When India launched Operation Sindoor on May 7, 2025, striking terror infrastructure inside Pakistan, a second war began almost immediately not in the skies, but in cyberspace. As hostilities between the two nations intensified, cyberspace emerged as a critical battleground, marking the first time it became an active, coordinated theatre of conflict during an India-Pakistan crisis. The world watched two parallel battles unfold one with missiles and jets, the other with malware, memes, and disinformation.
Background What Triggered the Conflict?
The chain of events began in Kashmir. On April 22, 2025, a militant attack on tourists in Pahalgam, Jammu and Kashmir, killed dozens of civilians. India held Pakistan-based terror groups responsible and launched Operation Sindoor as its military response.
Days after the Pahalgam attack, India’s Computer Emergency Response Team warned of a spike in cyber threats targeting financial institutions and critical sectors, including ransomware, DDoS attacks, data breaches, and malware infections. The stage was set for a full-scale cyber warfare between India and Pakistan, running in parallel with the physical conflict.
The Pakistan Cyber Attack on India What Happened?
Website Defacements and Early Strikes
Pakistan-linked hacker groups did not wait for the missiles to fly. In the days before Operation Sindoor, Pakistan-based hackers resumed website defacements, reportedly targeting Indian defence organisations, local government portals, and think tanks. In one documented case, the website of the Armoured Vehicle Nigam Ltd a defence public sector unit was defaced to display a Pakistani flag and the Pakistan Army’s Al Khalid tank.
DDoS Attacks Hit India’s Critical Infrastructure
As the military conflict escalated, so did the cyber attack on India. Cybersecurity experts observed a spike in DDoS attacks against India, targeting major government organisations including the Income Tax Department, Hindustan Aeronautics Limited, Indian Railways, and Bharat Sanchar Nigam Limited.
A report by Maharashtra Cyber titled “Road of Sindoor” recorded over 1.5 million cyberattacks during this period, of which 150 successfully breached Indian digital infrastructure. These included DDoS assaults, malware infiltrations, and GPS spoofing. The report further noted a rise in cyber activities originating from Bangladesh, Indonesia, and Morocco possibly to mask Pakistani involvement.
H3: APT36 and the Crimson RAT Malware
Beyond hacktivist noise, a more serious threat lurked beneath. APT36 also known as Transparent Tribe, a group believed to be linked to Pakistan used Crimson RAT malware to target Indian defence networks after the Pahalgam terror attack, exploiting the emotional aftermath as a thematic lure to breach Indian government systems.
The rapid deployment of this malware, compiled on April 21, 2025, underscores APT36’s agility in exploiting geopolitical events. Crimson RAT allowed attackers to remotely execute commands, steal sensitive data, and maintain persistent access to compromised systems.
Were the Claims Real or Exaggerated?
Not all claims stood up to scrutiny. CloudSEK’s investigation revealed that most breaches were exaggerated or fake ranging from recycled data leaks to defacements that left no real impact. While DDoS attacks barely caused a few minutes of disruption, the real threat came from APT36’s malware targeting Indian defence networks.
The Pakistan Cyber Force and other hacktivist groups made bold claims online. However, these claims were intended more as psychological warfare to suggest penetration than evidence of actual extensive breaches. The cyber attack on India was as much about perception as about real damage.
The Information War India Loses the Narrative
India’s Media Undermined Its Own Side
While Pakistan launched cyber attacks on India’s systems, the more damaging battlefield turned out to be the global media narrative. India’s military later acknowledged that 15 percent of operational time had been spent debunking fake news, and most of it was homegrown the trolls were not operating in a parallel ecosystem but were on primetime television.
The Indian government reportedly requested X (formerly Twitter) to withhold over 8,000 accounts spreading disinformation. Yet much of the damage came from within India itself, where major TV channels broadcast false claims about the military campaign.
International Media on India-Pak War
The international media on the India-Pak war told a complicated story. The Columbia Journalism Review called India’s media coverage the “smog of war” man-made, and known to be so by those making it. The Lowy Institute, an Australian foreign policy think tank, noted that Pakistan appeared cool-headed and composed in the global information space, while India appeared reactive.
The Guardian, NYT, and other global outlets closely followed the conflict. Reports confirmed real military losses on both sides, with independent verification often contradicting claims made by each government’s media apparatus.
Expert Quotes on Cyber Warfare Between India and Pakistan
Analysts and researchers have been direct in their assessment of this new phase of India-Pakistan conflict.
Sameer Patil, writing for the RUSI commentary, noted that propaganda campaigns revealed India’s susceptibility to disinformation and psychological operations and that despite having a military upper hand, India failed to convert that advantage into a perception victory.
CYFIRMA’s analysis concluded that the 2025 India-Pakistan crisis illustrates the increasingly complex nature of modern conflicts, where open-source evidence shows that non-state actors can quickly co-opt a national crisis into a global cyber movement, crossing borders and blurring lines between activism and warfare.
Global and Regional Impact
The cyber warfare between India and Pakistan sent shockwaves well beyond South Asia. The May 2025 conflict unveiled a new chapter of cyber warfare and cognitive warfare, marking the first time that cyberspace played an important role parallel to a conventional military conflict between the two fierce rivals.
Foreign policy analysts pointed out that this holds important warnings for other nations Taiwan, for instance, has been at the receiving end of China’s cognitive warfare and should expect similar grey zone tactics combining coordinated cyber attacks and disinformation in any future military contingency.
For Pakistan, the outcome was diplomatically significant. The ceasefire announced by US President Donald Trump, which Pakistan embraced and India resisted, shifted the diplomatic balance. For the first time in a generation, Islamabad found itself warmer with Washington than New Delhi.
Conclusion What Comes Next in India-Pakistan Cyber Warfare?
The May 2025 conflict marked a turning point. For the first time, cyber operations ran simultaneously with a live military campaign between two nuclear-armed nations. The Indian security establishment is now aware of evolving threat scenarios in which cyberattacks and deepfakes could play a role in triggering future India-Pakistan crises including the possibility of non-state actors engaging in cyber sabotage.
Both nations are expected to significantly upgrade their cyber capabilities. Securing and hardening critical national infrastructure will help thwart the adversary’s designs but what is even more important is adopting an offensive posture that can potentially yield tactical advantage and support kinetic actions.
The war in India’s digital space is far from over. The next conflict whether sparked by terrorism, border tensions, or political crisis will almost certainly include a cyber dimension from the very first hour.
FAQs
Who is the top 1 hacker in India?
India does not officially recognise or rank individual hackers. However, cybersecurity researchers and ethical hackers such as Ankit Fadia gained early recognition in India’s digital security space. On the state-sponsored side, India’s technical intelligence agency NTRO is believed to operate advanced cyber capabilities, though specific individuals are never publicly named for security reasons.
Is Pakistan’s air force better than India’s?
By most independent defence assessments, India’s air force holds a quantitative and qualitative edge over Pakistan’s. India operates a larger fleet including French Rafale jets and Russian Su-30MKIs. Pakistan operates F-16s and Chinese JF-17s and J-10Cs. During Operation Sindoor in May 2025, Pakistan claimed to have downed multiple Indian aircraft, including Rafales, using Chinese PL-15 missiles claims that were partially corroborated by international reporting, though India did not officially confirm losses. Both air forces are considered regionally capable and nuclear-alert.
Whose navy is strong, India or Pakistan?
India’s navy is significantly larger and more capable than Pakistan’s. India operates aircraft carriers, nuclear-powered submarines, and a blue-water fleet capable of projecting power across the Indian Ocean. Pakistan’s navy is primarily a coastal and brown-water force focused on the Arabian Sea. During the 2025 conflict, Indian naval operations around Karachi were widely discussed in media reports, though details remained disputed by both sides.
