Cyber Incident Victim: Ministry of Aviation
Date:
May 2023
Location:
Pakistan
Summary
In a retaliatory cyberattack, the hacktivist group Kerela Cyber Xtractors launched a DDoS operation against the Ministry of Aviation, paralyzing ten Pakistani embassy websites globally. This was a direct response to an earlier attack by the Pakistani group Team Insane PK against Indian State Police sites. The incident disrupted public access to vital information and services hosted on the government portals, significantly hindering administrative functionality.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On or around May 18, 2023, a significant cyber incident unfolded involving a retaliatory Distributed Denial of Service (DDoS) attack. This event was a direct response to a prior cyber assault. The Indian hacktivist group Kerela Cyber Xtractors claimed responsibility for this counterattack, which successfully paralyzed a total of ten Pakistani Embassy websites operating globally. The attack was executed precisely at midnight, marking the beginning of a widespread disruption across multiple countries. The targeted nations included India, France, Germany, and Kazakhstan, indicating the international scope and significant digital footprint of the operation.
The technical mechanism employed was a Distributed Denial of Service (DDoS) attack. This type of cyber assault functions as a malicious attempt to disrupt the normal operations of a targeted network, service, or website. The method involves overwhelming the victim's servers with an immense and unsustainable flood of internet traffic. This deluge of requests effectively clogs the system's capacity, preventing it from processing legitimate user visits and rendering the websites inaccessible. The analogy of trying to get a sip of water from a fully opened fire hydrant illustrates the overwhelming nature of the traffic surge that characterizes a DDoS attack.
The specific websites targeted and rendered inaccessible were all affiliated with Pakistani diplomatic missions. The comprehensive list of downed domains included Pakmissionfrankfurt.de, pakconsulatela.org, pakconsulateist.com, pakistanconsulatehouston.org, pakembsofia.gov.pk, pakembparis.com, pakembassyankara.com, pakvienna.at, pakhcnewdelhi.org.pk, and pakembkazakhstan.org. This targeting strategy focused exclusively on Pakistan's international diplomatic and consular web presence, deliberately avoiding domestic Pakistani government infrastructure in favor of its global outlets.
This massive online assault was not an isolated or initiating event but was explicitly characterized as a counter-attack. It was a robust response executed by the Kerela Cyber Xtractors group. Their action was a direct retaliation for a recent DDoS attack launched against Indian digital assets by a Pakistani hacktivist group known as Team Insane PK. That initial attack had targeted 23 Indian State Police websites, compromising their availability and services. The counter-operation by the Indian group was therefore framed within the context of an ongoing tit-for-tat cyber conflict between hacktivist factions from the two nations.
The immediate impact of the DDoS attack was the prolonged inaccessibility of the ten Pakistani embassy and consulate websites. As the new day dawned on May 18th, several of the affected websites remained unresponsive, reflecting the sustained and chilling aftermath of the digital blitz. This downtime constituted a significant digital catastrophe for the regular users who depend on these portals. Government websites house vital information and provide essential services for citizens, including expatriates and individuals seeking visas or consular assistance. The public heavily depends on these platforms for tasks such as updating personal data and accessing critical services. A prolonged outage inevitably leads to operational chaos and public confusion, directly hindering administrative functionality and public convenience.
This incident occurred within a broader context of escalating cyber assaults against Indian cyberspace in the preceding months. The threats were noted as not originating solely from Pakistani hackers but also from hacktivist groups spread across various other Islamic nations, including Indonesia, Bangladesh, and Sudan. This environment of persistent threat has led to the rise and increased activity of Indian hacking groups who position themselves as defenders of the national digital frontier. Groups such as Kerela Cyber Xtractors, Indian Cyber Force, and Team NWH Security have actively stepped up to counter the perceived relentless onslaught against Indian assets. The incident on May 18th exemplifies this dynamic, where these groups take offensive retaliatory actions in what they describe as a defense of the nation's cyber space. The event underscores the ongoing shadow war within cyberspace, where hacktivist groups engage in high-stakes digital conflict with tangible consequences for government operations and public service delivery.