Cyber Threat Actor: Internet of Khilafah
| Actor Type | Location | Known Incidents |
Activist
|
Pakistan
|
2 incidents |
|---|
Profile
Internet of Khilafah, also known as IOK Hacker, is a threat actor that has been publicly linked to operations originating from Pakistan. The group uses the aliases Internet of Khilafah and IOK Hacker in its communications and claims of responsibility. Public reporting attributes the actor to Pakistani‑based cyber activity, though no further details about its internal structure or sponsorship have been disclosed in open sources.
The actor’s observed targeting focuses on defence‑affiliated institutions within India, including schools associated with the Army Public School network, the Army Welfare Housing Organisation database, and the Indian Air Force Placement Organisation portal. Its activities have involved website defacement with inflammatory propaganda, distributed denial‑of‑service attempts, and probing of databases with the apparent aim of harvesting personal information. These actions indicate a strategic emphasis on disruption of online services and the collection of data, rather than financial gain.
A notable example of the group’s activity occurred on April 1 2025, when coordinated attacks were launched against four defence‑related websites in India. The Army Public School in Srinagar experienced propaganda posts and a DDoS effort, while its sister institution in Ranikhet faced similar defacement. Simultaneously, attempts were made to infiltrate the Army Welfare Housing Organisation database and the Indian Air Force Placement Organisation portal. Indian cyber‑security teams detected the intrusions in real time, traced the traffic to Pakistani sources, isolated the affected systems, and restored services without any reported impact on operational or classified networks. This incident illustrates the group’s capability to conduct synchronized web‑based disruptions and information‑gathering attempts against defence‑related targets.
