15 lakh cyber attacks on Indian websites post Pahalgam horror traced to 7 Pakistan-allied hacking groups

In a disturbing revelation, Maharashtra Cyber on Monday confirmed that seven Advanced Persistent Threat (APT) groups were behind over 15 lakh cyber attacks on critical infrastructure websites across India following the Pahalgam terror strike. Of these, only 150 attacks were successful, officials said.

Hostilities Ceased, But Cyber Assaults Persist

Even after India and Pakistan agreed to halt military hostilities, Indian government websites continue to face relentless cyber assaults. These attacks have been traced to Pakistan, Bangladesh, and countries from the Middle East, officials added.

Related Articles

Now Playing

Addressing the media, a senior official from Maharashtra Cyber dismissed several circulating claims of major data breaches.

"The probe discovered that cyber attacks on (government websites in) India decreased after India-Pakistan ceased hostilities, but not fully stopped. These attacks continue from Pakistan, Bangladesh, Indonesia, Morocco, and Middle Eastern countries," the official said.

"Road of Sindoor" Reveals Cyber Warfare Network

The state’s nodal cyber agency has compiled its findings in a report titled "Road of Sindoor", named after the Indian military operation against terrorists launched post-Pahalgam. This report builds upon an earlier dossier, "Echoes of Pahalgam", which had also documented cyber threats following the terror incident.

The latest report has been submitted to key law enforcement bodies including the Director General of Police and the State Intelligence Department.

Seven APT Groups Identified 

According to Additional Director General of Police (Maharashtra Cyber) Yashasvi Yadav, the report attributes the cyber offensives to seven APT groups. These include:

• APT 36 (Pakistan-based)
• Pakistan Cyber Force
• Team Insane PK
• Mysterious Bangladesh
• Indo Hacks Sec
• Cyber Group HOAX 1337
• National Cyber Crew (Pakistan-allied)

“These groups collectively launched approximately 1.5 million targeted cyber attacks on Indian infrastructure,” Yadav said.

Attack Methods and Targets 

The attackers employed sophisticated tactics including malware campaigns, Distributed Denial-of-Service (DDoS) attacks, GPS spoofing, and website defacements. Among the 150 successful breaches:

• Kulgaon Badlapur Municipal Council website was defaced.
• The Defence Nursing College website in Jalandhar was also compromised.
• Hackers claimed to have stolen data from Chhatrapati Shivaji Maharaj International Airport (CSMIA) and telecom companies, with some of the data allegedly appearing on the darknet.

Despite these claims, officials said many attacks were successfully thwarted and that India’s critical infrastructure remained secure.

Hybrid Warfare and Misinformation Campaigns

Maharashtra Cyber’s report also warns of a hybrid warfare strategy involving misinformation campaigns orchestrated by Pakistan-allied hacker groups. These included false claims of:

• Hacking India's banking system
• Nationwide blackouts and power grid attacks
• Jamming satellites
• Disrupting the Northern Command
• Targeting a BrahMos missile storage facility

Maharashtra Cyber has identified and taken down over 5,000 cases of misinformation and fake news related to India-Pakistan military conflicts that were circulating on social media platforms.

Of the 80 specific misinformation cases flagged for takedown, 35 have been removed while action on the remaining 45 is still pending.

In light of the findings, Maharashtra Cyber has appealed to the public to refrain from believing or spreading unverified information online.