India’s silent war: The rising tide of cyber threats amid Indo–Pak tension

A less obvious, yet no less hazardous, front is coming into sharper focus as a result of the heightened geopolitical tensions simmering between India and Pakistan: cyberwarfare. Criminal organisations are increasingly turning to digital battlegrounds to disrupt, mislead, and undermine national resolve, while the world watches and waits for a potential physical escalation.

Terrorist groups linked to Pakistan were responsible for the 22 April attack in Pahalgam, Kashmir, which claimed the lives of 26 tourists. India responded swiftly, announcing on 23 April the suspension of the Indus Waters Treaty, the closure of Punjab’s Attari border crossing, and the downgrading of diplomatic relations with Pakistan. In retaliation, Pakistan barred Indian aircraft from its airspace, halted trade, and condemned India’s action on the water treaty, labelling it an “act of war”.

Over the past decade, cybercrime has become an increasingly prominent aspect of Indo-Pak dynamics, ranging from state-sponsored hacking campaigns targeting government institutions to disinformation efforts aimed at swaying public opinion. Recent developments suggest a growing level of sophistication, especially with the use of AI-driven techniques.

India’s intelligence agencies have reportedly detected attempts to launch a malware-based cyberattack during the escalating hostilities. In the wake of the Pahalgam terror attack, Maharashtra Cyber, the nodal agency for cybersecurity and cyber investigation in the state, identified seven Advanced Persistent Threat (APT) groups responsible for over 1.5 million cyberattacks against critical infrastructure websites across India. Officials reported that only 150 of these attacks were successful.

Maharashtra Cyber denied claims that hackers had compromised the Election Commission website, aviation systems, municipal platforms, or stolen data from Mumbai’s Chhatrapati Shivaji Maharaj International Airport. “The investigation revealed that while cyberattacks did not cease entirely, their frequency dropped after the India–Pakistan hostilities subsided. However, Pakistan, Bangladesh, Indonesia, Morocco, and several Middle Eastern countries continue to launch such attacks,” the agency stated.

Cyber threats intensify alongside geopolitical tensions and can be equally devastating. Critical infrastructure such as power grids, healthcare systems, and banking networks are increasingly vulnerable. These attacks often exploit unprotected endpoints, zero-day vulnerabilities, or misconfigured APIs, frequently before anyone realises a breach has occurred.

Similarly, Punjab Police recently issued a cyber alert via X (formerly Twitter), warning the public about a Pakistan-based malware threat. The post read:

Cyber Alert: Pakistan-Based Malware Threat:
A dangerous malware named "Dance of the Hillary" is being spread by Pakistan-based hackers targeting Indian users via WhatsApp, Facebook, and email.
This malware can steal banking details, passwords, and personal data, and may allow remote access to your device. Do NOT click on suspicious links or messages from unknown sources. Stay alert. Stay secure.

In parallel, the Hyderabad Police’s cybercrime unit warned against phishing URLs and APK downloads masquerading as war-related news updates. Authorities noted that these cyberattacks specifically target critical infrastructure, military personnel, and Indian government bodies in an effort to harvest sensitive data without authorisation.

As cyber hygiene becomes as essential as physical safety, the police have advised the public to update antivirus software, back up important data, rely on verified news sources, and double-check all forwarded messages before sharing them.

Keith Odom, EVP – Consulting & Services at AHEAD, commented on the cyber landscape amid the current geopolitical standoff, “When geopolitical tensions rise, cyber threats escalate, and their impact can be just as serious. Critical infrastructure like finance, healthcare, and energy are increasingly at risk. These attacks don’t come with warning shots, they exploit misconfigured APIs, zero-day vulnerabilities, or unprotected endpoints, often before anyone realises there’s a breach.”

He added, “Defending against this requires speed, strategy, and foresight. Organisations must know their environments inside out, detect anomalies early, and respond swiftly. In today’s world, 24x7 threat detection, zero-trust architectures, and automated response playbooks are not optional, they are foundational.”

Following India’s missile strikes on Pakistan and Pakistan-occupied Kashmir, banks have ramped up their cybersecurity frameworks to guard against possible retaliation. Given the heightened threat level, additional security measures have been implemented at bank branches near the border.

The Indian Computer Emergency Response Team (CERT-In) issued a critical advisory highlighting an ongoing cyber threat campaign targeting the Banking, Financial Services, and Insurance (BFSI) sector. In response, the Bombay Stock Exchange (BSE) issued a security alert to market participants, and both BSE and NSE blocked access to their websites from international users as a precautionary step.

“Cyber resilience is not just about recovering after an attack, although having a plan is essential, it’s about staying a step ahead. That’s the mindset every organisation must adopt now. While we cannot control geopolitics, we can certainly control how well we defend our digital core,” Odom explained.

The Press Information Bureau’s official fact-checking account, PIB Fact Check, recently posted a warning about fake social media content propagating "Pakistan-sponsored propaganda." The post urged users to critically assess all information shared via platforms like Facebook, Instagram, X, and WhatsApp, “Propaganda funded by #Pakistan will be all over your social media in the coming days. Scrutinising every piece of information is crucial.”

Kaushal Bheda, Director of GovtTech at Pelorus Technology, added,“Our adversaries aren’t just launching cyberattacks, they’re actively defending against them too. But that’s their concern. What matters from our perspective is acknowledging that cyberwarfare is now a core pillar of modern geopolitical conflict. State-sponsored actors have embedded digital sleeper cells within unpatched systems and critical infrastructure, lying dormant until activated. But this is only one part of the threat. The more insidious challenge lies in AI-driven disinformation campaigns designed to erode public trust during times of instability.”

He continued,“These attacks aren’t random; they are coordinated to strike simultaneously, especially during wartime. The strategy is clear: to weaken national resolve, disrupt military preparedness, and damage diplomatic credibility. What makes them particularly dangerous is that they thrive on our complacency. Cyber strikes don’t come with sirens. If cybersecurity only becomes a focus once we’re under attack, we’ve already lost. Vigilance must be proactive, not reactive,permanent, relentless, and non-negotiable.”

This moment demands a renewed conversation on cybersecurity policy, national resilience, and technical preparedness. With an increasing number of state and non-state actors exploiting digital vulnerabilities, building robust defences is no longer optional.

While having a recovery plan is essential, cyber resilience is ultimately about staying one step ahead. All organisations must now adopt this proactive mindset. Organisations may not be able to influence geopolitics, but they can control how effectively we protect our digital foundations