Latest news with #Keymous+
Techday NZ
14-05-2025
- Politics
- Techday NZ
Cyberattacks surge amid India-Pakistan clashes after strikes
Cyberattacks by hacktivist groups have escalated following renewed tensions between India and Pakistan. On May 7, 2025, India conducted "Operation Sindoor," a series of 24 missile strikes over 25 minutes against nine sites described as "terrorist infrastructure" in Pakistan and the Pakistan-administered region of Kashmir. According to Indian authorities, this operation was a response to the mass killing of 26 Indian tourists in Kashmir on 22 April. While India claims the strikes killed more than 70 militants and avoided civilian areas, Pakistan alleges at least 26 civilian casualties, has vowed to respond, and reports shooting down five Indian jets. Subsequent artillery exchanges have been reported along the Line of Control, closures of airspace have occurred, and international actors have called for restraint. In anticipation of cyber reprisal, India moved to temporarily block overseas users from accessing the websites of the National Stock Exchange and BSE. Officials cited cyberthreat concerns as the reason for the move, affirming that trading operations remain unaffected, though access is being controlled while risks are evaluated. Indian media outlets have documented a rise in hacking claims linked to Pakistan, and Pakistan's cyber response agency, PKCERT, has warned that hostile actors are exploiting the escalation to spread disinformation and attack critical systems. Reports compiled by Radware indicate that India has remained a frequent target of hacktivist campaigns throughout 2025, with 26 different groups targeting 100 organisations and accounting for 256 Distributed Denial of Service (DDoS) attacks since January. Most attacks were concentrated in January, but the initial week of May has seen activity accelerate as geopolitical tensions have heightened. According to Radware, RipperSec has been responsible for over 30% of DDoS claims against Indian targets this year, followed by AnonSec (16.8%), Keymous+ (10.2%), Sylhet Gang (9%), and Mr Hamza (4.7%). Groups such as Anonymous VNLBN, Bangladesh Civilian Force, SPIDER-X, RuskiNet, Arabian Ghosts, AnonPioneers, Rabbit Cyber Team, Red Wolf Cyber, Nation of Saviors, and several others have also made claims of responsibility. Hacktivists on both sides are employing various methods, from DDoS attacks and botnets to website defacements and data leaks, with the objective of disrupting service and undermining public confidence. More than half of the claimed DDoS attacks have targeted governmental agencies, with other significant targets including entities in education (8.3%), finance (7.4%), manufacturing (6.5%), and telecommunications (6.5%). Since the events of May 7, DDoS attack activity aimed at India has intensified. Radware's analysis notes a spike at 4pm UTC (9:30pm IST) with up to seven claimed attacks per hour. Threat actors involved in these attacks include AnonSec, Keymous+, Mr Hamza, Anonymous VNLBN, Arabian Hosts, Islamic Hacker Army, Sylhet Gang, Red Wolf Cyber, and the Iranian group Vulture. In these attacks post-Operation Sindoor, more than 75% of the incidents were directed at government agencies, while the financial and telecom sectors accounted for 8.5% and 6.4% respectively, comprising the bulk of the activity observed. "Politically, socially and religiously motivated hacktivist groups are increasingly coordinating efforts, amplifying their attacks against shared adversaries," Radware said in its latest alert. "Hacktivists are using hybrid strategies, leveraging application-layer and volumetric DDoS attacks that complicate defences." The Radware alert continued: "Hacktivists on both sides are targeting critical infrastructure using Web DDoS attacks, botnets, data leaks, and defacements, aiming to disrupt services and erode public trust." Recent developments show several groups, including Sylhet Gang, Mysterious Team, and Red Wolf Cyber, declaring support for Pakistan and threatening expanded attacks on Indian systems. Radware observed that since 2024, there has been a growing pattern of collaboration among groups with different ideological motivations. "As noted in the Radware 2025 Global Threat Analysis Report, 2024 was a significant turning point for hacktivist alliances, as groups driven by different political, social and religious motivations united in coordinated campaigns to target shared perceived adversaries. In 2025, this trend has gained momentum, with more hacktivists offering mutual support for each other's actions and campaigns, amplifying their messages and boosting their visibility." The alert further stated: "In the wake of Operation Sindoor, new alliances are emerging among Southeast Asian hacktivists. Some of these alliances even extend to groups traditionally opposed to Israel, such as the Iranian hacktivist group Vulture." The situation, as described by Radware, remains volatile. "As of now, less than 24 hours have passed since the escalation between India and Pakistan, and the situation remains highly volatile. Several prominent politically motivated groups, such as RipperSec and Mysterious Team Pakistan, have publicly pledged to take action but have not yet claimed responsibility for any attacks. Their impending involvement could significantly raise the stakes." Hacktivist groups based in India are also expected to intensify activity, raising concerns about reciprocal cyberattacks on Pakistani infrastructure. "Simultaneously, hacktivist groups supporting India, such as Indian Cyber Force, Cryptojackers of India, Dex4o4 and Ghost Force are expected to intensify their efforts to target Pakistani organisations. This could create a dangerous cycle of retaliation, increasing the risk of further cyberattacks, potentially targeting critical infrastructure on both sides." The tactics used by hacktivists are varied. "Hacktivists frequently deploy application-layer DDoS attacks to target specific server resources, often without generating overwhelming traffic volumes. These attacks are harder to detect and mitigate, as they imitate legitimate user interactions. Common techniques include HTTPS encrypted floods and form POSTs, which overwhelm online services and their backend systems. This can result in significant service disruptions or even complete outages, especially for critical websites like government portals, financial institutions or news outlets." "Volumetric attacks, while generally less sophisticated, are still a common strategy employed by hacktivist groups to overwhelm network infrastructure. These attacks often involve tactics such as direct path UDP floods or reflection and amplification attacks, where the target is flooded with a massive volume of UDP packets. This consumes significant bandwidth and network resources, which can potentially bring down online services or impact connectivity." "Given the increasing sophistication of and orchestration between hacktivist groups, hybrid DDoS attacks that combine multiple techniques can be observed. These attacks could simultaneously target network infrastructure with volumetric methods while also executing application-layer attacks. These strategies complicate detection and mitigation efforts." Radware highlighted the accessibility of DDoS tools as a contributing factor, noting: "Many groups may use publicly available DDoS tools to conduct their attacks. RipperSec members, for example, maintain and share a tool called MegaMedusa. Built using MegaMedusa leverages its asynchronous and non-blocking I/O capabilities to manage multiple network connections efficiently, making it suitable for orchestrating extensive DDoS campaigns. The tool is publicly accessible via GitHub, allowing users to install and operate it with minimal technical expertise. Its user-friendly installation process involves executing a few commands, making it accessible even to individuals with limited technical backgrounds. The availability of these tools makes it easier for groups with varying levels of technical expertise to launch impactful attacks." "Hacktivist groups may also utilise botnets – networks of compromised devices, often IoT devices – to launch large-scale DDoS attacks. These botnets can be rented or created through the use of malware, enabling attackers to distribute traffic across a wide range of devices. Some hacktivist groups have evolved from politically and religiously motivated attackers to DDoS-as-a-service providers, offering these services either for a fee or in exchange for advertising on their Telegram channels." "Some hacktivists may also engage in website defacements and claim responsibility for data leaks as part of their strategy to create chaos and erode public trust in institutions. These actions are often intended to undermine the credibility of targeted organisations and spread ideological messages."
Time of India
11-05-2025
- Politics
- Time of India
Gujarat on high alert against cyberattacks on govt, critical infra
Ahmedabad: Even after the India-Pakistan ceasefire was declared earlier on Saturday, the Gujarat govt remains on high alert against escalating cyber threats targeting govt systems and assets as well as critical infrastructure like power, civic systems, data centres and financial confirmed a surge in Distributed Denial of Service (DDoS) attacks and phishing campaigns by hacktivist groups . These cyberattacks aim to disrupt networks by overwhelming a target network system, network or service with web traffic, rendering it unavailable to legitimate users — and phishing principal secretary (science and technology) on May 9 issued a circular warning all departments about fake domains, phishing emails, and impersonation on social media. Employees have been advised against posting or sharing official documents, identity cards, or photos from internal meetings. Operation Sindoor Amid flare-up hours after thaw, officials say things will settle down with time Ceasefire on, but pressure stays: Key decisions by India against Pak that still stand 'Will work with India & Pakistan to seek solution on Kashmir': Trump They are also cautioned against clicking on suspicious links, documents, or QR codes. The advisory emphasizes the need for strong, unique passwords, two-factor authentication (2FA), and avoiding linking official emails to personal or third-party apps."According to a prominent cybersecurity firm Radware report several hacktivist groups were active in cyberattacks targeting central as well state infrastructure since early May. RipperSec emerged as the most active, claiming DDoS attacks followed by AnonSec which had claimed attacks immediately after Operation Sindoor. Keymous+, Sylhet Gang, and Mr Hamza also accounted for a significant portion of the claimed attacks in the days following May 6 and 7," said a senior govt govt issues advisory Ahmedabad: The state govt has issued an advisory cautioning officials against sharing "opinions, political views, or unverified news that could impact the government's neutrality or image". It further added, "Caution is advised before forwarding content in WhatsApp groups or other platforms, with a clear instruction to verify before sharing." Maintaining professional decorum in all online interactions is also advisory encouraged reporting fake profiles, suspicious content, or social media misuse to the cyber security team. Additionally, any suspicious or phishing emails must be immediately reported to the official addresses: socgovteam@ coreteam@ and obssecurity@ Get the latest lifestyle updates on Times of India, along with Mother's Day wishes , messages , and quotes !
