A wave of hacktivist claims of assaults towards Indian digital infrastructure has sparked alarm in latest weeks, with over 100 purported breaches throughout authorities, academic and significant sectors amid geopolitical tensions between India and Pakistan.
Nevertheless, a brand new investigation by CloudSEK means that the true harm is minimal, with many assertions both exaggerated or totally fabricated.
Essentially the most notable hacktivist teams, together with Nation Of Saviors, KAL EGY 319 and SYLHET GANG-SG, amongst others, claimed to have compromised distinguished targets, together with the Election Fee of India and the Prime Minister’s Workplace.
But CloudSEK analysts discovered that these disruptions had been largely symbolic. Defaced web sites had been typically restored inside minutes, leaked information turned out to be public or recycled and Distributed Denial of Service (DDoS) assaults induced negligible downtime.
What Hacktivists Claimed vs What Occurred
Regardless of claims of 247 GB of delicate authorities information being exfiltrated from India’s Nationwide Informatics Centre, the leaked “proof” amounted to only 1.5 GB of public media recordsdata. Equally, information allegedly stolen from the Andhra Pradesh Excessive Courtroom consisted largely of case metadata already obtainable on-line. Different claimed assaults, together with breaches of the Indian Military and Election Fee, had been uncovered as both outdated or outright fabricated.
Learn extra on cyber-attacks focusing on India: Cell Malware Concentrating on Indian Banks Exposes 50,000 Customers
In keeping with CloudSEK, a lot of the hype across the supposed breaches has been fueled by Pakistan-linked accounts on X (previously Twitter). These embody P@kistanCyberForce and CyberLegendX, which amplify unverified claims and hyperlink them to ongoing operations like Operation Sindoor and Bunyan Al Marsous.
Regardless of their visibility, most claims stay unsupported by any credible proof of system compromise or disruption.
APT36: The Actual Risk Behind the Curtain
In the meantime, a reportedly extra critical cyber menace to India is gaining momentum behind the noise. The superior persistent menace group APT36, identified for its affiliation with Pakistan, has launched a complicated phishing marketing campaign to infiltrate Indian authorities and protection networks.
Following the April 2025 Pahalgam terror assault in Indian-administered Kashmir, APT36 leveraged emotionally charged lures to ship Crimson RAT malware via phishing emails disguised as authorities briefings in PowerPoint or PDF codecs. These malicious paperwork directed customers to spoofed domains resembling official Indian web sites, tricking victims into handing over credentials or executing malware.
Crimson Rat is a distant entry Trojan used to take distant management of contaminated techniques and steal information.
Within the latest APT36 marketing campaign, as soon as put in, Crimson RAT related to a command server, permitting distant attackers to exfiltrate recordsdata, seize screenshots and execute over 20 totally different instructions on contaminated techniques. Its stealth, persistence and focusing on of protection networks mark it as a high-risk espionage instrument.
“As soon as the malware has collected delicate information, similar to screenshots, recordsdata or system data, it sends this information again to the C2 server for additional evaluation by the attackers,” CloudSEK stated. “This course of is designed to be discreet, minimizing the probabilities of detection by safety software program.”
As India continues to watch hacktivist exercise, the necessity for vigilance towards extra covert and succesful actors like APT36 is obvious.
