Operation Sindoor and India-Pakistan’s Escalated Rivalry in Cyberspace

As India and Pakistan engaged in hostilities through drones and missile strikes targeting each other after the former launched Operation Sindoor on 7 May, the virtual domain also witnessed an intensified rivalry between the two countries. Pakistan-linked threat actors attempted to penetrate Indian cyberspace through a series of cyberattacks, while social media platforms were weaponised as tools for disinformation and propaganda campaigns.

While these cyber hostilities did not contribute to the military escalation, they nonetheless are a salient marker of the persistent and multifaceted rivalry between the two South Asian neighbours. Pakistan seamlessly integrated hybrid tactics – combining malicious cyber activities and disinformation campaigns – into its broader military objectives, seeking to shape perceptions of its actions. India, by contrast, opted for a measured and responsive approach, relying on its conventional superiority to execute its military campaign.

A Short History of Cyber Rivalry

Unlike their military competition, which dates back to the last century, India and Pakistan’s cyber rivalry is largely a product of the previous two decades. Initially, the most common type of cyberattacks on each other’s computer networks was the ‘tit-for-tat’ hacking and defacing of each other’s websites. These nuisance value attacks were usually carried out by patriotic hackers or hacking groups such as Pakistan Cyber Army, who sought to demonstrate technical capability and generate media hype rather than cause actual damage. Many of these attacks coincided with significant events such as the respective independence days (14 and 15 August) or a cricket match between the two countries.

However, over time, these attacks grew increasingly sophisticated and targeted, with cyber espionage as the prime motive. This was notable during the Covid-19 pandemic when a Pakistani state-linked threat actor, APT (Advanced Persistent Threat)-36, launched a particularly menacing campaign to infiltrate Indian government, diplomatic and military networks. The threat actor, also known as Transparent Tribe and Earth Karkaddan, is notorious for persistently targeting the Indian government and defence forces-affiliated entities for harvesting sensitive data related to Pakistani military and diplomatic interests.

India, too, has been known to undertake retaliatory attacks targeting Pakistani computer networks. Such attacks particularly surged after the formation of the Defence Cyber Agency in 2019, which is reportedly responsible for India’s offensive cyber operations, including breaching enemy networks, executing surveillance operations, and laying honey traps.

Maleficence of Pakistani Malware Campaigns

The current crisis, however, was the first time that cyber operations played out simultaneously with an active military campaign between the two countries. Days after the terrorists carried out the beastly attack in Kashmir’s Pahalgam meadows on 22 April, killing 26 civilians, India’s Computer Emergency Response Team warned (Advisory CIAD-2025-0019) of a spike in cyber threats targeting financial institutions and critical sectors. These included ransomware, Distributed Denial of Service (DDoS) attacks, data breaches and malware infections. Simultaneously, several state-level law enforcement agencies flagged the elevated risks of phishing attempts from Pakistan-linked threat actors.

As Indian missiles hit terrorist infrastructure in Pakistan and Pakistan-Occupied Jammu and Kashmir, the cybersecurity community noted a surge in DDoS attacks targeting major Indian government organisations. An assessment by Maharashtra Cyber, a state-level cyber agency, reported that since the Pahalgam terrorist attack, India faced over 1.5 million cyberattacks, including DDoS attacks, malware infiltrations, and GPS spoofing. Of these, 150 were successful in breaching the Indian networks. Many of these attacks emanated not only from Pakistan but also from Bangladesh, Indonesia, and Morocco – a likely attempt to skirt attribution to Pakistani involvement. The APT-36 threat actor also figured in these cyberattacks as it leveraged the Crimson Remote Access Trojan (RAT) malware to target the Indian defence personnel.

India did not lag in responding. Reports suggested that some patriotic Indian hackers had infiltrated Pakistani websites, and in one instance claimed to have gained remote access to more than 1,000 CCTV cameras operating in Pakistan.

Disinformation and Deception

Disinformation, propaganda, and influence operations have become key tools for adversaries to create a ‘fog of war’. As seen in conflicts in Europe and the Middle East, this trend also became evident during the India-Pakistan crisis. Several Pakistan-based threat actors and social media accounts, particularly on ‘X’ engaged in coordinated anti-India disinformation and propaganda campaigns, disseminating unsubstantiated information and conspiracy theories.

These included claims about the Pahalgam attack, which was dubbed a ‘false flag operation’, while some accounts falsely claimed that the Indian missile strikes hit civilian areas instead of their intended targets. Other claims alleged that Pakistani hackers disabled 70 percent of the Indian power grid on 10 May, during the Pakistani military’s Operation Bunyan Marsoos. Others claimed destroying India’s S-400 air defence system at Adampur air base in Punjab. Deepfakes also made their presence known with one synthetic video ostensibly featuring Indian External Affairs Minister S. Jaishankar.

This was a tsunami of disinformation from Pakistani social media handles intended to sow confusion among Indians and downplay Indian military capabilities. While the Indian government and military attempted to rein in this deception and propaganda, they were often caught flat-footed. It was frequently left to individual fact-checkers and organisations to swiftly retort. New Delhi’s case was further undermined by the Indian electronic media, whose coverage was far from exemplary, with several English and Hindi TV news channels broadcasting false claims about the Indian military campaign. It was only later that the military began releasing additional details of Operation Sindoor that offset some Pakistani claims.

What Next?

In the last few years, the role of cyber operations in support of kinetic operations has evolved, as seen in conflicts in Europe and the Middle East. The India-Pakistan crisis adds a new dimension to this, where cyberspace has emerged as a parallel domain, but with no real impact on warfighting dynamics or the broader military balance. Pakistan chose the crisis to amplify its anti-India cyber and disinformation campaigns, which came across as being in sync with its military campaign. It also brought forth the role China plays in strengthening Pakistan’s hand: Pakistan’s increasingly sophisticated malicious cyber campaigns are believed to benefit from Chinese tech proficiency. Moreover, Chinese state media outlets and their social media handles amplified Pakistan’s anti-India propaganda. This crisis will only deepen the collaboration between the two countries.

For India, the prospect of deepening cyberspace collaboration between Pakistan and China adds another layer to the already robust defence partnership between the two countries. India has invested in the last decade to ramp up its cyber capabilities, but the country still lacks an appropriate strategy or doctrine that can be the guiding framework for deploying these capabilities. More importantly, New Delhi also needs to evaluate its response to countering disinformation and identify areas for improvement.

Operation Sindoor laid down new rules of engagement for the Indian military in its dealings with Pakistan. However, the Indian security establishment is also aware of evolving threat scenarios in which cyberattacks and deepfakes could play a role in triggering future India-Pakistan crises. This includes the possibility of non-state actors, such as Pakistan-based terrorist organisations, engaging in cyber sabotage against India. The evolving nature of cyber warfare will necessitate New Delhi reassessing its approach to cyberspace to ensure it aligns with its military objectives.

© Sameer Patil, 2025, published by RUSI with permission of the author.

The views expressed in this Commentary are the author's, and do not represent those of RUSI or any other institution.

For terms of use, see Website Terms and Conditions of Use.

Have an idea for a Commentary you'd like to write for us? Send a short pitch to commentaries@rusi.org and we'll get back to you if it fits into our research interests. View full guidelines for contributors.