Cyber Incident Victim: Reserve Bank of India
Date:
Nov 2015
Location:
India
Summary
Indian hackers conducted a retaliatory cyber campaign against Pakistani websites, defacing approximately 200 targets including Lashkar-e-Taiba's primary domains, to commemorate victims of a prior terrorist attack. The attackers left messages condemning specific individuals and organizations while asserting national pride. In response, Pakistani hackers breached the website of India's premier central bank, temporarily taking it offline through defacement. The incident involved reciprocal attacks between hacktivist groups without claims of financial motives.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 26, 2015, coinciding with the seventh anniversary of the 2008 Mumbai terrorist attacks, a group of Indian hackers conducted coordinated cyber intrusions targeting over 200 Pakistani websites. The attacks were explicitly framed as homage to victims of the 26/11 attacks, with one participant describing the operation as a message to perpetrators that "India won't sit back." Participants emphasized non-monetary motives, focusing instead on symbolic retaliation for the loss of innocent lives during the Mumbai attacks. A hacker using the alias Godzilla specifically compromised two primary websites of Lashkar-e-Taiba (LeT)—jamatdawa.org and jamatdawa.net—replacing their content with a defacement message. The message directly addressed Hafiz Mohammad Saeed, a key figure linked to the attacks, warning he would not remain in Pakistan long and condemning the Pakistani military and intelligence services for supporting militant groups. The defacement included Hindi poetry and religious references, concluding with declarations of Indian and Muslim pride. At the time of reporting, both LeT websites remained offline, indicating sustained disruption to the group's online presence.
In retaliation, Pakistani hackers breached the website of Central Bank of India, described in sources as a premier Indian financial institution, by the evening of November 26. The article provides no technical details regarding the bank website compromise but confirms its occurrence as a direct response to the earlier actions by Indian hackers. No additional information is available regarding the duration of the bank's website outage, specific defacement content, data impacts, or remediation efforts. Similarly, sources do not document any official statements from Central Bank of India, law enforcement agencies, or government entities regarding incident response, forensic analysis, or mitigation measures. The reciprocal attacks occurred within a single day, reflecting immediate escalation dynamics between the two adversary groups. The incident demonstrates how geopolitical tensions can manifest in reciprocal website defacements, though the technical scope, attacker identities, and full operational consequences remain unspecified in available reporting.