Menu
Browse

Cyber Threat Actor: Black Dragon

Actor Type Location Known Incidents
 Icon
Activist
India
8 incidents
Profile

The threat actor known publicly as Bl@ck Dr@gon (also referenced as Bl@Ck Dr@GoN or Black Dragon) is an Indian‑based hacktivist who identifies himself as a member of the Indian Hacker’s Online Squad and claims involvement in Operation Pakistan (OpPakistan). In interviews and statements posted on defaced sites and paste sites, the actor describes the activity as a means of expressing political views, specifically retaliation for statements perceived as anti‑Kashmir and as a response to what he characterizes as Pakistani hackers targeting Indian sites of ordinary citizens. The actor explicitly says the goal is to convey a message to governments and the public by compromising high‑rank or popular websites, and he asserts that the activity is not financially motivated but rather a form of hacktivist protest.

Targeting patterns described by the actor focus on Pakistani government and political entities, including the National Portal of Pakistan, the Cabinet Ministry website, the Ministry of Defense, the Ministry of Railways, the Establishment Division and the Pakistan Manpower Institute, all of which were defaced as part of OpPakistan in April 2014. The actor also cites defacement of the Pakistan People’s Party site in October 2014 as a direct reaction to a statement by Bilawal Bhutto. Beyond government sites, the actor mentions having attacked high‑profile platforms such as the websites of Indian actor Mohanlal, singer Sonu Nigam, the Pakistan electricity board, a Lahore university institute and the Press Club of India, explaining that such prominent targets are chosen to maximise the visibility of their political messages. The actor states that they avoid deliberately harming sites of innocent individuals but feel compelled to respond when Pakistani‑based hackers target Indian sites of ordinary users.

Regarding tactics, the actor and his associates describe gaining access to the underlying web server that hosts multiple Pakistani government domains, then adding a defacement page through the site’s content management system or administration panel rather than compromising each site individually. No specific malware families, exploit kits or custom tools are mentioned in the source material; the described activity consists of web‑site defacement and the posting of statements on paste sites. Attribution is limited to the actor’s self‑identification as an Indian hacktivist affiliated with the Indian Hacker’s Online Squad and the OpPakistan campaign; no explicit link to a state sponsor or criminal organization is provided in the available sources. Notable operations referenced include the OpPakistan defacements of April 2014, the Pakistan People’s Party site compromise of October 2014, and the series of high‑profile site defacements cited as examples of the group’s targeting strategy.

Incidents
Attributed incidents available to members
8 incidents
Sources
Sources available to members
3 sources