New Delhi: While India executed complex military operations to neutralise terror threats across its borders, an equally intense battle has been playing out in cyberspace.
During Operation Sindoor, a precision counter-terror campaign by Indian defence forces targeting nine major terror bases in Pakistan and Pakistan-occupied Kashmir (PoK), the country has found itself the target of an orchestrated barrage of cyberattacks. From defence PSUs and power grids to educational institutions and digital payment platforms, India’s digital backbone has come under siege, forcing the nation to fortify its cyber defences like never before.
But all these instances are nothing new to India, as a newly released report revealed that Indian educational and research institutions have endured an alarming average of 8,487 cyberattacks per week over the past six months.
Even earlier this month, Prime Minister Narendra Modi voiced serious concern over a sharp rise in cyberattacks following the recent terror incident in Pahalgam, disclosing that more than 10 crore attacks have occurred since the strike.
Surge in CyberattacksÂ
Union Power Minister Manohar Lal Khattar recently disclosed that close to two lakh cyberattacks were attempted against India’s power infrastructure over a period of just eight to ten days during Operation Sindoor.
These were not ordinary breaches. As understood, they represented an onslaught by hostile state-sponsored actors and ideologically motivated hacktivist groups seeking to destabilise India’s operational systems during a time of heightened military engagement.
The minister confirmed that the attacks were successfully thwarted without any reported damage, thanks to proactive intervention by cybersecurity teams.
Not an Isolated Event
Cybersecurity firms such as Radware, FalconFeeds.io, and Technisanct have pointed to a coordinated and escalating pattern of cyber aggression against India in the aftermath of the April 22 Pahalgam terror attack, which triggered Operation Sindoor.
According to Radware’s special cybersecurity alert, DDoS (Distributed Denial of Service) attacks intensified between 7 May and 10 May, peaking on 7 May, with up to seven claimed DDoS attacks per hour.
Most of these attacks were directed at government organisations (over 75 per cent), but the range of targeted entities also included defence PSUs, transportation services like Indian Railways and airlines, telecom companies such as BSNL, stock exchanges, fintech platforms like UPI and digital wallets, and other strategic infrastructure.
Hacktivist Groups and Tactics
India’s adversaries in this cyber offensive included a wide network of state-backed hackers and hacktivist groups from Pakistan, Bangladesh, Malaysia, Turkey, Indonesia, and groups with possible Chinese backing.
Active threat actors named in investigations include AnonSec, Hamza, Anonymous VNLBN, Arabian Hosts, Islamic Hacker Army, Sylhet Gang, Red Wolf Cyber and Iran-linked Vulture.
These groups carried out a variety of attacks: website defacements, DDoS campaigns, ransomware deployment attempts, and targeted API server attacks.
Notably, the Pakistani group Team Insane PK claimed responsibility for attempting to breach high-value targets including Armoured Vehicle Nigam Ltd (AVNL), the Military Engineering Service and the Manohar Parrikar Institute for Defence Studies and Analyses.
While some of these attacks were unsuccessful or quickly mitigated, they demonstrated the attackers’ intent to sabotage, embarrass, or extract sensitive defence data.
Several Army Public School websites, including APS Nagrota, APS Sunjuwan and the Army College of Nursing in Jalandhar, were targeted, with one instance involving graphic imagery and inflammatory messages referencing the Pahalgam attack.
These campaigns appear to be timed with real-world military operations to amplify psychological impact and international visibility.
Another alarming tactic was the use of command-and-control (C2) servers hosted within India, often purchased via cryptocurrency or stolen credit cards, to launch attacks that appeared to originate domestically.
This makes detection more difficult and attribution more ambiguous, underlining a new phase in cyber warfare that leverages local infrastructure for external interests.
Check Point’s Revelations: Education Sector Under Cyber Siege
While over the years, government and defence institutions have remained the primary focus of national cybersecurity efforts, a new vulnerable front has emerged, which is the education sector.
According to the latest Threat Intelligence Report by Check Point Software Technologies, Indian educational and research institutions have been facing a staggering average of 8,487 cyberattacks per week over the past six months, the second highest globally after healthcare and nearly double the global average of 4,368 attacks.
This level of exposure dwarfs even India’s average across sectors, which stands at 3,278 attacks per week, compared to the global average of 1,934. Other high-risk sectors include healthcare (5,401 attacks), government/military (4,808) and consulting (4,204).
The report attributes this surge in education-related cyberattacks to a combination of factors:
- The rapid shift to hybrid learning and digital campuses has expanded the attack surface.
- Extensive use of personal devices and open internet platforms.
- Inadequate cybersecurity infrastructure and budget in academic institutions.
- Limited awareness and lack of dedicated IT security teams.
Notably, 74 per cent of Indian organisations reported critical vulnerabilities related to information disclosure, followed by remote code execution (62 per cent), authentication bypass (50 per cent), and denial of service (30 per cent).
Three key malware strains have dominated India’s cyber threat landscape. This includes:
- Remcos, a Remote Access Trojan, has impacted 11.7 per cent of Indian organisations, three times the global average. Delivered via malicious Office attachments, Remcos provides attackers with full control over infected systems while remaining undetected by traditional antivirus tools.
- FakeUpdates (SocGholish), affecting 7.2 per cent of organisations, uses compromised but legitimate websites to trick users into installing fake browser updates.
- Formbook, an infostealer malware, has infected 6.8 per cent of Indian entities by capturing login credentials, keystrokes, and screen captures. It is often disseminated through phishing campaigns or spoofed services.
These threats underscore a troubling trend. Attackers are relying on familiar, inexpensive and easily replicable techniques, capitalising on inconsistent cybersecurity hygiene and low awareness levels across sectors.
Strategic Vigilance
India’s digital infrastructure is currently in a critical state of exposure. With over 2,500 government and private entities targeted between 22 April and 10 May alone, the need for a nationwide cybersecurity overhaul is urgent.
In the education sector, especially, there is a call for:
- Dedicated security teams
- Increased cybersecurity budgets
- Adoption of a hybrid mesh security architecture
- Integration of cloud-native threat intelligence and endpoint protection
Authorities are also working to combat misinformation and fake news campaigns that accompany these cyberattacks, particularly on social media platforms and have vowed strict action under existing IT rules to prevent unrest.
As traditional warfare extends into the digital realm, cybersecurity has evolved from a back-office function to a critical pillar of national defence.
Discussion about this post