As territorial tensions between India and Pakistan reached new heights in May 2025, after the Pahalgam terror attacks of April 2025, a less visible but equally concerning conflict erupted across cyberspace.
SurveyWhile artillery exchanges and gun fire dominate headlines, this shadow war directly impacts the cybersecurity preparedness of India’s critical infrastructure and national security.
Security analysts tracking the digital confrontation have documented a sharp spike in targeted cyber operations since the Pahalgam incident, with attacks growing in both frequency and technical sophistication.
Also read: Deepfake AI to quantum ransomware: Top cybersecurity threats of 2025
Below are some more examples of recent cyberattacks and cybersecurity incidents reported in India after the Pahalgam terror attacks.
Defence cyber data breaches
Pakistani hacker groups, notably the “Pakistan Cyber Force,” claimed to have breached sensitive data from Indian defence institutions such as the Military Engineer Services (MES) and the Manohar Parrikar Institute of Defence Studies and Analyses (MP‑IDSA), compromising login credentials and personal information of defence personnel.
According to an ET report, the group alleges it exfiltrated over 10 GB of data – including names, service numbers, and email addresses – raising fears of identity theft and spear‑phishing against military officers. In response, India’s CERT‑In and the National Critical Information Infrastructure Protection Centre (NCIIPC) reportedly launched urgent investigations and issued “high‑risk” advisories to all defence networks, warning that the stolen credentials could be reused in follow‑on attacks.
Cybersecurity experts caution that these databases, once in the wild, often become “commodity” on dark‑web forums, enabling deeper probes into critical systems months after the initial breach.
Defence websites defaced
It was also reported by Times Now that the official website of Armoured Vehicles Nigam Limited (AVNL), a key defence public sector unit, was defaced with the Pakistan flag and images of the Al Khalid tank, turning a routine web portal into a staged propaganda banner. This symbolic attack forced AVNL to take its site offline for a comprehensive security audit and malware forensic analysis, highlighting how quickly even PSUs can be leveraged for psychological operations.
Senior MoD officials have since mandated multi‑factor authentication and regular “red‑team” drills across all defence contractor portals to harden defences against similar defacements.
Targeting of military‑linked educational institutions
Websites of Army Public School Nagrota, Sunjuwan, and the Army Institute of Hotel Management were hit with defacements, where hacker crews “HOAX1337” and “National Cyber Crew” posted inflammatory messages mocking Pahalgam terror victims and undermining morale among students and staff, according to several news reports.
In several cases, these defacements were paired with small‑scale DDoS floods. Cyber sleuths traced the attacks to Pakistan‑based IP clusters previously linked to pro‑state hacktivism, suggesting coordination with more sophisticated APT groups probing deeper targets, suggested reports.
Following these episodes, the Indian Army’s Cyber Emergency Response Team (CERT‑A) fast‑tracked a joint exercise with SAARC CERTs to rehearse rapid site‑remediation and public‑reassurance messaging within 30 minutes of any future breach.
Rise in phishing and malware campaigns
Cybersecurity experts at Seqrite, an Indian cybersecurity company, have uncovered a sophisticated phishing campaign orchestrated by the Pakistan-linked threat group APT36. According to Seqrite, the group is targeting the Indian government by using malicious documents disguised as reports and updates related to the Pahalgam incident.
These deceptive files, often distributed via fake domains mimicking the Jammu & Kashmir Police and the Indian Air Force, employ PowerPoint add-ons with malicious macros to deploy the Crimson RAT payload. By leveraging current events and crafting lures around government and defense-related themes, APT36 aims to infiltrate systems and extract sensitive information.
Also read: Cyberattacks on Indian education sector surge with over 8,000 weekly attacks, report reveals
Security operations centres (SOCs) have since updated their threat‑hunts to flag PPAM and XLAM attachments during conflict‑related spikes, slashing dwell time from days to under four hours, according to some online tweets.
Rise in disinformation and malicious Ads
According to an ET report, digital manipulation tactics saw a notable 10–15% surge in malicious ad placements on Indian OTT platforms – often bearing the Pakistani flag or fake headlines – to subtly push propaganda into living rooms while viewers streamed content.
Simultaneously, social‑media bots amplified disinformation campaigns, retweeting deepfakes of senior officers and falsified casualty counts to sow confusion and distrust among the public. Fraud‑detection firms like mFilterIt report that 70% of their enterprise clients observed a spike in misleading “system update” and “live emergency alert” banners embedded within video players, hijacking ad slots for malicious redirects.
To counter this, OTT services have begun integrating client‑side ad‑verification SDKs and collaborating with CERT‑In to pre‑screen geopolitical keywords in ad feeds during elevated threat periods.
Also read: Cybersecurity 101: Common cyber threats and online safety concepts explained
Follow Us
Team Digit
Team Digit is made up of some of the most experienced and geekiest technology editors in India! View Full Profile
