Cyber Incident Victim: Government of India

Following the Pulwama suicide attack on February 14, 2019, which killed 40 Indian Central Reserve Police Force personnel, hackers linked to Pakistan launched coordinated cyber assaults against Indian government infrastructure. Within hours of the physical attack, over 90 Indian government websites and critical systems experienced an unusual surge in breach attempts, described by security officials as "ferocious." The attackers specifically targeted financial systems and power grid management networks, though Indian defensive measures prevented successful breaches of these critical systems. Officials noted the attacks originated from infrastructure in Bangladesh, a detail interpreted as evidence of deliberate obfuscation by hostile actors. India responded with undisclosed "offensive measures" in the cyber domain, which security professionals acknowledged helped contain the situation and reportedly caused reciprocal damage to Pakistani systems.

After failing to penetrate critical networks, attackers shifted tactics to disrupt information ecosystems. A coordinated disinformation campaign spread false narratives across social media platforms, including a fabricated report about the removal of Western Air Command chief Air Marshal C Hari Kumar and baseless claims of significant Indian military casualties in Rajouri. Indian authorities identified these rumors as deliberate attempts to create chaos and confusion amid heightened military tensions. The Indian army initiated investigations to trace the individuals or groups responsible for propagating these false claims. Throughout the incident cycle, the Indian government issued alerts to all departments emphasizing strict adherence to cybersecurity protocols and heightened vigilance, which contributed to mitigating further attacks. The scale and persistence of the cyber operations reflected an escalation of digital conflict paralleling the kinetic military engagements between the two nations during this period.