Cyber Incident Victim: Ministry of External Affairs
Date:
Jun 2016
Location:
Turkey
Summary
Pakistani hackers affiliated with the Pakistan Army and Team Pak Cyber Attackers defaced multiple Indian government websites, including seven embassies and a state police site. The attackers replaced content with pro-Pakistan messages, flags, and taunts directed at Indian authorities, referencing the Pakistan Army's strength. All compromised sites were subsequently restored following investigations. This incident reflects ongoing cyber hostilities between Indian and Pakistani hacker groups, historically linked to geopolitical tensions and retaliatory actions, including previous attacks involving malware campaigns and espionage operations targeting military and government entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
Between June 9 and 11, 2016, Pakistani hacking groups conducted coordinated defacement attacks against eight Indian government websites. Hackers using the aliases "Romantic" and "Intruder" compromised seven websites belonging to Indian diplomatic missions: the Embassies in Ankara (Turkey), Athens (Greece), Mexico City (Mexico), Bucharest (Romania), Dushanbe (Tajikistan), and Pretoria (South Africa), along with the Consulate General in São Paulo (Brazil). Concurrently, a separate hacker identified as Faisal 1337 from Team Pak Cyber Attackers defaced the official website of the Karnataka State Police. The attackers replaced legitimate content with propaganda messages glorifying the Pakistan Army, including phrases such as "Pakistan Zindabad" (Long Live Pakistan) and "Feel The Power of Pakistan." Specific taunts directed at the Indian government appeared across multiple embassy sites, including the statement "Do not Mess With Us Pakistan Army Zindabad, Aata Majhi Satakli?" alongside the Pakistani national flag.
Indian authorities detected the defacements promptly and initiated investigations across all affected entities. Technical teams restored all compromised websites to their original operational states within a short timeframe. The incident reflected an escalation in ongoing cyber hostilities between Indian and Pakistani hacking collectives, occurring six months after Indian hackers had retaliated against Pakistani websites following the January 2016 Pathankot airbase terrorist attack. Historical context indicates this defacement campaign formed part of a broader pattern of cyber operations between the two nations, including documented espionage activities such as Operation Transparent Tribe, Operation C-Major, and BreachRAT malware campaigns targeting government and military entities. No data theft or persistent network compromises were reported in this specific defacement incident, though the coordinated targeting of diplomatic assets highlighted persistent vulnerabilities in publicly accessible government web infrastructure.