HEADQUARTERS
3rd Comm Bn., Fwd (-)7th FMF WestPac
Yokosuka, JPN
12 May 2025
Fm. Charlie.Two SU Alpha.
To. CMG, 7th FMF WestPac
Subj. CyberOffensive--Pakistan.India--Combined Action Report
Ref: DivO 5750.2B
(a) MCO 5750.4
(b) FMF Pac 5750.8
(c) DivO 57550.2B
Encl: (1) In accordance with the above provisions of references (a), (b), and (c), enclosure (1) is submitted herewith.
1. Key Internet Service Providers (ISPs) and Market Share
a. The Indian internet market is dominated by a handful of major players, both in wired and wireless segments:
b. Provider, Total Subscribers (million), Market Share (2023), Ownership.
(1) Jio, 470.19, 49.99%, Jio Platforms.
(2) Airtel, 264.76, 30.16%, Bharti Airtel.
(3) Vodafone Idea, 127.29, 14.94%, Vodafone Idea Limited.
(4) BSNL, 25.12, 3.06%, Government of India.
(5) ACT, 2.23, 0.24%, Atria Convergence.
c. Jio and Airtel are the two largest providers, together accounting for about 80% of the market.
d. BSNL and MTNL are government-owned entities, with BSNL having a stronger presence in rural and remote areas.
e. There are over 1,100 registered ISPs, but the top ten account for nearly 99% of subscribers.
2. Regulatory and Organizational Structure
a. Telecom Regulatory Authority of India (TRAI):
(1) Oversees telecom and internet regulation, including service provider licensing and consumer protection.
b. Regional Internet Registry (APNIC):
(1) Manages IP address allocation for India and the Asia-Pacific region.
c. Open Government Data (OGD) Platform:
(1) Publishes state/UT-wise data on internet access in public institutions like schools.
3. Notable Threat Groups
a. Nation of Saviors
b. Keymous+
c. Electronic Army Special Forces
d. GARUDA ERROR SYSTEM
e. Sylhet Gang-SG
f. Others:
(1) Coordinated via Telegram, X, and encrypted channels.
PART II. NARRATIVE SUMMARY
1. Summary of Recent Cyberattacks and Outages in India (May 2025)
a. Since late April 2025, India has experienced a significant surge in cyberattacks, primarily following the Pahalgam terror attack and subsequent escalation of tensions with Pakistan.
(1) The majority of these attacks have been attributed to pro-Pakistani and Bangladeshi hacktivist groups, with a focus on government, critical infrastructure, and private sector targets.
2. Types of Attacks
a. Distributed Denial of Service (DDoS):
(1) Over 55% of identified attacks were DDoS, aiming to overwhelm and disrupt targeted servers.
b. Website Defacement:
(1) Several incidents involved altering the appearance or content of Indian government and private sector websites.
c. Data Breaches and Leaks:
(1) Some data leaks occurred, but the sensitivity of leaked information was often overstated by attackers.
(2) For example, a claimed breach of Andhra Pradesh High Court data was mostly limited to publicly accessible metadata, though some password hashes were exposed.
d. Misinformation Campaigns:
(1) Coordinated efforts to spread fake news and misinformation were also observed, with authorities actively countering these campaigns.
3. Major Networks and Providers Targeted
Government Portals:
a. Prime Minister’s Office, President’s Office, Ministries of Home, Defence, External Affairs, Health, and law enforcement portals were targeted, but disruptions were minimal and short-lived (typically less than five minutes).
b. Critical Infrastructure:
(1) BSNL (Bharat Sanchar Nigam Limited), Indian Railways, Income Tax Department (brief slowdown reported), Hindustan Aeronautics Ltd, State Government Portals.
c. Telecom Providers:
(1) Reliance Jio, Vodafone Idea, BSNL
(2) These operators faced cyberattacks, especially in border regions, but maintained network continuity through coordinated response and real-time monitoring.
4. Regions Most Affected
Border Areas:
a. Telecom and internet infrastructure near the Indo-Pak border were specifically targeted between May 7-9, 2025, but major outages were prevented through proactive measures.
b. Nationwide:
(1) Attacks spanned across various states, with Maharashtra Cyber officials reporting ongoing incidents and Kerala-based cybersecurity firms monitoring the situation closely.
5. Impact and Response
Minimal Service Disruption:
a. Despite the volume of attacks (over 1.5 crore attempts with only 150 successful), the actual impact on critical services was negligible, with most websites and networks remaining operational.
b. Robust Countermeasures:
(1) Indian authorities and telecom providers set up national control centers, enhanced monitoring, and adopted disaster management protocols to ensure service continuity.
c. Active Misinformation Management:
(1) Authorities took down dozens of fake news posts and debunked exaggerated claims about data theft and outages.
PART III. TECHNICAL ASPECTS
1. Nature and Execution of the Attacks
a. Scale and Tactics
(1) Over 500 Indian government and private entities were targeted, with more than 200 distinct cyber incidents identified between April 22 and May 8, 2025.
(2) The majority of attacks (over 55%) were Distributed Denial of Service (DDoS) attacks, which are designed to overwhelm and disrupt the normal functioning of targeted servers.
(3) Other tactics included website defacement, data breaches, and data leaks, but DDoS and defacement were the most common.
2. Coordination and Motivation
a. More than 40 hacktivist groups coordinated these attacks, often using Telegram and other encrypted channels for operational planning.
b. The attacks were ideologically motivated, aiming to retaliate for real-world military actions and to undermine public trust in Indian institutions.
3. Effectiveness and Impact
Limited Success
a. Despite the large volume-Maharashtra Cyber officials reported 1.5 crore (15 million) cyberattack attempts-only about 150 attacks were deemed "successful," and even these did not result in significant disruption or data theft.
(1) Most attacks caused only temporary slowdowns or minor website defacements.
(2) For example, the Income Tax portal experienced a brief slowdown, but the threat was swiftly neutralized due to robust infrastructure and real-time monitoring.
b. No critical infrastructure was penetrated, and there was no evidence of major data breaches or operational outages in sectors such as aviation, municipal systems, or the Election Commission.
4. Expert Assessment
a. Cybersecurity analysts described the attacks as "mid-scale" and "amateurish," with minimal impact due to India's preparedness and defensive measures.
(1) Indian agencies thwarted 30–40 major cyberattacks daily, thanks to fortified firewalls, layered protocols, and constant monitoring.
(2) Experts noted that while the attacks were persistent and well-coordinated, they failed to achieve their intended disruptive objectives.
b. The cyberattacks against India in late April and early May 2025 were highly coordinated and persistent but ultimately amateurish and ineffective.
(1) They failed to disrupt or take down any major cyber networks, with Indian cybersecurity defenses successfully neutralizing threats and preventing significant damage.
PART IV. CIVIL AFFAIRS
1. International Media Coverage
a. Widespread Reporting on Cyber Offensive:
(1) International and Indian media have widely reported a surge in cyberattacks against over 500 Indian government and private entities following the April 22, 2025, Pahalgam terror attack and subsequent Indo-Pak military tensions. (2) These attacks, primarily attributed to pro-Pakistani and Bangladeshi hacktivist groups, included Distributed Denial-of-Service (DDoS) attacks, website defacements, and attempted data breaches.
b. Escalation After Military Strikes:
(1) Media outlets highlighted that the cyber offensive intensified after India’s retaliatory Operation Sindoor on May 7, with hacktivist groups synchronizing their cyber operations and propaganda with real-world military developments.
c. Coverage of Social Media Restrictions:
(1) International news organizations covered India’s directive to X (formerly Twitter) to block over 8,000 accounts, including those of Pakistani politicians, celebrities, and media organizations, citing concerns over misinformation and provocative content.
(2) This move was widely described as an act of censorship by X and was debated in the context of free speech and platform governance.
2. Social Media Reaction
a. Hashtag Campaigns and Hacktivist Claims:
(1) Social media platforms, especially X and Telegram, saw a proliferation of hacktivist claims under hashtags like #OpIndia. Pro-Pakistan and pro-India groups both publicized their cyber exploits, often referencing ongoing military actions and stoking nationalist sentiment.
b. Spread of Misinformation:
(1) There was a significant surge in misinformation, including deepfake videos and recycled images from unrelated conflicts, circulating widely on WhatsApp, Facebook, Instagram, YouTube, and X.
(2) This digital crossfire overwhelmed moderation systems, exposing gaps in regulatory and technical safeguards.
c. Government Response and Fact-Checking:
(1) The Indian Ministry of Defence issued advisories through official channels, urging citizens to report fake content and use government fact-checking services.
(2) India also took steps to restrict access to accounts and channels deemed to be spreading false or inflammatory material.
d. Cross-Border Blocking: In response, Pakistan’s authorities blocked over a dozen Indian YouTube channels and multiple websites, accusing them of spreading anti-Pakistan propaganda and misinformation.
3. Summary
a. The international media framed the cyberattacks on India as part of a broader hybrid conflict, with hacktivist groups aligning their digital campaigns to geopolitical and military developments.
b. Social media became a battleground for both cyber operations and information warfare, with governments on both sides imposing sweeping restrictions and issuing public advisories to counter misinformation and maintain control over the narrative.
4. Analysis of the Impact of Pakistan's Cyberwarfare Against India (April–May 2025)
a. Summary:
(1) Claims that Pakistan’s cyberwarfare against India in April–May 2025 had only limited impact are not supported by the available evidence; in fact, the attacks caused significant disruption to Indian infrastructure and critical services, though some official sources dispute the scale of the damage.
(2) Evidence of Significant Cyber Impact
(i) Multiple credible sources report that Pakistan launched a limited but highly effective cyberattack on India, activating less than 10% of its cyber capabilities yet causing substantial disruption.
(ii) The attacks destroyed ten SCADA arrays, wiped over 1,700 servers, crashed thirteen key government websites, disrupted railway systems, and forced power grids in cities like Mumbai onto emergency backup.
(iii) The attacks also included GPS spoofing, signal jamming, satellite blinding, and hacking of key databases, triggering economic turbulence and a sharp fall in Indian markets.
(3) The cyber campaign was part of a broader strategy that included psychological tactics such as drone overflights and information operations, aiming to pressure Indian leadership and shift the rules of engagement in the region.
(i)
Reports also document that Pakistan-linked hacktivist groups claimed over 100 cyberattacks on Indian government, education, and critical infrastructure targets during this period.
5. Counterclaims and Limitations
a. Indian government sources and fact-checkers contest some of the more extreme impact claims.
(1) For example, the assertion that 70% of India's power grid was disabled by Pakistani cyberattacks was labeled "fake" by the Indian Press Information Bureau (PIB).
b. Despite a high volume of reported attacks (1.5 million), only about 150 were confirmed to have succeeded, suggesting that while the threat was large, the actual penetration rate was relatively low.
c. Some analyses argue that while cyberattacks caused tactical disruption, their strategic impact was limited and transient. The attacks did not fundamentally alter the balance of power or deter India from retaliatory actions, nor did they impose lasting costs that would force a shift in strategic calculus.
3. Broader Context and Usefulness of Cyberwarfare
a. The April–May 2025 cyber operations demonstrated that cyberwarfare can cause widespread disruption, but also highlighted its limitations:
(1) Many attacks were short-lived, with systems restored within hours or days.
(2) The attacks did not prevent India from launching its own military and cyber responses, nor did they force a change in Indian policy or posture.
(3) The episode reinforced that cyberwarfare, while a powerful tool for asymmetric disruption and psychological pressure, is not by itself decisive in resolving major geopolitical disputes or compelling adversaries to change course.
4. Conclusion
a. The cyberwarfare campaign launched by Pakistan against India in April–May 2025 achieved significant tactical disruption, affecting critical infrastructure, government services, and public confidence.
b. However, the overall strategic usefulness of these attacks was limited:
(1) The disruption was largely temporary, the most extreme claims of damage were disputed, and there was no evidence that cyber operations alone compelled major policy shifts or deterred further escalation.
(2) This episode underscores both the potential and the constraints of cyberwarfare as a tool of statecraft in high-stakes conflicts.
PART V. SUPPORTING DOCUMENTS
1. Current Status:
a. Blackouts, Power Outages, and Internet Disruptions in India, Pakistan, and Jammu & Kashmir (as of May 12, 2025)
(1) India (General and Power Grid Situation):
(i) India is currently experiencing a period of high risk for power shortages and load shedding, especially during May and June 2025. This is due to a projected record electricity demand (peaking at 273 GW in June) and limitations in supply, particularly during non-solar hours.
(ii) The National Load Despatch Centre (NLDC) has warned of unmet demand of 15–20 GW during these peak months, with the risk of outages highest from April to October.
These shortages are not necessarily due to grid failure, but are expected as planned or rolling blackouts (load shedding) to manage the supply-demand gap during the summer.
(2) Jammu & Kashmir and Border Regions:
(i) Recently, there have been widespread power outages and blackouts in Jammu and other border regions, including parts of Punjab and Rajasthan.
(ii) These were primarily precautionary or emergency measures in response to military tensions and drone activity along the India-Pakistan border.
(iii) In Jammu, significant explosions and sirens were reported, followed by a citywide blackout. This was linked to escalated military exchanges and security concerns, particularly after attempted drone attacks and artillery exchanges.
(iv) Border districts in Rajasthan (Barmer, Jaisalmer, Bikaner, Ganganagar) observed full blackouts overnight as a precaution, but normalcy has largely returned by Monday morning. Schools and public institutions in some areas remain closed as a precaution.
(v) Punjab also saw blackout orders in several districts, which have now been withdrawn following a ceasefire agreement between India and Pakistan. Authorities have restored normalcy and lifted restrictions as of May 10, 2025.
(3) Pakistan:
(i) There are no specific reports in the provided results about nationwide blackouts or internet shutdowns in Pakistan itself, but the country is involved in the recent military escalation that triggered blackouts on the Indian side of the border.
(ii) Internet Denial of Service (DoS) or Outages:
There is no direct evidence from the search results of widespread internet denial of service attacks or deliberate internet shutdowns across India, Pakistan, or Jammu & Kashmir as of the current date.
2. Summary Table: Attack Characteristics vs. Impact
| Aspect | Description (April–May 2025) | Result/Impact |
|---|---|---|
| Attack Volume | 1.5 crore attempts, 200+ distinct incidents | Only 150 minor successes |
| Attack Types | DDoS (55%), defacement, data breach, data leak | Temporary slowdowns, no outages |
| Target Sectors | Government, finance, education, healthcare, IT | No critical infra compromised |
| Perpetrators | 40+ hacktivist groups, mainly pro-Pakistani/Bangladeshi | Largely amateurish operations |
| Indian Response | Fortified firewalls, real-time monitoring, advisories | Attacks neutralized, minimal impact |
3. Synthetic Intelligence: Perplexity-AI.
4. Image credit: https://economictimes.indiatimes.com/news/defence/pakistan- backed-hackers-target-indian-military-sites- databases/articleshow/120831760.cms?from=mdr
5. Prepared for Charlie.Two by
JCL, (204xxxx-2533),
SubUnit Alpha, Firebase Tango.
End of Report
CLASSIFIED
No comments:
Post a Comment