Cyber Threat Actor: Godzilla
| Actor Type | Location | Known Incidents |
Activist
|
India
|
3 incidents |
|---|
Profile
Godzilla is an alias used by an Indian hacker who has been publicly reported in multiple cyber incidents. The actor’s location is identified as India in open sources. Godzilla first came to attention for defacing websites linked to Pakistani militant organizations. Early operations included the takedown of the official site of Tehreek e Taliban Pakistan in April 2014. The same actor later claimed responsibility for defacing approximately two hundred Pakistani domains in November 2015.
The November 2015 campaign targeted Pakistani government, military and extremist group websites, including the primary online platforms of Lashkar-e-Taiba. Messages left on the defaced sites condemned the group’s leadership and accused Pakistani military institutions of supporting terrorism. The actor framed the attacks as retaliation for a major terrorist attack and expressed national pride while calling for peace. In response to these actions, Pakistani hackers compromised the website of a major Indian financial institution and later the site of India’s premier central bank. These reciprocal defacements demonstrated a bilateral hacktivist exchange without any publicly claimed financial motive. The actor’s stated objectives appear to be ideological, aiming to disrupt propaganda and assert a patriotic narrative.
Technical details disclosed by Godzilla indicate that the TTP website was hosted on a shared server where several security flaws were identified and exploited. The method relied on finding vulnerabilities in the hosting environment rather than deploying custom malware or advanced persistence tools. Similar vulnerability‑based defacement techniques were used against the Jamat ul Dawa websites linked to Lashkar-e-Taiba on the fifth anniversary of the 2008 Mumbai attacks. No public reports associate Godzilla with specific malware families, exploit kits, or command‑and‑control infrastructure. Attribution remains limited to the individual hacker operating under the Godzilla moniker, with no evidence of state sponsorship or criminal consortium ties. The actor’s known operations consist of website defacements and temporary service disruptions aimed at extremist and military online assets. These actions have been described in media as hacktivist retaliation rather than espionage or profit‑driven crime. The pattern shows a focus on disrupting the digital presence of groups deemed adversarial by the actor. All publicly available information confirms that Godzilla’s activity is confined to defacement and disruption without indications of financial gain or data theft.
