The heightened cyber activity came shortly after India launched military strikes on Pakistan on 7 May
In the wake of renewed military tensions between India and Pakistan, cybersecurity researchers have reported a spike in cyberattacks primarily led by hacktivist groups. However, despite the surge in activity, experts suggest the actual impact on critical infrastructure and essential services in both countries has been negligible.
The heightened cyber activity came shortly after India launched military strikes on Pakistan on 7 May. The strikes followed a deadly attack on 25 Indian tourists in Kashmir’s India-administered region in late April. According to an analysis released by cybersecurity firm CloudSEK on 11 May, more than 100 attacks were observed in early May, mainly targeting government and education sector servers. However, the majority of these attacks caused minimal disruption.
While there was indeed a noticeable uptick in threats, most incidents did not affect key systems or services, according to Pagilla Manohar Reddy, threat researcher at CloudSEK. “Most of what we’ve seen are website defacements targeting noncritical domains — typically personal websites or those running WordPress,” he explained. “We’ve also noticed attackers using compromised credentials to steal data, which they then post publicly as ‘breaches.’ The sensitivity of this information varies quite a bit, and sometimes it’s just recycled data from previous incidents.”
Reddy noted that the volume of hacktivist activity surged around the time of India’s military response but has since significantly declined. These observations were echoed by global cybersecurity company Radware, which also documented the spike in cyber incidents tied to the 7 May operation, referred to as Operation Sindoor by Indian authorities.
Radware’s Director of Threat Intelligence, Pascal Geenens, pointed to a pattern of short-lived attacks with limited impact. “There were already a lot of attacks on India and also within the Southeast Asian countries — a lot of infighting between religious activists mostly,” he said. “We saw a surge in attacks on May 7, but after that, I have to say that it cooled down, and now, after the weekend, I only see a couple of verified attacks.”
CloudSEK’s data highlights that attackers primarily focused on Indian government and education sector websites, rather than any critical or high-value systems. Even among the more than 200 incidents tracked since early May, around 95 per cent were assessed to have had no tangible effect. Reddy noted that many defacements or distributed denial-of-service (DDoS) attacks resulted in only momentary disruptions, with most systems quickly recovering. Claims of data breaches often lacked evidence or were linked to older, previously leaked data.
This wave of cyberattacks is part of a growing trend where geopolitical conflict increasingly spills into the digital world. Cyber operations have played a significant role in other ongoing regional conflicts. Russia and Ukraine, for instance, have combined military and cyber tactics more extensively than any other known conflict, using destructive cyber operations alongside kinetic warfare. In the Middle East, cyber offensives between Israeli and Palestinian-aligned groups have grown more sophisticated, while Iranian and Chinese actors continue to engage in campaigns aimed at regional and global targets.
Reddy said the India-Pakistan conflict bears some resemblance to these global patterns, though with less technical depth or integration into military strategy. “Russia [and] Ukraine [have] experienced severe, coordinated cyberattacks that are tightly integrated with military objectives, including large-scale disruptions to critical infrastructure,” he noted. “The Israel-Palestine conflict shows some overlap with India-Pakistan in terms of DDoS attacks and data breaches driven by ideological motivations.”
Most previous cyberattacks involving India and Pakistan have been shaped by ongoing regional rivalry, religious discord, or domestic unrest, according to Radware’s analysis. The most recent armed conflict — triggered by the killing of 25 tourists and a civilian in Kashmir on 22 April — intensified this digital conflict. In response, India conducted missile strikes on 7 May targeting what it described as “terrorist infrastructure” in Pakistan. The disputed Kashmir region continues to be a flashpoint between India, Pakistan, and China, with all three nations claiming overlapping parts of the territory.
As the digital front of the conflict unfolded, many hacktivist groups appeared more interested in creating noise than causing real harm. “In many instances, groups post check-host links or screenshots showing momentary downtime, but the services typically remain functional or recover very quickly,” said Reddy.
Pascal Geenens echoed the concern around the reliability of such claims. “Some activist groups are just playing around and not doing anything, [but] they claim a lot of stuff,” he said. “It’s more about creating chaos and disinformation. But there’s also some of those hacktivist groups that create their own tools.”
Despite the flurry of online activity, both analysts agree that the current wave of attacks has not translated into a meaningful impact. Most of the disruptions were cosmetic or short-term in nature, and standard DDoS protection tools were generally sufficient to absorb or deflect these attempts.
As India and Pakistan navigate another chapter in their long-standing rivalry, the cyber domain has once again proven to be an extension of geopolitical tensions. However, the latest incidents also highlight how online claims and propaganda often overshadow the actual outcomes of such digital operations.
