Cyber Incident Victim: Government of India
Date:
Jun 2022
Location:
India
Summary
A Malaysian hacktivist group known as DragonForce Malaysia conducted cyberattacks against numerous Indian government and private sector websites, claiming retaliation for perceived anti-Muslim remarks by an Indian political figure. The group defaced approximately 70 websites, including educational institutions, logistics companies, and the Indian Embassy of Israel's site, while also alleging data exfiltration from a university portal and unauthorized access to a government database containing personal credentials. The attackers publicly recruited global Muslim hackers to escalate operations and amplify grievances, though Indian authorities had not verified the breaches at the time of reporting. The incident coincided with impending mandatory breach notification requirements for organizations operating in India.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In June 2022, Malaysian hacktivist group DragonForce Malaysia claimed responsibility for cyberattacks targeting at least 70 Indian government and private sector websites over a five-day period. The group framed the attacks as retaliation against anti-Muslim remarks made by a suspended spokesperson of India's ruling Bharatiya Janata Party, explicitly rejecting the spokesperson's subsequent public apology. DragonForce Malaysia announced Operation Patuk (OpsPatuk) through Telegram and Twitter channels, recruiting participants and listing alleged victims including the Indian Embassy of Israel's website, Delhi Public School, Nagpur's Institute of Science, and logistics companies S.M. Transport Services and R.R. Logistics. The group defaced websites with protest messages and published screenshots purporting to show compromised data from an unnamed Indian government database containing personal identifiers. Internet Archive Wayback Machine analysis confirmed their message appeared on the Indian Embassy of Israel's website on June 10, 2022. DragonForce Malaysia also claimed to have exfiltrated data from Bharathidasan University's Entrepreneurship, Innovation and Career Hub, though the university's website displayed only a maintenance notice during verification attempts.
No affected organizations publicly confirmed the breaches at the time of reporting. The Indian Computer Emergency Response Team (CERT-In) and Ministry of Electronics and Information Technology did not respond to requests for comment regarding the alleged government database compromise. These attacks occurred as India prepared to implement new cybersecurity directions requiring organizations to report data breaches within six hours of detection to CERT-In, a mandate that had drawn concerns from major technology companies about operational feasibility. DragonForce Malaysia escalated their campaign by urging global Muslim hackers and human rights organizations to expose what they characterized as India's "terrorist" activities, broadening their call to action beyond the initial website defacements. The group maintained active communication through social media platforms, posting recruitment materials, victim lists, and alleged evidence of compromised systems throughout the attack period.