Cyber Attacks by Pakistan

Following the Pahalgam terror attack, Pakistani-affiliated hacker groups conducted a range of cyber-attacks against Indian targets, even though none of them created any significant disruption. Websites associated with the armed forces were subjected to web defacement and online disruptions. Despite the fact that these intrusions were successfully thwarted by relevant agencies, Cherian Samuel (Research Fellow in the Strategic Technologies Centre at the Manohar Parrikar Institute for Defence Studies and Analyses) and  Rohit Kumar Sharma (Research  Analyst, at the Manohar Parrikar Institute for Defence Studies and Analyses (MP-IDSA), New Delhi) write “the uptick in cyber-attacks reflects a pattern seen in hot zones in Europe and West Asia.”

Pakistan’s Cyber Strategy

Pakistani aggression in the cyber realm, according to the two authors “can be categorised as Advanced Persistent Threat (APT) and hacker group activity, misinformation through social media platforms, and online activities by terror outfits. Pakistan-based APT groups actively targeted Indian infrastructure, conducting somewhat sophisticated and sustained operations against India’s interests. For instance, the APT actor, APT36 or Transparent Tribe, a threat group attributed to Pakistan, has been active since 2013,  and has primarily targeted Indian defence, government and diplomatic entities.”

Another Pakistan-based APT actor, Sidecopy, according to the authors “has also been active, sending out phishing emails impersonating official entities and delivering malware through fake domains mimicking legitimate services. During the conflict, Indian agencies identified seven APT groups operating against India that were also responsible for over 15 lakh cyber attacks. Most of these attacks reportedly originated from Pakistan, Bangladesh and the West Asian region…..”

Hacker group activity

Hacker group activity was “much less consequential, and was largely found to be exaggerated. Such claims were largely disseminated through social media with screenshots of apparently successful hacks. Upon examination, most of these were found to be repackaging of earlier inconsequential breaches or databases without sensitive information. Many of these groups also claimed to be based in other countries.

“Nonetheless, they provided grist to disinformation campaigns at a time when uncertainty about the crisis was widespread. The aim was to spread deceptive, misleading, or biased information, usually through troll accounts, automated bots and coordinated mass messaging on platforms such as Twitter, Facebook and WhatsApp.”

60 fact-checks by India

A manual count shows that the Press Information Bureau (PIB) issued more than 60 fact-checks over five days to counter this tsunami of misinformation. This included claims that an Indian Sukhoi Su-30MKI fighter jet had been shot down in Pakistan-Occupied Kashmir (POK) and that an Indian pilot was captured. According to the PIB, the photo being used to support the claim shows a Sukhoi jet that had crashed in Maharashtra in 2014.

Use of polarising hashtags

These manipulated stories, false narratives, deepfakes, fake or misattributed imagery, and fabricated news stories were further amplified, write the authors  “through the use of polarising hashtags. Even independent experts were sometimes taken in by this flood of misinformation, which left little time for authentication and sometimes unwittingly contributed to the further spread of the canards….”

Use of cyberspace for recruitment, propaganda, communication, funding etc

In addition, terror outfits such as Lashkar-e-Taiba (LeT) and Jaish-e-Mohammad have leveraged cyberspace extensively for recruitment, propaganda, communication, funding, planning and executing attacks. Internet and social media platforms—including Facebook, Twitter, WhatsApp, Telegram and YouTube—have been effectively used to spread extremist ideology and to recruit followers.

The pause in hostilities notwithstanding, reports are pointing out that threat actors are still targeting Indian government websites. The attack envelope, according to the authors  “is also expanding with reports of  GPS spoofing, which typically involves manipulating GPS signals using software, and which, given its dual use, points to the increasing hybridisation of the battlefield and its secondary effect as an attack on critical infrastructure in use by millions.”

In conclusion, “the ongoing cyberattacks targeting Indian infrastructure suggest growing reliance on cyber operations before, during, and after the cessation of military hostilities. Malicious actors were active as soon as reports of the Pahalgam attack surfaced, with a noticeable increase in their activities in the following days. Existing threat actors like APT36 created fake domains that mirrored legitimate services, which were used to deploy malware targeting the Indian government and defence personnel. Social media platforms were flooded with misinformation in a deliberate attempt to undermine public trust in Indian operations.”

All Neighbours Article