Latest news with #AnonSec
News18
21-05-2025
- Politics
- News18
This Class 12-Fail Gujarat Teen Used GitHub For Cyberattack On 50+ Govt Websites After Op Sindoor
Last Updated: Jasim Ansari and his associates formed a Telegram group called AnonSec to plan and carry out cyber attacks by flooding websites with excessive traffic and disrupting them. He's just 18-years-old, but smart enough to download cyber-attack tools from GitHub and learn Python programming from YouTube. This was however not to gain a cerficate of proficiency in school. In fact, the 18-year-old recently failed in class-12 science. Then why is he in news? This youth from Gujarat used all his acquired skills to carry out cyber attacks on government websites. He allegedly intensified his involvement in cyber terrorism after Operation Sindoor that was launched in retaliation to the Pahalgam terror attack. According to the Anti-Terrorism Squad, the youth has been identified as Jasim Shahnawaz Ansari, who lives in Gujarat's Nadiad. The officers said that Ansari and a few other juveniles allegedly carried out cyber attacks on more than 50 Indian government websites. The sites are said to be related to defence, finance, aviation, urban development, and several state governments. • According to ATS officials, Ansari and his associates formed a Telegram group called AnonSec to plan and carry out DDoS (Distributed Denial of Service) attacks. These attacks were intended to disrupt websites by flooding them with excessive traffic. • The ATS discovered that Ansari used online platforms such as YouTube to learn Python programming and downloaded cyber-attack tools from GitHub. He utilized these tools through applications like Termux and Pydroid to carry out DDoS attacks. • After confirming the attacks' success through Ansari posted screenshots in the AnonSec group, accompanied by anti-India messages like 'Hi, India, we just took down your shield and servers." • The name 'AnonSec', in fact, came at a later stage. Ansari, together with other like-minded juveniles, began carrying out cyberattacks using a channel called 'EXPLOITXSEC". The channel was operated through a Telegram ID '@BYTEXPLOIT". They later set up a backup channel named 'ELITEXPLOIT" with the ID '@YourMindFvcker," which was subsequently renamed to 'Anonsec." • According to a release from the ATS, they disseminated anti-national propaganda by posting about their successful attacks. Who Are These Youths Attacking Indian Govt Websites? • A report in Times of India quoted an ATS officer as saying that Ansari recently failed class-12 science, while another 17-year-old juvenile is currently in class-12. • It is yet to be ascertained whether the accused acted independently or were influenced by foreign entities. However, ATS officers have begun investigation, and further examination of the tools, software, and digital links is ongoing. The TOI report stated that the ATS is trying to get digital footprints in the case. • The investigation so far has revealed that Ansari escalated attacks following India's 'Operation Sindoor,' which was launched in response to the Pahalgam terror incident. On May 7, 2025, 20 government websites were targeted with messages like 'India may have started it, but we will be the ones to finish it," according to ATS officers. • The Gujarat ATS has filed an FIR under Sections 43 and 66F of the Information Technology Act for cyber terrorism charges. First Published: May 21, 2025, 13:05 IST
Time of India
21-05-2025
- Politics
- Time of India
Gujarat teen arrested for 50+ cyberattacks during 'Operation Sindoor'
The Gujarat Anti-Terrorism Squad (ATS) on Monday apprehended an 18-year-old named Jasim Shahnawaz Ansari from Nadiad for his suspected involvement in cyber terrorism activities. According to ATS officials, Ansari escalated his cyber attacks following the launch of India's Operation Sindoor , which was a response to the Pahalgam terror attack. Investigations revealed that between April and May 2025, Ansari and a group of juveniles allegedly carried out cyberattacks on over 50 Indian government websites , targeting sectors such as defense, finance, aviation, urban development, and various state departments. The arrest was made based on intelligence gathered during surveillance by the Gujarat ATS. Authorities discovered that Ansari and his associates operated a Telegram group called "AnonSec" where they planned and executed DDoS (Distributed Denial of Service) attacks designed to crash websites by flooding them with traffic. Ansari reportedly taught himself Python programming through YouTube and downloaded hacking tools from GitHub. These tools were used via mobile apps like Termux and Pydroid to carry out the attacks. He would verify their success through platforms like and then share screenshots in the AnonSec group, often accompanied by anti-India messages such as 'Hi, India, we just took down your shield and servers.' The group, made up of like-minded youth, frequently changed its name and shared posts promoting anti-national sentiments. On May 7, 2025, a coordinated attack targeted 20 Indian government websites, during which the group posted statements like 'India may have started it, but we will be the ones to finish it.' Live Events Authorities also disclosed that Ansari recently failed his Class 12 science exams, while one of his juvenile associates is still in Class 12. ATS is now probing whether the suspects were operating independently or were influenced by foreign elements. Investigators are examining their digital tools, software, and online footprints. The Gujarat ATS has filed an FIR under Sections 43 and 66F of the Information Technology Act, which pertain to cyber terrorism. [With TOI inputs]
NDTV
20-05-2025
- NDTV
Two Arrested For Hacking Websites, Posting Anti-India Message In Gujarat
Ahmedabad: The Gujarat Anti-Terrorism Squad (ATS) has caught two persons, including a minor, for allegedly hacking Indian websites and posting anti-India messages online, officials said on Tuesday. According to officials, the accused include a minor boy and an another individual identified as Jaseem Shahnawaz Ansari (a resident of Nadiad in Kheda district of Gujarat). Both were running a Telegram channel where they shared proof of their hacking activities, they said. During the recent Operation Sindoor, the ATS received multiple alerts about hackers targeting Indian websites. According to ATS DIG Sunil Joshi, "We often receive information about such cyber-attacks. During the operation, we found that anti-national elements were actively trying to bring down Indian websites." As per DIG Joshi, Inspector Dhruv Prajapati of Gujarat ATS received an input about Ansari and the minor running the 'AnonSec' channel. A special team was formed to investigate. The phones of both suspects were sent to the Forensic Science Laboratory (FSL) for examination. The investigation revealed that the accused had earlier created two Telegram channels named 'EXPLOITXSEC' and 'ELITEXPLOIT' (a backup channel). These were later renamed to 'AnonSec'. "They made the backup channel because if their channel is taken down for some reason, they can continue their activity through the backup channel," DIG Joshi said. Though both had failed Class 12, they reportedly became highly skilled in hacking and cyber activities in just 6 to 8 months. Apart from hacking websites, they were also found posting messages against India, he said. An FIR has been filed in connection with the case and further investigation is ongoing, he added.
Time of India
20-05-2025
- Politics
- Time of India
Nadiad youth arrested for cyber terrorism, targeted 50+ govt sites
Ahmedabad: Gujarat ATS on Monday arrested an 18-year-old youth, Jasim Shahnawaz Ansari , from Nadiad for his alleged involvement in cyber terrorism . ATS officials say investigations revealed that Ansari intensified attacks after India's Operation Sindoor was launched in retaliation to the Pahalgam terror attack. According to ATS officers, Ansari and a few other juveniles allegedly carried out cyber attacks on more than 50 Indian govt websites between April and May 2025. These included websites related to defence, finance, aviation, urban development, and several state govts. The arrest followed intelligence inputs received by the Gujarat ATS during surveillance operations. As per ATS officials, Ansari and his associates had created a Telegram group named AnonSec, where they discussed and executed DDoS (Distributed Denial of Service) attacks. These attacks aimed to bring down websites by overwhelming them with traffic. The ATS found that Ansari used online platforms like YouTube to learn Python programming, and downloaded cyber-attack tools from GitHub. These tools were used through apps like Termux and Pydroid to execute the DDoS attacks . "He later verified the success of the attacks using and shared screenshots in the AnonSec group along with anti-India messages such as 'Hi, India we just took down your shield and servers.' Ansari, along with like-minded juveniles, launched cyberattacks using various handles and changed group names frequently. They spread anti-national propaganda by posting about successful attacks," said a release from the ATS. The investigation also revealed that Ansari intensified attacks after India's 'Operation Sindoor' was launched in retaliation to the Pahalgam terror incident. On May 7, 2025, 20 govt websites were targeted and messages like "India may have started it, but we will be the ones to finish it" were posted on their group, said ATS officers. An ATS officer said that Ansari has failed in class-12 science recently and another juvenile, aged 17, is in class-12. ATS officials began investigating whether the accused acted independently or were influenced by foreign entities. Further examination of the tools, software, and digital links is ongoing. ATS officers are trying to get digital footprints in the case. Gujarat ATS registered an FIR under Sections 43 and 66F for the charges of the Information Technology Act for cyber terrorism.
Techday NZ
14-05-2025
- Politics
- Techday NZ
Cyberattacks surge amid India-Pakistan clashes after strikes
Cyberattacks by hacktivist groups have escalated following renewed tensions between India and Pakistan. On May 7, 2025, India conducted "Operation Sindoor," a series of 24 missile strikes over 25 minutes against nine sites described as "terrorist infrastructure" in Pakistan and the Pakistan-administered region of Kashmir. According to Indian authorities, this operation was a response to the mass killing of 26 Indian tourists in Kashmir on 22 April. While India claims the strikes killed more than 70 militants and avoided civilian areas, Pakistan alleges at least 26 civilian casualties, has vowed to respond, and reports shooting down five Indian jets. Subsequent artillery exchanges have been reported along the Line of Control, closures of airspace have occurred, and international actors have called for restraint. In anticipation of cyber reprisal, India moved to temporarily block overseas users from accessing the websites of the National Stock Exchange and BSE. Officials cited cyberthreat concerns as the reason for the move, affirming that trading operations remain unaffected, though access is being controlled while risks are evaluated. Indian media outlets have documented a rise in hacking claims linked to Pakistan, and Pakistan's cyber response agency, PKCERT, has warned that hostile actors are exploiting the escalation to spread disinformation and attack critical systems. Reports compiled by Radware indicate that India has remained a frequent target of hacktivist campaigns throughout 2025, with 26 different groups targeting 100 organisations and accounting for 256 Distributed Denial of Service (DDoS) attacks since January. Most attacks were concentrated in January, but the initial week of May has seen activity accelerate as geopolitical tensions have heightened. According to Radware, RipperSec has been responsible for over 30% of DDoS claims against Indian targets this year, followed by AnonSec (16.8%), Keymous+ (10.2%), Sylhet Gang (9%), and Mr Hamza (4.7%). Groups such as Anonymous VNLBN, Bangladesh Civilian Force, SPIDER-X, RuskiNet, Arabian Ghosts, AnonPioneers, Rabbit Cyber Team, Red Wolf Cyber, Nation of Saviors, and several others have also made claims of responsibility. Hacktivists on both sides are employing various methods, from DDoS attacks and botnets to website defacements and data leaks, with the objective of disrupting service and undermining public confidence. More than half of the claimed DDoS attacks have targeted governmental agencies, with other significant targets including entities in education (8.3%), finance (7.4%), manufacturing (6.5%), and telecommunications (6.5%). Since the events of May 7, DDoS attack activity aimed at India has intensified. Radware's analysis notes a spike at 4pm UTC (9:30pm IST) with up to seven claimed attacks per hour. Threat actors involved in these attacks include AnonSec, Keymous+, Mr Hamza, Anonymous VNLBN, Arabian Hosts, Islamic Hacker Army, Sylhet Gang, Red Wolf Cyber, and the Iranian group Vulture. In these attacks post-Operation Sindoor, more than 75% of the incidents were directed at government agencies, while the financial and telecom sectors accounted for 8.5% and 6.4% respectively, comprising the bulk of the activity observed. "Politically, socially and religiously motivated hacktivist groups are increasingly coordinating efforts, amplifying their attacks against shared adversaries," Radware said in its latest alert. "Hacktivists are using hybrid strategies, leveraging application-layer and volumetric DDoS attacks that complicate defences." The Radware alert continued: "Hacktivists on both sides are targeting critical infrastructure using Web DDoS attacks, botnets, data leaks, and defacements, aiming to disrupt services and erode public trust." Recent developments show several groups, including Sylhet Gang, Mysterious Team, and Red Wolf Cyber, declaring support for Pakistan and threatening expanded attacks on Indian systems. Radware observed that since 2024, there has been a growing pattern of collaboration among groups with different ideological motivations. "As noted in the Radware 2025 Global Threat Analysis Report, 2024 was a significant turning point for hacktivist alliances, as groups driven by different political, social and religious motivations united in coordinated campaigns to target shared perceived adversaries. In 2025, this trend has gained momentum, with more hacktivists offering mutual support for each other's actions and campaigns, amplifying their messages and boosting their visibility." The alert further stated: "In the wake of Operation Sindoor, new alliances are emerging among Southeast Asian hacktivists. Some of these alliances even extend to groups traditionally opposed to Israel, such as the Iranian hacktivist group Vulture." The situation, as described by Radware, remains volatile. "As of now, less than 24 hours have passed since the escalation between India and Pakistan, and the situation remains highly volatile. Several prominent politically motivated groups, such as RipperSec and Mysterious Team Pakistan, have publicly pledged to take action but have not yet claimed responsibility for any attacks. Their impending involvement could significantly raise the stakes." Hacktivist groups based in India are also expected to intensify activity, raising concerns about reciprocal cyberattacks on Pakistani infrastructure. "Simultaneously, hacktivist groups supporting India, such as Indian Cyber Force, Cryptojackers of India, Dex4o4 and Ghost Force are expected to intensify their efforts to target Pakistani organisations. This could create a dangerous cycle of retaliation, increasing the risk of further cyberattacks, potentially targeting critical infrastructure on both sides." The tactics used by hacktivists are varied. "Hacktivists frequently deploy application-layer DDoS attacks to target specific server resources, often without generating overwhelming traffic volumes. These attacks are harder to detect and mitigate, as they imitate legitimate user interactions. Common techniques include HTTPS encrypted floods and form POSTs, which overwhelm online services and their backend systems. This can result in significant service disruptions or even complete outages, especially for critical websites like government portals, financial institutions or news outlets." "Volumetric attacks, while generally less sophisticated, are still a common strategy employed by hacktivist groups to overwhelm network infrastructure. These attacks often involve tactics such as direct path UDP floods or reflection and amplification attacks, where the target is flooded with a massive volume of UDP packets. This consumes significant bandwidth and network resources, which can potentially bring down online services or impact connectivity." "Given the increasing sophistication of and orchestration between hacktivist groups, hybrid DDoS attacks that combine multiple techniques can be observed. These attacks could simultaneously target network infrastructure with volumetric methods while also executing application-layer attacks. These strategies complicate detection and mitigation efforts." Radware highlighted the accessibility of DDoS tools as a contributing factor, noting: "Many groups may use publicly available DDoS tools to conduct their attacks. RipperSec members, for example, maintain and share a tool called MegaMedusa. Built using MegaMedusa leverages its asynchronous and non-blocking I/O capabilities to manage multiple network connections efficiently, making it suitable for orchestrating extensive DDoS campaigns. The tool is publicly accessible via GitHub, allowing users to install and operate it with minimal technical expertise. Its user-friendly installation process involves executing a few commands, making it accessible even to individuals with limited technical backgrounds. The availability of these tools makes it easier for groups with varying levels of technical expertise to launch impactful attacks." "Hacktivist groups may also utilise botnets – networks of compromised devices, often IoT devices – to launch large-scale DDoS attacks. These botnets can be rented or created through the use of malware, enabling attackers to distribute traffic across a wide range of devices. Some hacktivist groups have evolved from politically and religiously motivated attackers to DDoS-as-a-service providers, offering these services either for a fee or in exchange for advertising on their Telegram channels." "Some hacktivists may also engage in website defacements and claim responsibility for data leaks as part of their strategy to create chaos and erode public trust in institutions. These actions are often intended to undermine the credibility of targeted organisations and spread ideological messages."
