Cyber Incident Victim: Army Public School Srinagar
Date:
Apr 2025
Location:
India
Summary
Cyberactors based in Pakistan targeted several defence‑affiliated websites, including the Army Public School in Srinagar, which suffered inflammatory propaganda posts and a distributed denial‑of‑service attempt, while a sister school in Ranikhet faced similar propaganda. Simultaneously, probes were detected against the Army Welfare Housing Organisation database and the Indian Air Force Placement Organisation portal, all of which were quickly isolated and restored without impacting operational or classified networks. Intelligence attributed the activity to a group calling itself IOK Hacker or Internet of Khilafah, noting that real‑time monitoring traced the origin to Pakistan and prevented any lasting damage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
OnApril 1, 2025, official sources reported that cyber attacks originating from Pakistan targeted the websites of four defence‑affiliated institutions in India. Among these, the Army Public School in Srinagar was subjected to inflammatory propaganda posted on its site and also experienced a distributed denial of service attack that attempted to disrupt online access. The same propaganda campaign was directed at the Army Public School in Ranikhet, while the Srinagar school’s homepage faced a possible defacement attempt. Web managers at the Srinagar school quickly rectified the defacement and restored service after the DDoS was mitigated. The attacks were part of a broader set of incidents that included an attempted breach of the Army Welfare Housing Organisation database and an effort to compromise the Indian Air Force Placement Organisation portal.
All four affected sites were promptly isolated by the responsible authorities, and restorative actions were undertaken to return them to normal operation. Officials confirmed that no operational or classified networks were compromised at any stage during the incidents. India’s layered cyber‑security architecture detected the intrusions in real time and traced their origin to Pakistan‑based actors. The attacks were attributed to a group identifying itself as ‘IOK Hacker’ or the ‘Internet of Khilafah’, which sought to deface pages, disrupt services, and harvest personal information. A source stated that the attempted intrusions highlighted both the adversary’s intent and its limitations. The cyber activity occurred amid heightened tensions between India and Pakistan following the Pahalgam terror attack on April 22, 2025, during which small‑arms fire along the Line of Control was reported over the preceding five days as Pakistan redeployed forces and heavy military hardware to the border. Propaganda and social‑media activity between the two nations had also intensified during this period. Officials observed that the attacks were launched after mission‑critical national networks were found to be impenetrable, indicating that the threat actors turned to publicly accessible welfare and educational websites. The narrative ends with the assertion that Pakistan‑based cyber actors failed to violate Indian cyber sovereignty in these incidents.