Pakistani hacker groups target Indian defence institutions amid rising tensions

Indian defence institutions have come under coordinated cyberattacks allegedly orchestrated by Pakistan-based hacker groups, the Indian Army confirmed on Monday. The disclosure comes in the wake of the April 22 terror attack in Pahalgam, Jammu and Kashmir, that left 26 people dead, intensifying diplomatic tensions between the two countries.

According to the Army, a cyber group operating under the name ‘Pakistan Cyber Force’ targeted key Indian defence organizations, including the Military Engineer Services (MES) and the Manohar Parrikar Institute for Defence Studies and Analyses (MP-IDSA). The group reportedly gained access to sensitive data, including login credentials and personal details of military personnel. In a further escalation, the attackers claimed to have exfiltrated nearly 10 GB of files linked to over 1,600 users from MP-IDSA.

One of the most visible incidents involved an attempted defacement of the official website of Armoured Vehicle Nigam Limited (AVNL), a defence Public Sector Undertaking. Hackers replaced imagery of an Indian tank with visuals of Pakistan’s Al Khalid tank and displayed Pakistan’s national flag. A message allegedly left by the attackers read: “Your armoured factory is now owned by Pakistan, courtesy Pakistan Cyber Force.”

In response, AVNL’s website was taken offline as a precautionary step to conduct a comprehensive audit of the system and assess any damage from the intrusion. The Indian Army stated that immediate measures were being taken to reinforce digital security and prevent further breaches.

Other groups, including ‘Cyber Group HOAX1337,’ ‘National Cyber Crew,’ and ‘IOK Hacker,’ also reportedly took part in the cyber offensive. These groups attempted to deface several websites associated with the Indian Army, including Army Public Schools in Jammu, a healthcare portal for ex-servicemen, the Army Institute of Hotel Management, and the Indian Air Force’s veteran placement portal. While some attacks resulted in defacement or temporary disruption, others, such as those on Army Public School Srinagar, AWHO, and the IAF portal, were successfully repelled.

Indian cybersecurity agencies and defence cyber units are now on high alert. The Army confirmed that real-time surveillance systems have been deployed to monitor potential threats in cyberspace. “Cybersecurity experts and agencies are actively monitoring cyberspace to detect any additional cyber attacks, particularly those that may be sponsored by threat actors linked to Pakistan,” the Army said in a statement.

Authorities are treating the incidents as more than just technical violations, framing them as psychological operations intended to destabilize morale and disrupt institutional integrity. In addition to reinforcing digital infrastructure, security across critical military installations and high-security prisons in Jammu has been tightened following intelligence reports of possible further attacks.

Despite the scale and coordination of the hacking attempts, officials emphasized that India’s defence cybersecurity architecture remains resilient. Multiple attempted intrusions were thwarted before critical data could be extracted, aided by fortified firewalls and incident response protocols.