Cyber Incident Victim: Embassy of India, Dushanbe
Date:
Jun 2016
Location:
Tajikistan
Summary
Pakistani hackers defaced multiple Indian embassy websites, including the Embassy of India in Dushanbe, Tajikistan, along with six other diplomatic sites and a Karnataka State Police portal. The attackers, identifying as "Romantic" and "Intruder," left messages proclaiming affiliation with the Pakistan Army and political slogans such as "Pakistan Zindabad," while a separate hacker from Team Pak Cyber Attackers targeted the police website with the Pakistani flag and offensive content. The defacements featured taunts toward the Indian government and assertions of Pakistani cyber capabilities. All affected sites were subsequently restored to normal operation following investigations. The incident reflects ongoing cyber hostilities between Indian and Pakistani threat actors, historically linked to geopolitical tensions between the two nations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
Between June 11 and June 14, 2016, Pakistani hackers conducted a coordinated defacement campaign targeting Indian government websites. Two individuals using the aliases "Romantic" and "Intruder" compromised seven Indian diplomatic websites, including the Embassy of India in Dushanbe, Tajikistan. Other affected diplomatic missions included embassies in Ankara (Turkey), Athens (Greece), Mexico City (Mexico), Bucharest (Romania), Pretoria (South Africa), and the Consulate General in São Paulo (Brazil). The attackers replaced website content with a message declaring "Embassy of India in Dushanbe, Tajikistan Has Been OWNED" while issuing warnings to the Indian government. Their statement included the phrases "Pakistan Army Zindabad" (Long Live Pakistan Army) and "Pakistan Zindabad" (Long Live Pakistan), along with taunts such as "Aata Majhi Satakli?" and "Feel The Power of Pakistan." Separately, a hacker identified as Faisal 1337 from Team Pak Cyber Attackers defaced the Karnataka State Police website, displaying the Pakistani flag and offensive content. All compromised sites were subsequently restored to normal operation by authorities following detection.
Indian authorities initiated investigations into all eight website compromises. The incident occurred against the backdrop of persistent cyber hostilities between Indian and Pakistani hacking groups, with historical roots in geopolitical tensions dating to the 1947 partition. This specific attack wave followed earlier cyber escalations, including Indian hacker operations in January 2016 responding to the Pathankot Air Force Station terrorist attack. The defacements represented the latest visible manifestation of ongoing cyber espionage campaigns between the nations, which previously included malware operations like BreachRAT, Operation Transparent Tribe targeting Indian officials in February 2016, and Operation C-Major against military personnel in March 2016. While the diplomatic website defacements caused temporary disruption to online services, no data theft or persistent access mechanisms were disclosed in available reports. The coordinated timing across multiple embassy sites suggested prior reconnaissance against Indian government web infrastructure.