Menu
Browse

Cyber Threat Actor: Indian Cyber Force

Actor Type Location Known Incidents
 Icon
Activist
India
2 incidents
Profile

The threatactor known as Indian Cyber Force operates under that alias and has been described as an India‑affiliated hacking group. Open‑source reporting places its activity in India, although no definitive geographic base has been publicly confirmed. The group first came to attention in late September 2023 when it claimed responsibility for a series of disruptive cyber actions against Canadian targets. Its actions were framed as a retaliatory campaign dubbed #OpCanada, responding to diplomatic tensions between Canada and India. The actor’s public statements reference the allegations made by Canadian leadership regarding India’s involvement in the killing of Sikh activist Hardeep Singh Nijjar.

Indian Cyber Force has directed its activity toward Canadian government institutions, including the Canadian Armed Forces website, the House of Commons portal, Elections Canada’s external site, and The Ottawa Hospital’s external web presence. In addition to government targets, the group claimed to have compromised several small‑business websites in Canada, such as restaurants and medical clinics, where it posted defacement messages. The primary objective observed in these incidents is disruption, specifically to convey political messaging rather than to pursue financial gain or espionage. The group’s tactics rely on distributed denial‑of‑service (DDoS) attacks that overwhelm web servers with traffic, causing temporary inaccessibility, and on website defacement that replaces normal content with a black background, green digits reminiscent of the film The Matrix, and accompanying warlike music. Claims of responsibility and the defacement messages have been disseminated through the group’s Telegram channel, where it also posted and later retracted assertions about taking down the Global Affairs Canada travel advisory site.

Public sources have not established a direct state nexus for Indian Cyber Force, describing it only as an India‑affiliated hacktivist collective without evidence of government direction or support. No affiliation with known criminal consortia or mercenary groups has been documented in the reporting. The September 2023 OpCanada campaign stands as the most notable operation attributed to the actor, encompassing multiple DDoS episodes and defacements that lasted from minutes to a few hours before services were restored. Canadian officials characterized the incidents as nuisance events with no lasting impact on internal networks or sensitive data, noting that the group’s activity aligns with patterns of increased disruptive cyber activity during geopolitical disputes. Thus, the profile of Indian Cyber Force rests on its use of DDoS and defacement for politically motivated disruption against Canadian targets, without confirmed ties to state sponsorship or financially driven cybercrime.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
1 source