India-Pakistan Conflict: Bold Claims Of Cyberattacks, But Overstated Impact, Says CloudSEK

The India-Pakistan conflict has not just seen absurd claims made by Pakistan’s defence establishment, Hacktivist groups have also made grandiose claims of widespread cyberattacks. However, a report by cybersecurity company CloudSEK shows that the actual impact on India’s government, education, and critical infrastructure sectors is significantly overstated.

The report shows how groups such as Nation Of Saviors, KAL EGY 319, SYLHET GANG-SG, Lyc Lưng Đặc Biệt Quân Đội Điện Tứ, and Vulture have together claimed over 100 breaches in May 2025. They claim to target high-profile entities like the Prime Minister’s Office, the Election Commission of India (ECI), and the National Informatics Centre. However, CloudSEK’s investigation exposes these claims as largely exaggerated:

NIC Breach Overblown: SYLHET GANG-SG and DieNet claimed to have exfiltrated 247GB of sensitive NIC data, but analysis of a 1.5GB sample showed only publicly available marketing materials, which shows claims of the breach are overblown.

Repackaged ECI Data: Team Azrael-Angel Of Death’s claim of leaking 1 million citizen records from the Election Commission was debunked as recycled data from a 2023 leak, not a fresh compromise.

Minimal DDoS Impact: Coordinated DDoS attacks on government websites, including the PMO and key ministries, caused negligible downtime—often less than five minutes—despite being touted as major disruptions.

KAL EGY 319’s Defacement Campaign: The group’s claim of defacing 40 educational and medical websites was found to have no lasting impact, with all targeted sites functioning normally.

Indian Army Data Leak Debunked: Claims of leaking sensitive Indian Army personnel data were invalidated due to inconsistencies in the dataset, suggesting fabrication.

These findings highlight a pattern of hacktivist groups leveraging low-impact tools and tactics, such as brief outages and repackaged data, to amplify their visibility through alarming headlines. CloudSEK advises organisations to maintain basic DDoS hygiene to mitigate these low-level threats effectively.

At the same time, APT36, a Pakistan-linked espionage group that goes by the name Transparent Tribe, poses a threat, according to CloudSEK’s study. APT36 has targeted Indian government and defence networks with Crimson RAT, a.NET-based remote access trojan, by taking advantage of the emotional fallout from the Pahalgam terror attack, CloudSEK said. 

The malware is distributed by phishing emails that pose as official reports and include malicious PowerPoint and PDF attachments. These attacks use emotionally charged baits and spoof domains to obtain credentials and steal sensitive data.

Crimson RAT’s capabilities include screenshot capture, file access, remote command execution, and persistent system access. Despite its sophistication, CloudSEK noted that APT36’s tactics have remained largely unchanged for six years, posing limited threat to organisations with robust security measures.

The report also shows that Pakistan-linked social media accounts, such as P@kistanCyberForce and CyberLegendX (@cyber4982), have amplified unverified cyberattack claims. 

According to CloudSEK, these accounts have targeted entities like Bharti Airtel and the Manohar Parrikar Institute for Defence Studies, often framing their actions as retaliation for geopolitical events like Operation Sindoor. CloudSEK’s analysis suggests these claims are part of a broader narrative to project cyber prowess, despite lacking evidence of significant impact.