A wave of cyber-espionage orchestrated by Pakistan’s Inter-Services Intelligence (ISI) has put India’s frontier regions, defence experts, and journalists on edge. Intelligence sources have uncovered a covert operation involving fraudulent phone calls impersonating Indian Army and Indian Air Force (IAF) officials, aimed at extracting sensitive information related to India’s ongoing military offensive, Operation Sindoor.
This escalation in cyber warfare, blending psychological tactics with modern digital tools, has prompted urgent warnings from authorities and heightened national security measures.
Suspicious calls target border residents and defence experts
The alarm was raised following a surge in suspicious phone activity reported in the Khajuwala sector, near the India-Pakistan border. Amarjeet Chawla, Circle Officer of Khajuwala, confirmed the reports, stating, “It’s true that people are getting fake calls. These callers are trying to gather information about military movements and operations.” He urged residents to report any suspicious contact to the police immediately and cautioned against sharing any information with unknown callers.
Authorities have traced one of the Indian mobile numbers used in the scheme, starting with the prefix “73,” to an ISI operative. The callers, posing as high-ranking military officers, bolster their credibility by sending fake identification documents via WhatsApp.
This tactic has shifted the ISI’s focus to “soft targets,” including defence journalists, analysts, and digital media figures, who are lured into conversations designed to elicit classified details about troop movements, airstrike plans, and even India’s nuclear command.
Cyber defence experts describe this as a hallmark of the ISI’s psychological warfare strategy, combining traditional espionage with modern digital deception. “The use of WhatsApp for sharing doctored IDs is a sophisticated attempt to exploit trust,” said a senior cybersecurity official, speaking anonymously. “This isn’t just digital fraud—it’s espionage aimed at undermining national security.”
Context: Operation Sindoor and Pakistan’s setbacks
The spike in cyber activity coincides with Pakistan’s setbacks under Operation Sindoor, India’s military offensive targeting terrorist bases in Pakistan and Pakistan-occupied Jammu-Kashmir (PoJK). Sources indicate that incidents such as a suspected radiation leak in Pakistan’s Kirana Hills and sightings of advanced US-made B-350 reconnaissance aircraft have rattled Pakistan’s defence establishment.
In response, the ISI appears to have resorted to desperate measures to bridge intelligence gaps through deceptive and illegal means.
Nationwide response and public advisory
The Ministry of Defence and cybersecurity agencies are treating the situation with utmost urgency. Public Relations Officers (PROs) in the armed forces have been instructed to escalate any unsolicited or suspicious communications received by defence correspondents.
The Ministry of Home Affairs is preparing to issue a public advisory, particularly targeting residents of border areas, to remain vigilant.
Authorities have outlined clear guidelines to protect civilians and journalists from falling prey to these schemes:
1) Avoid answering calls from unknown or international numbers, especially those with unusual prefixes.
2) Verify identities through official channels before engaging in discussions about national defence.
3) Report suspicious interactions to the nearest cyber police unit immediately.
Defence reporters and analysts are urged to exercise heightened caution and refrain from sharing operational details, even casually.
Maharashtra cyber report exposes broader Cyber Warfare
The cyber-espionage calls are part of a broader, sophisticated cyber warfare campaign targeting India’s critical infrastructure. On May 12, 2025, Maharashtra Cyber, the state’s nodal cybersecurity agency, released a comprehensive report titled ‘Road of Sindoor,’ named after India’s military operation. The report, submitted to the Director General of Police and the State Intelligence Department, details the activities of seven Advanced Persistent Threat (APT) groups responsible for over 1.5 million cyberattacks since the Pahalgam terror attack on April 22, 2025.
The identified APT groups—APT 36 (Pakistan-based), Pakistan Cyber Force, Team Insane PK, Mysterious Bangladesh, Indo Hacks Sec, Cyber Group HOAX 1337, and National Cyber Crew (Pakistan-allied)—have employed tactics including malware campaigns, Distributed Denial-of-Service (DDoS) attacks, GPS spoofing, and website defacement.
These attacks targeted government websites, aviation systems, and municipal networks, with hackers claiming to have stolen data from Chhatrapati Shivaji Maharaj International Airport (CSMIA) and telecom companies, some of which allegedly appeared on the darknet.
Additional Director General of Police (ADGP) Yashasvi Yadav, head of Maharashtra Cyber, revealed that while 1.5 million attacks were launched, only 150 succeeded. Notable breaches included the defacement of the Kulgaon Badlapur Municipal Council website and the Defence Nursing College website in Jalandhar.
However, Yadav debunked several high-profile claims by hackers, including alleged compromises of aviation systems, municipal networks, and the Election Commission website, asserting that no sensitive data was lost in these cases.
Yadav noted a decline in attack frequency following the India-Pakistan “stoppage of firing” agreement, but emphasised that cyberattacks from Pakistan, Bangladesh, Indonesia, Morocco, and several Middle Eastern countries persist. “The probe discovered that cyber attacks on India decreased after India-Pakistan ceased hostilities, but not fully stopped,” he told reporters during a press briefing.
Call for Vigilance
As India bolsters its digital defences, the Road of Sindoor report highlights the resilience of the nation’s cybersecurity infrastructure, with the vast majority of attacks thwarted. However, the ongoing threat from Pakistan-allied hacking groups and the ISI’s cyber-espionage campaign highlight the need for continued vigilance.
The authorities continue to strengthen digital defences and urge public cooperation in maintaining the country’s cybersecurity integrity. As India’s security apparatus ramps up its efforts, officials emphasise that safeguarding national security is a collective responsibility.
