Do Son 
Defacement of an Indian government website by hacker
Indiaβs digital infrastructure has become a high-value battleground for hacktivists. A new analysis from CYFIRMA highlights how JulyβAugust 2025 witnessed an unprecedented surge of cross-border cyber operations combining breaches, disruptions, phishing, and advanced malware against Indian institutions.
According to the report, βcoordinated cross-border campaigns from Pakistan, Bangladesh, Russia, Indonesia, and likely China targeted Indian judicial, defense, and transport systems.β These campaigns mark a shift from isolated attacks to βcoordinated, multi-nation campaigns against Indiaβs digital infrastructure.β
Among the most damaging incidents was the breach of High Court servers in Punjab & Haryana and Andhra Pradesh. CYFIRMA notes that Pakistani group Team Insane Pakistan allegedly compromised millions of case records, FIRs, login credentials, and judicial officer databases, mocking the judiciary by labeling it the βuneducated judges whole database.β
The disruption extended beyond data theft. On Indiaβs Independence Day, Sylhet Gang-SG launched a DDoS attack on the Ministry of Defense website, showcasing the fragility of critical government portals. At the same time, Russian-aligned collective RuskiNet pre-signaled its βOperation Trinetaraββa cyber retaliation campaign tied to the Palestine conflict, amplifying psychological pressure.
India did not remain passive. Hacktivist groups under Operation Vasudev Strikeβincluding Shadow Phantom, Team Red Eagle, and Shadow Protocolβhacked into Pakistanβs Ibn-e-Sina University and publicly exposed administrative credentials. CYFIRMA highlights this as a demonstration of Indiaβs growing offensive posture in the cyber domain.
The attacks were not limited to state infrastructure. The Indonesian group Raizo defaced an Indian transport website with political slogans, while attackers cloned the eChallan portal to harvest citizensβ personal data such as PAN numbers and dates of birth.
Perhaps the most sophisticated operation came in the form of phishing campaigns masquerading as Income Tax penalty notices. Victims were lured into downloading a 43 MB malware installer named 103.97.128.77#ClientSetup.exe. As CYFIRMAβs analysis states, βmetadata with Simplified Chinese resources indicated likely Chinese actor involvement, blending spear-phishing with advanced malware tacticsβ.
The malware demonstrated persistence through process injection, concealed its operations with configuration files like YTSysConfig.ini, and established command-and-control connections to a suspicious IP address. The campaign highlights how hacktivists are increasingly adopting advanced tradecraft typically associated with state-sponsored cybercrime.
CYFIRMA concludes that βthe events of JulyβAugust 2025 highlight a significant escalation in hacktivist-driven cyber operations against India.β
With Indiaβs retaliatory campaigns gaining momentum, the region faces a growing cycle of offensive and defensive cyber activity. As the report warns, these developments emphasize the βurgent need for stronger threat intelligence, proactive defense measures, and cross-agency coordination to protect national security and public trust in digital infrastructure.β
Related Posts:
- Pakistan bans financial institutions from participating in cryptocurrency transactions
- Pakistan Under Cyberattack: Unmasking the Blue Locker Ransomware Campaign
- Microsoft Shuts Down Pakistan Office After 25 Years, Citing Global Restructuring
- Smishing Triad Targets Pakistan with Large-Scale Banking Scam
- Bitter APT Targets Pakistan Telecom Amidst Border Tensions with New Cyberattack!
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
