.
“This was not a standalone cyber espionage mission. It was a digitally coordinated war game,” Seqrite Labs said in a report released Friday. “APT36’s evolved tactics combined with simultaneous hacktivist disruptions show how cyber operations have merged with psychological warfare.”
Hacktivist groups used hashtags like #OpIndia and #OperationSindoor, claiming responsibility for data leaks from municipal databases, defense contractors, telecom operators and hospital networks.
“Operation Sindoor is a stark reminder of how modern conflicts transcend physical borders,” said Seqrite in its advisory. “The convergence of nation-state cyber units and ideologically driven hacktivists signals a new era of digital warfare—one designed to sow disruption, distrust, and disinformation.”
Quick Heal Technologies’ Seqrite Labs, a malware analysis facility, identified spear-phishing attacks, malware infections, website defacements, and data leaks carried out by 35 hacktivist groups. Of these, seven groups are new entrants. These are — Death Slash Cyber Security, Rabbit Cyber Team, Red Wolf Cyber, Dark Cyber Gang, Moroccan Black Cyber Army, Ghosts of Gaza and Tengkorak Cyber Crew, the company said.
The cyber assault began on April 17, weeks before India's counterterrorism strikes between May 7-10. The attackers used malicious documents disguised as official advisories, named as “Final_List_of_OGWs.xlam” and “Preventive_Measures_Sindoor.ppam” to deploy malware.
At the heart of this digital siege was APT36, a Pakistan-linked advanced persistent threat (APT) group known for targeting Indian defense and government agencies, Seqrite said.
The attackers also spoofed legitimate Indian domains such as nationaldefensecollege[.]com and zohidsindia[.]com, using them to deliver payloads and communicate with command-and-control (C2) servers hosted at foreign locations. Infrastructure behind the operation was masked using VPS (virtual private servers) in Russia, Germany, Indonesia, and Singapore.
“This was not a standalone cyber espionage mission. It was a digitally coordinated war game,” Seqrite Labs said in a report released Friday. “APT36’s evolved tactics combined with simultaneous hacktivist disruptions show how cyber operations have merged with psychological warfare.”
Hacktivist groups used hashtags like #OpIndia and #OperationSindoor, claiming responsibility for data leaks from municipal databases, defense contractors, telecom operators and hospital networks.
“Operation Sindoor is a stark reminder of how modern conflicts transcend physical borders,” said Seqrite in its advisory. “The convergence of nation-state cyber units and ideologically driven hacktivists signals a new era of digital warfare—one designed to sow disruption, distrust, and disinformation.”
You may also like
Tom Grennan stuns Radio 1 Big Weekend crowd with four huge guests including Spice Girl
Fiona Phillips beams in first photo in a year as she opens up on Alzheimer's diagnosis
Westminster fire LIVE: 70 firefighters tackle devastating sixth floor blaze
PM Modi will lay foundation stone and inaugurate projects worth Rs 82,500 crore: Gujarat Minister Harsh Sanghvi
Tripura government developing infrastructure to support AI and 5G development: CM Manik Saha
