Hackers strike hard: Over one million cyber attacks on India since Pahalgam terror attack

The cyber attacks have originated primarily from Pakistan, West Asia, Morocco, and Indonesia. Representation Pic/istock

In the aftermath of the terror attack in Pahalgam, Jammu and Kashmir, India now faces a new threat in the form of cyber warfare. A recent report titled ‘Echoes of Pahalgam', prepared by the Maharashtra Cyber Cell, has revealed a sharp surge in cyber attacks targeting India, with nearly 10 lakh attempted breaches recorded since April 23. The report indicates that the education, defence, banking, and communication sectors are the primary targets. "All departments concerned have been alerted accordingly. The report has been issued to ensure that people are aware of the threat and can take necessary precautionary measures," Yashasvi Yadav, ADG, Maharashtra Cyber, told mid-day.

Following the Pahalgam attack, there has been a significant escalation in cyber attacks on Indian digital infrastructure. This is not merely a series of random hacks - it's a coordinated cyber war," he added. The report identifies the origins of these cyber attacks as being primarily from Pakistan, the West Asia, Morocco and Indonesia. Most of the attackers claim affiliation with Islamic cyber groups. The most active among them is Team Insane PK - a known Pakistani Advanced Persistent Threat (APT) group. This group has reportedly targeted websites of the Army College of Nursing, Sainik Welfare Boards and several Army Public Schools.

Hackers target vulnerabilities in websites, according to experts. Representation pic

The report has revealed that the primary modus operandi of these attackers involves website defacement, establishing command and control through web protocols and exploiting vulnerabilities in Content Management Systems (CMS). In simple terms, they target weaknesses in the online resources of websites - plugins, outdated software, or misconfigured settings - and use these vulnerabilities to compromise the site. Once access is gained, they often deface the website by altering its appearance or posting unauthorised content.

They have seen a significant degree of success using these tactics, which encouraged them to carry out such attacks more frequently. The number of these website defacement attacks is increasing with each passing day, posing a growing threat to digital infrastructure and online security. The report also suggests that a highly active hacker group from Bangladesh called Mysterious Team Bangladesh (MTBD) has made a significant appearance in the cyber warfare domain. "This group is particularly known for carrying out major cyber attacks such as DDoS (Distributed

Denial of Service) and DNS flood attacks. These attacks involve sending an overwhelming number of requests to a system, causing it to crash or become non-functional," Yadav said. According to Maharashtra Cyber, MTBD has reportedly targeted several Indian digital platforms, including education portals and rating forums, and created several clone websites. Their target sectors also extend to critical domains such as e-governance platforms, state-level portals, and the banking sector.

Further, the report shed light on another prominent group called Indo Hax Sec from Indonesia, which has claimed responsibility for multiple cyber intrusions. According to their statements, they have targeted and breached databases of Indian telecom firms and exploited local admin panels using default credentials. Their activities also include publishing leaked data on the dark web. Notably, they released documents under the names Root Express and Gara Leaks, containing sensitive information and access data.

From West Asia, a hacker group named Golden Falcon, is known for deploying malware into targeted systems. "Maharashtra Cyber found that the group recently released a report on the dark web titled ‘Falcon Dump Leaks Site', which details multiple attacks on Indian IT resources," Yadav said. These attacks began around April 23, and several were reported to have been successful. While Maharashtra Cyber has managed to block some of these intrusions, the report warns that India's critical infrastructure - including railways, banking systems and government portals - remains under serious threat.

One of the most alarming findings is the leakage of terabytes of Indian telecom data on the dark web, raising serious concerns about the nation's cyber defence capabilities. Yadav stated that agencies have been urged to strengthen their cyber defences by conducting red team assessments, DDoS failover tests and comprehensive system audits.