Clear And Present Danger

With the escalating conflict between India and Pakistan, cyber attacks by Pakistan-based or backed hacker groups against Indian entities, too, are on the rise. Immediately after the dastardly attack in Pahalgam that claimed 26 lives on April 22, a wave of cyber attacks was seen against Indian organizations, both government and private. The Indian Computer Emergency Response Team (CERT-In) has issued alerts to key sectors, cautioning them against more serious attacks. 

The Pakistani hackers have primarily used website defacement, data theft claims, and denial-of-service (DDoS) attacks, rather than sophisticated malware or ransomware so far. Not all of these claims are verified but the threat is, nevertheless, very, very real and not just because of the ever-increasing conflict between the two countries. 

India has for years been the target of focused cyber-threats of all types and degrees. It is crucial to remember that these threats have not just persisted but also evolved over the years, regardless of any conflict at the border, and this is exactly why our approach towards them needs to evolve as well. 

In the early 2020s, Indian cybersecurity agencies and threat intelligence researchers flagged a sustained campaign aimed at hacking official email accounts of Government of India employees. It began as a bogus app for the Ministry of Defence’s Canteen and Stores departments, emailed to all Ministry of Defence employees in 2021. As soon as India got wise to the threat, the goverment introduced Kavach, a multi factor authentication system for government employees to log in to their accounts. Immediately, the same Pakistan backed hackers also created a spoof of Kavach embedded with a malware - a software crafted with malicious functions - and emailed it to the same government employees, claiming that it was a ‘upgraded version’ of Kavach. 

The campaign was subsequently analysed and attributed to a hacker group named TransparentTribe, also known as APT 36, where the APT stands for Advanced Persistent Threat. This is a nomenclature given to the most serious and organized hacker groups driven by ideology and backed by nation states. And this is just one threat that India faced from across the border. 

Pakistan backed hackers have since then also diversified their methods. Some focus on hacking data from poorly secured servers and dumping it on the dark web. Others hack websites simply to deface their home pages, while yet others are using steganography; a sophisticated method where malware is hidden under an image, which is forwarded from social media or WhatsApp accounts. 

And here’s the plot twist: this doesn’t happen when cross-border tensions escalate. Dark web forums are buzzing with exploits of Pak-backed hackers all year round, at least for the last five years. And most of them are successful because of the inherent problem of poor awareness.  

It is critical that we look at state-sponsored hacker activity with the seriousness it deserves and undertake awareness campaigns aggressively and persistently. Most, if not all, of these malicious activities depend on something called user interaction - a single misstep by one single person that grants initial access to the hackers. This leads the attackers deeper into our systems and lets them cause untold damage. 

Cyber warfare is a present, ongoing reality. We cannot afford to treat it like a passing phase that only merits attention during geopolitical flare-ups. The attacks may spike during moments of national crisis, but make no mistake: they never truly stop. As long as there are vulnerabilities to exploit and people unaware of how they’re being targeted, these hackers will continue to succeed.

We must move beyond reactive posturing. Cybersecurity awareness needs to become part of our national security culture, not just for officials, but for every citizen connected to a network. Because when a single careless click can compromise an entire system, cybersecurity is no longer just the IT department’s job. It’s everyone’s business.

Gautam S Mengle

The writer is Assistant Vice President and Security Awareness Strategist at CyberFrat, an organization that specializes in cybersecurity awareness, education and advisory.