Amid claims that Pakistan hacktivists have ‘successfully breached’ over 100 Indian government sites, educational institutions, and critical infrastructure, CloudSEK, a cybersecurity firm, debunked much of it to note that they were ‘fake’ and ‘exaggerated’ with ‘minimal actual impact.’
CloudSEK published a report detailing the analysis of these hacktivist campaigns. This follows India and Pakistan agreeing to a ceasefire following India’s retaliation to a terror strike in Pahalgam, Jammu and Kashmir region.
The report also added that the ‘alleged’ data leaks primarily contained public information, and website defacements left no digital footprints. “Supposed DDoS attacks against high-profile targets like the Prime Minister’s Office causing negligible disruption,” read a report section.
“Many hacktivist groups use tools with limited impact, often causing brief 5–10 minute outages and exaggerating them with screenshots. These tactics haven’t evolved in over two years. While monitoring is important, basic DDoS hygiene is usually enough to mitigate such low-level threats and minimise their visibility,” added the report.
For instance, hacktivist entities like SYLHET GANG-SG and DieNet claimed the exfiltration of over 247 GB of data from India’s National Informatics Centre (NIC) servers. CloudSEK said that an analysis of the 1.5 GB sample released by these groups as ‘proof’ revealed that it contained only public information.
Source: CloudSEK
CloudSEK added that Team Azrael’s May 8, 2025, claim of breaching the Election Commission of India and exposing over one million citizen records was merely an alarmist repackaging of data first leaked in 2023. In other words, this announcement did not reflect a new compromise of the ECI but a stunt to generate panic and publicity using old PII.
The report also outlined the analysis, which debunked the claims of many other hacktivist groups.
It added that ‘the more sophisticated’ espionage group APT36 continues to pose a genuine threat. A few days ago, media reports revealed that APT36 used the Crimson RAT malware (which allows attackers to execute commands to retrieve sensitive information remotely) to exploit ‘human vulnerabilities’, and use other social engineering tactics to breach defence networks.
One attack from APT 36 embedded malicious links into a PDF titled “Action Points & Response by Govt Regarding Pahalgam Terror Attack,” created on April 24, 2025 under the alias “Kalu Badshah.” When opened, the document directed victims to a spoofed domain jkpolice.gov.in.kashmirattack.exposed—which mimicked the official Jammu & Kashmir Police login page, tricking users into surrendering their credentials.
The post ‘Most of Pakistani Hacktivism on Indian Websites Fake’ appeared first on Analytics India Magazine.
