Latest news with #APT36
Hindustan Times
30-05-2025
- Politics
- Hindustan Times
Fragile ceasefire and rising hybrid threats
The recent ceasefire between India and Pakistan, declared on May 10, 2025, in the aftermath of the Pahalgam terror attack and subsequent Operation Sindoor, has ushered in a tenuous calm. However, this truce masks an evolving and complex conflict landscape marked by intermittent ceasefire violations and sophisticated hybrid warfare tactics that stretch beyond traditional battlefields. What may appear to be de-escalation is, in fact, the onset of a new phase of the conflict--less visible, yet equally dangerous. The brief lull in hostilities has already been disrupted by multiple ceasefire violations along the Line of Control, particularly in the Rajouri and Poonch sectors. These incidents, reportedly involving mortar shelling and small arms fire by the Pakistan army, indicate that the ceasefire remains precarious. While both sides have refrained from formally acknowledging violations, local accounts and reports suggest a pattern of low-intensity engagements that challenge the ceasefire's credibility on the ground. More significantly, the confrontation has expanded into cyberspace and the information domain, marking a paradigm shift. Since May 11, Indian cyber agencies have reported over 1.5 million cyberattacks—not only from Pakistan but also from IP addresses traced to Bangladesh, Indonesia, Morocco, and parts of West Asia. A report titled Road of Sindoor, compiled by the Maharashtra cyber police and shared with key law enforcement bodies, attributes these attacks to Pakistan-linked hacking groups such as APT 36, Pakistan Cyber Force, and Mysterious Bangladesh, suggesting the emergence of a coordinated, transnational cyber warfare strategy. These attacks, employing malware, Distributed Denial-of-Service (DDoS) tactics, and misinformation campaigns, constitute advanced persistent threats (APTs) and are multi-vector in nature. While many were neutralized, some succeeded in defacing websites and allegedly extracting data from key institutions. For instance, the Mizoram Public Service Commission's portal was compromised, displaying messages glorifying Pakistan. Cybersecurity firms like SentinelOne and CrowdStrike have observed breaches exploiting vulnerabilities in South Asia and proxy networks across North Africa, West Asia, and North Korea, often employing tools like ShadowPad—a modular backdoor linked to suspected China-affiliated cyber-espionage groups. These attacks frequently use VPN chains and layered infrastructure to obscure their origin, underscoring the growing complexity of attribution and response in this diffuse, transnational threat environment. Simultaneously, intelligence agencies have reported a surge in information warfare. Social media platforms, especially X (formerly Twitter), have witnessed coordinated inauthentic activity including hashtag campaigns, doctored images, and Artificial Intelligence (AI)-generated deepfakes targeting Indian military actions in Kashmir and the Northeast. Government sources in Delhi have linked many of these operations to bot networks previously associated with Pakistani influence campaigns. This psychological warfare appears aimed at influencing global perceptions, potentially affecting domestic morale and amplifying internal divisions--particularly during sensitive moments such as military funerals and regional protests. Adding another layer of complexity is the deepening Chinese connection to Pakistan's military posture. Defence analysts and satellite imagery confirm the deployment of Chinese-origin J-10C fighter jets armed with PL-15E beyond-visual-range missiles in the Skardu region. Though officially described as routine, their proximity to contested air corridors in Ladakh and Gilgit-Baltistan suggests strategic signalling. Open-source military trackers note that this may be the first time such assets have been stationed in high-altitude readiness since the 2020 Galwan clashes. Turkey and Azerbaijan have also openly supported Pakistan amid the rising tensions. President Recep Tayyip Erdogan's government continues to raise the Kashmir issue in international forums and extend diplomatic backing to Islamabad. Azerbaijan, closely aligned with Turkey through cultural and strategic ties, has also reinforced its relationship with Pakistan—strengthened during the 2020 Nagorno-Karabakh conflict where Pakistan offered military support. These alliances raise the prospect of material or strategic backing for Pakistan, adding a broader regional dimension to the current standoff. India now faces a formidable challenge: How to respond to attacks that are neither clearly visible nor easily attributable. The war has shifted from terrain to networks, from troop deployments to data disruptions, from conventional battles to algorithmic influence. Defence strategists are urging a robust focus on military-grade cyber deterrence, State-level cybersecurity capacity building, and the development of a legal framework for transnational cyber attribution and response. Cross-sector coordination between military, civil defence, and private cybersecurity stakeholders has become not just necessary but urgent. What is unfolding is not a post-war calm but a transition into War 2.0—--a state of continuous, low-intensity, multidomain conflict. While the guns may be temporarily silent, the digital battlefield is active, adaptive, and expanding. India's challenge is no longer just winning conventional wars but fortifying its systems, institutions, and civil society against a war that rarely declares itself. This article is authored by Hriday Sarma, senior fellow, South Asia Democratic Forum, Brussels.
Time of India
23-05-2025
- Time of India
Cyber hackers launched 650 attacks on Indian infrastructure between May 7–10: Report
Over 650 cyber incidents were targeted at India's critical sectors in a coordinated offensive cyber campaign, launched by Pakistan-aligned state and non-state actors during heightened military tensions earlier this month. Quick Heal Technologies ' Seqrite Labs, a malware analysis facility, identified spear-phishing attacks, malware infections , website defacements, and data leaks carried out by 35 hacktivist groups. Of these, seven groups are new entrants. These are — Death Slash Cyber Security, Rabbit Cyber Team, Red Wolf Cyber, Dark Cyber Gang, Moroccan Black Cyber Army, Ghosts of Gaza and Tengkorak Cyber Crew, the company said. The cyber assault began on April 17, weeks before India's counterterrorism strikes between May 7-10. The attackers used malicious documents disguised as official advisories, named as 'Final_List_of_OGWs.xlam' and 'Preventive_Measures_Sindoor.ppam' to deploy malware. At the heart of this digital siege was APT36, a Pakistan-linked advanced persistent threat (APT) group known for targeting Indian defense and government agencies, Seqrite said. The attackers also spoofed legitimate Indian domains such as nationaldefensecollege[.]com and zohidsindia[.]com, using them to deliver payloads and communicate with command-and-control (C2) servers hosted at foreign locations. Infrastructure behind the operation was masked using VPS (virtual private servers) in Russia, Germany, Indonesia, and Singapore. Live Events 'This was not a standalone cyber espionage mission. It was a digitally coordinated war game,' Seqrite Labs said in a report released Friday. 'APT36's evolved tactics combined with simultaneous hacktivist disruptions show how cyber operations have merged with psychological warfare.' Discover the stories of your interest Blockchain 5 Stories Cyber-safety 7 Stories Fintech 9 Stories E-comm 9 Stories ML 8 Stories Edtech 6 Stories Hacktivist groups used hashtags like #OpIndia and #OperationSindoor, claiming responsibility for data leaks from municipal databases, defense contractors, telecom operators and hospital networks. 'Operation Sindoor is a stark reminder of how modern conflicts transcend physical borders,' said Seqrite in its advisory. 'The convergence of nation-state cyber units and ideologically driven hacktivists signals a new era of digital warfare—one designed to sow disruption, distrust, and disinformation.'
Time of India
14-05-2025
- Politics
- Time of India
These hacker groups from Pakistan and Bangladesh tried to bring down Indian websites after Operation Sindoor
Cyber researchers have reportedly identified an army of state/non-state actors like Islamic Hacker Army (Iraq), Team Azrael-Angel of Death (Palestine), Sylhet Gang SG (Bangladesh), DieNet (Bangladesh) APT36 (Pakistan), Pakistan Cyber Force, Team Insane PK, Mysterious Bangladesh, Indo Hacks Sec (Pakistan), Cyber Group HOAX 1337 (Pakistan) and National Cyber Crew (Pakistan-allied) and claiming to deface websites and breach sensitive data from several Indian government and private organisations in the past week. Security firm CloudSEK said that it has identified more than 100 claims of data theft or credential loss which were exaggerated, recycled or fake. In the past week, hacktivist groups have made grandiose claims of cyber breach. For instance, Bangladesh's SYLHET GANG-SG and DieNet claimed to have exfiltrated 247 GB of data from India's National Informatics Centre. However, an analysis of a 1.5 GB sample by CloudSEK showed only publicly available marketing materials. Similarly, Team Azrael-Angel Of Death claimed 1 million citizen records from the Election Commission, but was debunked as recycled data from a 2023 leak, not a fresh compromise, CloudSEK said. In a report titled "Road of Sindoor", the Maharashtra Cyber Police detailed the cyber warfare launched by Pakistan-allied hacking groups. The state's nodal cyber agency identified several Pakistani hacker groups responsible for launching over 15 lakh cyber attacks targeting critical infrastructure websites across India following the Pahalgam terror strike. Officials added that of these, only 150 attacks were successful. On the methods used by Pakistani hackers, the Maharashtra Cyber Police said that these include malware campaigns, Distributed Denial-of-Service (DDoS) attacks and GPS spoofing. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like 2025 Top Trending local enterprise accounting software [Click Here] Esseps Learn More Undo The report also highlights a hybrid warfare strategy by Pakistan-allied groups that includes widespread misinformation campaigns. These groups falsely claimed to have hacked India's banking system and caused power outages. These false narratives included claims of cyber attacks on India's power grid, statewide blackouts, satellite jamming, disruption of the Northern Command, and an alleged attack on a BrahMos missile storage facility, Indian security agencies said. Pakistani spy group APT36 hacking Indian mobile users' information One real threat that cybersecurity officials warned about is from the APT36, the Pakistan-linked spy group also known as Transparent Tribe. 'The group has used malware payloads, including the AllaKore and Crimson RATs, granting the attackers extensive remote control and unfettered access to infected systems,' said Sanjay Katkar, joint managing director at Quick Heal Technologies. Cybercriminals are also using AI-generated images and videos to carry out phishing social media and messaging apps. 'We've seen fake official-looking letters with made-up numbers, or videos that pretend to show new attacks on India but actually use old war pictures to trick people,' CloudSEK's Reddy said. These kinds of links/messages are said to spread via WhatsApp, Telegram and social media, preying on national sentiment to steal personal data or financial details. AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Time of India
13-05-2025
- Politics
- Time of India
Pak hackers step up multi-phase attacks in India
Hyderabad: A sharp escalation in cyber warfare between India and Pakistan unfolded since April, with multiple Indian websites defaced and strategic digital systems attacked in a series of coordinated operations attributed to Pakistan-based hacker groups, including APT36 and Team Insane to Interpol trainer and cyber forensic expert Pendyala Krishna Shastry, the attacks were part of a broader campaign of cyber and information warfare waged by Pakistani actors against Indian digital assets. These groups reportedly deployed malware, conducted phishing attacks, and launched denial-of-service operations targeting critical sectors such as finance, telecom, energy, and public a website that tracks defacements, reported incidents involving Indian govt domains. The website of National Institute of Water Sports ( was claimed to be defaced. Another, also experienced a breach, but was restored groups, Hacktivists lead multi-phase assaultThe offensive unfolded in five distinct phases. Initial attacks, which occured between April 23 and April 26, were low-scale defacements by religious hacktivist collectives, while between April 27 and May 2, denial-of-service attacks were launched against e-governance platforms. By May 6, high-skill actors initiated ransomware and data theft in manufacturing and oil and gas May 7 onwards, advanced persistent threat groups like APT36 focused on banking and payment systems, including National Payments Corporation of India (NPCI). APT36, also known as Transparent Tribe, has been active since 2013, using remote access trojans such as Crimson RAT and Capra RAT to infiltrate Indian five, which began on May 13, includes attacks reportedly supported by state actors from China, Turkey, Iran, and North Korea. The Lazarus Group, SideWinder, MuddyWater, and APT28 have been named among key actors using zero-day exploits and supply chain vulnerabilities to target core assets. Shastry underlined the urgency of countering the digital offensive with better cyber hygiene, institutional readiness, and public awareness.
Indian Express
09-05-2025
- Indian Express
As Pakistani hacker group APT36 targets Indian systems, Chandigarh police issue advisory
In view of growing cyber threats particularly from the notorious Pakistan-linked hacking group APT36 (also known as Transparent Tribe), the Chandigarh Police cyber authorities have issued a nationwide alert urging citizens and organisations to remain vigilant and adopt strict digital hygiene practices. According to cyber officials, APT36 is a well-known cyber-espionage group with a history of targeting Indian defence personnel, government institutions, research centers, diplomats, and critical infrastructure. 'Their primary tactics include phishing emails, infected mobile apps, spyware, and embedding hidden malware on educational or research websites to gain unauthorised access to sensitive information,' said a Cyber Crime Cell official. To safeguard against these threats, individuals are strongly advised to avoid clicking on unknown links or downloading files — especially APK files — from untrusted sources, as these may contain viruses or spyware. Sharing false or unverified news online is not only misleading but also aids cybercriminals by spreading panic. Citizens should refrain from downloading or sharing strange videos, such as the suspicious 'Dance of the Hillary,' which may carry harmful content, added a Cyber Crime Cell official. Authorities have also warned against opening emails with suspicious attachments, like ' known to be linked to malware attacks. Individuals must remain cautious of unknown calls or messages, particularly those claiming to be from officials or trusted contacts. Personal details and money should never be shared without thorough verification. As part of the advisory, the Indian Computer Emergency Response Team (CERT-In) has issued detailed safety measures for organisations. Offices and companies are urged to monitor networks 24×7, enforce two-factor authentication, keep all systems and software updated, train employees to detect phishing attempts, maintain offline data backups, and adopt a zero-trust security model. Anyone noticing unusual activity or potential breaches should immediately check their systems for Indicators of Compromise (IOCs) and report incidents. Complaints and suspicious activity can be reported via the cybercrime portal ( helpline number (1930), landlines (0172-2970400 / 0172-970600), email (incident@ or CERT-In's toll-free number (1800-11-4949), mentioned the cyber crime officials.
