Maharashtra Cyber, the state’s nodal agency for cybersecurity, has identified seven Advanced Persistent Threat (APT) groups behind over 1.5 million cyberattacks targeting India’s critical infrastructure websites in the wake of the Pahalgam terror strike. Despite the recent India-Pakistan ‘stoppage of firing’ agreement, cyber assaults from Pakistan, Bangladesh, and several Middle Eastern countries continue to target Indian government websites, with only 150 attacks succeeding, officials revealed on Monday (May 12).
In a press briefing, Additional Director General of Police (ADGP) Yashasvi Yadav, head of Maharashtra Cyber, detailed the findings of a comprehensive report titled ‘Road of Sindoor,’ named after the Indian armed forces’ military operation targeting terrorist bases in Pakistan and Pakistan-occupied Kashmir (PoK).
The report, submitted to key agencies, including the Director General of Police and the State Intelligence Department, exposes a sophisticated cyber warfare campaign orchestrated by Pakistan-allied hacking groups, alongside actors from Bangladesh, Indonesia, and the Middle East.
Scale and Scope of the Attacks
According to the Road of Sindoor report, the seven identified APT groups—APT 36 (Pakistan-based), Pakistan Cyber Force, Team Insane PK, Mysterious Bangladesh, Indo Hacks Sec, Cyber Group HOAX 1337, and National Cyber Crew (Pakistan-allied)—collectively launched approximately 1.5 million targeted cyberattacks.
These attacks employed a range of methods, including malware campaigns, Distributed Denial-of-Service (DDoS) attacks, GPS spoofing, and website defacement.
“The probe discovered that cyber attacks on India decreased after India-Pakistan ceased hostilities, but not fully stopped. These attacks continue from Pakistan, Bangladesh, Indonesia, Morocco, and Middle Eastern countries,” Yadav told reporters.
While the vast majority of attacks were thwarted, 150 were successful, including the defacement of the Kulgaon Badlapur Municipal Council website and the website of the Defence Nursing College in Jalandhar. Hackers also claimed to have stolen data from Chhatrapati Shivaji Maharaj International Airport (CSMIA) and telecom companies, with some of the stolen data allegedly surfacing on the darknet.
However, Yadav debunked several high-profile claims by hackers, including alleged breaches of aviation systems, municipal networks, and the Election Commission website, asserting that no sensitive data was compromised in these cases.
Hybrid Warfare and Misinformation Campaigns
The Road of Sindoor report, a follow-up to Maharashtra Cyber’s earlier Echoes of Pahalgam report, highlights a broader hybrid warfare strategy employed by Pakistan-allied groups. Beyond direct cyberattacks, these groups have waged widespread misinformation campaigns to destabilise public confidence in India’s security apparatus.
False narratives propagated by the hackers included claims of attacks on India’s banking system, statewide power outages, satellite jamming, disruption of the Northern Command, and an alleged assault on a BrahMos missile storage facility.
Maharashtra Cyber identified and removed over 5,000 instances of misinformation and fake news related to the India-Pakistan conflict circulating on social media platforms. Of 80 specific cases flagged for removal, 35 have been taken down, with 45 still pending action.
“We urge citizens not to believe in or spread misinformation and to verify news through trusted and official sources,” Yadav emphasised, underscoring the agency’s efforts to counter the psychological warfare component of these attacks.
Robust Defence and Ongoing Vigilance
Despite the scale of the cyber offensive, Maharashtra Cyber’s proactive measures ensured that India’s critical infrastructure remained largely secure. “Many such attacks were thwarted, and the critical infrastructure of India was saved,” Yadav stated, crediting the agency’s advanced monitoring and rapid response capabilities. The agency’s collaboration with national and state-level law enforcement has been instrumental in tracking and mitigating these threats.
The continued cyberattacks, even after the stoppage of firing, signal a persistent challenge for India’s cyber defences, particularly as adversaries employ increasingly sophisticated tactics. The involvement of groups from multiple countries, including Bangladesh, Indonesia, and Morocco, points to a coordinated effort to target India’s digital infrastructure, raising concerns about the global nature of the threat.
Call for Public Awareness
As the cyber warfare landscape evolves, Maharashtra Cyber has called for heightened public awareness to combat misinformation and fake news. The agency’s efforts to educate citizens about verifying information through official channels aim to reduce the impact of false narratives that could erode trust in government institutions.
