Amid claims that Pakistan hacktivists have ‘efficiently breached’ over 100 Indian authorities websites, academic establishments, and important infrastructure, CloudSEK, a cybersecurity agency, debunked a lot of it to notice that they had been ‘faux’ and ‘exaggerated’ with ‘minimal precise affect.’
CloudSEK revealed a report detailing the evaluation of those hacktivist campaigns. This follows India and Pakistan agreeing to a ceasefire following India’s retaliation to a terror strike in Pahalgam, Jammu and Kashmir area.
The report additionally added that the ‘alleged’ knowledge leaks primarily contained public info, and web site defacements left no digital footprints. “Supposed DDoS assaults towards high-profile targets just like the Prime Minister’s Workplace inflicting negligible disruption,” learn a report part.
“Many hacktivist teams use instruments with restricted affect, usually inflicting transient 5–10 minute outages and exaggerating them with screenshots. These ways haven’t advanced in over two years. Whereas monitoring is vital, primary DDoS hygiene is often sufficient to mitigate such low-level threats and minimise their visibility,” added the report.
As an illustration, hacktivist entities like SYLHET GANG-SG and DieNet claimed the exfiltration of over 247 GB of information from India’s Nationwide Informatics Centre (NIC) servers. CloudSEK mentioned that an evaluation of the 1.5 GB pattern launched by these teams as ‘proof’ revealed that it contained solely public info.
Supply: CloudSEK
CloudSEK added that Group Azrael’s Could 8, 2025, declare of breaching the Election Fee of India and exposing over a million citizen data was merely an alarmist repackaging of information first leaked in 2023. In different phrases, this announcement didn’t replicate a brand new compromise of the ECI however a stunt to generate panic and publicity utilizing outdated PII.
The report additionally outlined the evaluation, which debunked the claims of many different hacktivist teams.
It added that ‘the extra subtle’ espionage group APT36 continues to pose a real menace. A number of days in the past, media reviews revealed that APT36 used the Crimson RAT malware (which permits attackers to execute instructions to retrieve delicate info remotely) to use ‘human vulnerabilities’, and use different social engineering ways to breach defence networks.
One assault from APT 36 embedded malicious hyperlinks right into a PDF titled “Motion Factors & Response by Govt Concerning Pahalgam Terror Assault,” created on April 24, 2025 beneath the alias “Kalu Badshah.” When opened, the doc directed victims to a spoofed area jkpolice.gov.in.kashmirattack.uncovered—which mimicked the official Jammu & Kashmir Police login web page, tricking customers into surrendering their credentials.
The put up ‘Most of Pakistani Hacktivism on Indian Web sites Faux’ appeared first on Analytics India Journal.
