Cyber Incident Victim: Government of India
Date:
Feb 2014
Location:
India
Summary
Hackers from ZCompany Hacking Crew breached the National Portal of India, defacing both desktop and mobile versions with a message advocating Kashmir's independence and condemning Indian military actions in the region. The attackers referenced civilian casualties and demanded withdrawal of security forces, asserting their resolve to continue the freedom struggle. The compromised content was subsequently removed, though mirrors persisted on third-party sites. The group had previously targeted other government websites, including those of Rajasthan state and a paramilitary force, and had also claimed an attack against a Pakistani hacker collective that was later denied.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 19, 2014, the ZCompany Hacking Crew (ZHC) breached india.gov.in, the National Portal of India operated by the Government of India. The attackers defaced both the desktop and mobile versions of the website, replacing content with a political message titled "ZHC was here! Owns Indian National portal." The defacement page, uploaded to a specific subdirectory (india.gov.in/content/zhc-was-here), referenced the 65th anniversary of India's presence in Kashmir, declaring "the fire of freedom still burns in our hearts." In a statement to Softpedia, ZHC explicitly linked the attack to Kashmir-related grievances, condemning civilian killings by Indian military and police forces in Jammu and Kashmir as a "source of shame for India which propagates to be a democracy." The message demanded withdrawal of Indian forces from Kashmir, asserting "Free Kashmir!!" while emphasizing persistence across generations: "We will keep transferring this flame to our children... until we get it." The hackers removed their defacement files shortly after the incident, though mirrors remained archived on the zone-h.org website.
This incident occurred within a broader pattern of attacks against Indian government digital assets during this period. Prior targets included the official website of Rajasthan state and assamrifles.gov.in, belonging to India's Assam Rifles paramilitary force. ZHC had previously targeted Pakistani hacker group Team Madleets' website in late January 2014, though Madleets denied any successful breach of their systems. The india.gov.in defacement represented a continuation of hacktivist operations against Indian governmental entities, with ZHC specifically leveraging web compromises to amplify geopolitical messaging related to Kashmir. No technical details regarding intrusion methods, data exfiltration, or defensive measures beyond file removal were disclosed in available reporting. The restoration of india.gov.in's original content concluded the publicly documented response to this specific breach.