Cyberattacks on Indian Defence-Linked Websites Thwarted by Cybersecurity Experts Amid Rising Cross-Border Tensions

In April 2025, Indian cybersecurity agencies successfully foiled multiple cyberattacks targeted at websites linked to defence infrastructure. These websites, though not hosting classified data, are essential parts of India’s extended defence ecosystem. The cyberattacks were traced to a Pakistani hacker group called IOK Hacker or Internet of Khilafah, whose objective was to cause digital disruption and create psychological panic.

What Was Targeted in the Cyberattack?

Hackers focused on public-facing defence-affiliated websites, assuming these would have lower security than core military systems. The four targeted platforms included:

These cyber threats were stopped before any major breach occurred.

Tactics Used by the Attackers

The attackers used a mix of basic and intermediate cyberattack techniques, such as:

• Website Defacement: Altering webpages to post false or provocative messages

• DDoS Attacks: Flooding servers with traffic to make websites crash

• SQL Injection and Database Access: Attempting to extract user data from backend servers

• Brute Force Login Attempts: Repeatedly trying to guess login credentials

  
  

While these are common in cyber warfare, Indian systems responded rapidly to mitigate them.

Who Were the Attackers?

According to Indian intelligence, the attacks were carried out by a Pakistani-based hacker group known as:

• IOK Hacker (Internet of Khilafah)

This group is known for politically motivated cyber operations with objectives such as:

• Creating unrest through online propaganda

• Disrupting public trust in defence institutions

• Targeting low-security entry points in defence-adjacent infrastructure

India’s Swift and Effective Cybersecurity Response

Indian cybersecurity teams—both government and military—responded swiftly and decisively:

• Quarantined the affected systems

• Removed malicious content

• Conducted forensic analysis to trace the attack origin

• Secured the servers with updated patches and enhanced firewalls

Most importantly, no classified military systems or networks were compromised, reinforcing India's multi-layered cybersecurity strategy.

Why Attack Defence-Linked Civil Platforms?

1. Easier Targets, Maximum Attention

Since core military networks are heavily protected, hackers often turn to public-facing websites to:

• Gain media attention

• Spread false narratives

• Create panic among the public and staff

2. Psychological Warfare

These attacks are part of asymmetric digital warfare, aimed at:

• Lowering morale

• Sowing distrust in defence readiness

• Provoking emotional and political reactions

Connection to Recent Geopolitical Tensions

The attacks took place shortly after:

• A terrorist attack in Pahalgam (April 22, 2025)

• Incidents of cross-border firing along the LoC

This indicates a coordinated effort to increase disruption via both physical and cyber means.

What This Means for India’s Cybersecurity Landscape

This event highlights several important facts:

• Cybersecurity is national security

• Even non-classified platforms like school or housing websites must be protected

• Cyber awareness and preparedness across all departments is critical

• Collaborative action between military and civilian cybersecurity units is effective

Lessons Learned for Future Protection

To prevent future threats, India is continuing to:

• Upgrade cybersecurity protocols across all defence-linked portals

• Conduct penetration testing and vulnerability audits

• Implement AI-based threat detection

• Train staff and developers on secure coding and cyber hygiene

Conclusion

The attempted cyberattacks from Pakistan on Indian defence-affiliated platforms serve as a reminder that digital warfare is an ongoing threat. Thanks to India’s robust cyber infrastructure and quick response mechanisms, these cyber intrusions were neutralized before any real damage occurred. As cybersecurity becomes an integral part of national defence, vigilance, training, and continual improvement are key to staying ahead of adversaries.

FAQs

What happened during the April 2025 cyberattacks on Indian defence websites?

Four defence-linked websites in India were targeted by a Pakistani hacker group but were successfully protected.

Which websites were attacked in this cyber incident?

Army Public School Srinagar, Army Public School Ranikhet, AWHO, and IAFPO websites were targeted.

Who was behind the attacks on Indian defence sites?

A Pakistani-based hacker group known as IOK Hacker or Internet of Khilafah.

What kind of cyberattacks were attempted?

The attacks included website defacement, DDoS flooding, and attempts to breach databases.

Was any sensitive defence information stolen?

No, Indian authorities confirmed that no classified or sensitive military systems were affected.

Why were school and housing websites targeted instead of core military systems?

Because these platforms are easier to breach and still connected to the defence ecosystem.

What is website defacement?

It is when hackers change the content of a website to display propaganda or offensive material.

What is a DDoS attack?

A Distributed Denial of Service attack floods a website with traffic to crash it.

How did India respond to the cyberattacks?

Cybersecurity teams quickly isolated and restored affected websites while tracing the attackers.

Were the attacks connected to any geopolitical events?

Yes, they occurred shortly after the Pahalgam terror attack and LoC firing incidents.

Did the attackers succeed in breaching the databases?

Attempts were made but were unsuccessful due to timely intervention.

How was the hacker group identified?

Through forensic analysis and cyber intelligence tools.

What is the full form of AWHO?

Army Welfare Housing Organisation.

What is IAFPO?

Indian Air Force Placement Organisation.

What was the motive behind these cyberattacks?

To spread propaganda, create confusion, and test India’s cyber resilience.

Is India prepared for future cyberattacks?

Yes, multi-layered cyber defence systems are in place and are constantly being upgraded.

How important is cyber security for public-facing defence websites?

It is critical, as even non-classified sites can be used to spread misinformation.

Was any propaganda posted on these websites?

Yes, propaganda messages were posted on defaced sites like APS Srinagar.

What does the name IOK Hacker stand for?

Internet of Khilafah, a pro-Pakistani cyber group.

Are such attacks common during rising border tensions?

Yes, cyberattacks often accompany traditional and hybrid warfare strategies.

What measures were taken after the attacks?

Websites were patched, monitored, and further hardened against future threats.

Did this incident affect defence recruitment or housing services?

No major disruption was reported thanks to the quick response.

Can students access APS Srinagar and Ranikhet websites now?

Yes, both were restored after the incident.

Was any malware found in the systems?

Investigations found malicious scripts which were removed promptly.

How can other organisations protect against such attacks?

By using firewalls, encryption, regular audits, and cybersecurity training.

Is India collaborating internationally on cyber defence?

Yes, India works with various nations and tech companies to strengthen its cyber walls.

How long did it take to recover the websites?

Most websites were restored within hours of the attack.

What role did Indian intelligence play?

They helped trace the source and analyze the cyberattack footprint.

Was this the first time Pakistan-based hackers targeted India?

No, similar attempts have occurred in the past, especially during heightened tensions.

Why is cyber defence essential for national security?

Because attacks can disrupt essential services and manipulate public perception.