Cyber Incident Victim: High Commission of India, Pretoria
Date:
Jun 2016
Location:
South Africa
Summary
The High Commission of India in Pretoria was among seven Indian embassy websites defaced by Pakistani hackers identifying as "Romantic" and "Intruder," who claimed affiliation with the Pakistan Army and left messages promoting Pakistani nationalism. A separate hacker from Team Pak Cyber Attackers also compromised a Karnataka State Police site, displaying the Pakistani flag and offensive content. The attacks reflected ongoing cyber hostilities between Indian and Pakistani groups, rooted in historical geopolitical tensions. Authorities restored all affected websites following investigations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
Between June 9 and June 11, 2016, a coordinated cyberattack targeted multiple Indian government websites, including the High Commission of India in Pretoria, South Africa. Pakistani hackers using the aliases "Romantic" and "Intruder" successfully defaced seven Indian diplomatic mission websites across six countries. The compromised sites included embassies in Ankara (Turkey), Athens (Greece), Mexico City (Mexico), Bucharest (Romania), and Dushanbe (Tajikistan), along with the Consulate General in São Paulo (Brazil). Attackers replaced legitimate content with a political message declaring "Embassy of India in Dushanbe, Tajikistan Has Been OWNED," while taunting the Indian government with phrases like "Do not Mess With Us Pakistan Army Zindabad" and "Feel The Power of Pakistan." The defacement included the Pakistani flag and explicit praise for the Pakistan Army. Concurrently, a separate hacker identified as Faisal 1337 from Team Pak Cyber Attackers defaced the Karnataka State Police website, displaying similar nationalist symbols and offensive content. All affected websites were temporarily inaccessible during the defacement period before being restored to operational status by Indian authorities.
This incident occurred against the backdrop of escalating cyber hostilities between Indian and Pakistani hacking groups following the January 2016 Pathankot terrorist attack. Historical tensions dating to the 1947 partition have fueled repeated cyber skirmishes, with both nations engaging in website defacements, espionage campaigns like Operation Transparent Tribe (February 2016), and malware operations including BreachRAT and Operation C-Major (March 2016). Indian law enforcement agencies initiated investigations across all compromised entities upon detecting the breaches. Technical remediation efforts prioritized restoring diplomatic and police websites to full functionality, though the attacks temporarily disrupted digital services for citizens seeking consular information or police resources. No data theft or persistent malware infections were reported in connection with these defacements, which primarily served as symbolic acts of digital vandalism aligned with geopolitical tensions.