Cyber Incident Victim: Government of India
Date:
May 2023
Location:
India
Summary
A Pakistani hacktivist group known as Team Insane PK claimed responsibility for a DDoS attack that disrupted access to numerous Indian police websites across the country. The attack impacted critical government infrastructure, rendering many sites unreachable and hindering citizens' ability to interact with police services for a period of time. While some sites recovered quickly, others remained offline for several hours following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 16, 2023, at precisely 10:35 AM, the Pakistani hacking collective known as Team Insane PK publicly claimed responsibility for a coordinated cyberattack against Indian government infrastructure. The group announced it had successfully taken down 23 official Indian police websites through a Distributed Denial of Service (DDoS) attack. The announcement was made on online platforms, with the group trumpeting its alleged cyber conquest. The attack targeted a wide geographic range of police department websites, from the northernmost reaches of Kashmir to the southern state of Kerala, indicating a broad and coordinated targeting effort.
The comprehensive list of regional police websites targeted in the attack included tspolice.gov.in, keralapolice.gov.in, cgpolice.gov.in, delhipolice.gov.in, mppolice.gov.in, kolkatapolice.gov.in, kolkatatrafficpolice.gov.in, jkpolice.gov.in, bangaloretrafficpolice.gov.in, jhpolice.gov.in, delhitrafficpolice.gov.in, hyderabadpolice.gov.in, chandigarhpolice.gov.in, itbpolice.nic.in, tnpolice.gov.in, uppolice.gov.in, odishapolice.gov.in, cyberabadpolice.gov.in, mumbairlypolice.gov.in, crimebranchjkpolice.nic.in, indiapolice.in, navimumbaipolice.gov.in, and Mahapolice.gov.in. This list encompassed major metropolitan police forces such as Delhi, Mumbai, Kolkata, Hyderabad, and Bangalore, as well as state-level police forces including Kerala, Madhya Pradesh, Jammu and Kashmir, Uttar Pradesh, Odisha, and Tamil Nadu, among others.
The technical nature of the assault was a classic DDoS attack. This type of cyber onslaught involves flooding a website's server with an overwhelming volume of data packets. The objective is to effectively clog the available bandwidth, rendering the targeted website unreachable to legitimate users. It creates a digital traffic jam where the attacker acts as a rogue traffic controller, allowing an uncontrollable flood of requests to consume all resources until the online service becomes completely impassable. This method does not typically involve a breach of data or intrusion into the systems but is designed solely to cause service disruption and downtime.
Initial investigations into the claims revealed a mixed status among the targeted websites. Several of the listed websites were confirmed to be offline and inaccessible following the attack, validating the group's claims of disruption. However, other websites on the list appeared to be functioning normally, suggesting either that the attack was only partially successful against some targets or that mitigation efforts were already underway during the initial probe. A few hours after the attack commenced, some of the affected websites began to respond again, albeit sluggishly, indicating recovery efforts were in progress. Most of the targeted websites appeared to be back in full swing and operating normally within a relatively short timeframe after the initial disruption.
The immediate fallout from the attack extended beyond mere digital bravado. Because the attack targeted critical government infrastructure, specifically police departments, it had tangible real-world consequences. The DDoS attack disrupted the average citizen's ability to interact with police services online. Individuals attempting to access these websites to register a formal complaint or to follow up on an existing one were unable to do so during the period of disruption. This interruption of essential public services transformed the cyber incident from a simple inconvenience into a matter affecting civic functionality and access to law enforcement resources.
The incident placed the Indian cyberspace into a position of a digital battlefield, reflecting an increasing threat landscape. The attack was attributed to an element described as part of a broader movement of 'Islamic Hacktivist' groups that have placed Indian digital assets in their crosshairs. Team Insane PK represents the latest name added to an ever-growing list of such groups engaging in hostile cyber activity against Indian targets. The group's public claim of responsibility and the scale of the targeting served to amplify the psychological impact of the attack, aiming to demonstrate capability and cause reputational damage alongside the technical disruption. The chronology of the event began with the public announcement by the threat actor, followed by the observed disruption to the websites, and culminated in the gradual restoration of services as the attack subsided or was mitigated.