By Soumya Awasthi and Abhishek Sharma
While India and Pakistan’s engagement in combat operations, particularly in the air domain, was the highlight of the limited and measured face-off between the two countries, this episode also saw both countries engaging in cyber warfare. Pakistan’s cyber and kinetic operations were deployed as part of this cyber conflict.
Although the cyberattacks did not impose any serious cost on India, they demonstrated Islamabad’s intention to operationalise cyberspace capabilities during a conflict. Furthermore, Pakistan also engaged in cognitive warfare by intensifying the cyberspace contestation. After a strategic ceasefire calling for a conditional pause to the conflict, it is pertinent to rewind the episode and discuss the fundamental lessons learnt.
Cyber Warfare in Action
While cyber warfare typically occurs beneath the threshold of armed conflict, it plays a crucial role in achieving a country’s political objectives during war. It reveals a pattern of low-intensity, tit-for-tat digital aggression, involving website defacements, misinformation campaigns, espionage, and digital sabotage. While non-state actors on both sides have exploited digital platforms to assert narratives, with increasing convergence of cyber and information warfare, the Pakistani state, in particular, has attempted strategies aimed at influencing public morale, shaping narratives, and demoralising adversaries.
India experienced two phases of cyber warfare. The first stage began immediately after the Pahalgam attack and saw hacktivists from Pakistan attacking India’s Critical National Infrastructure (CNI). Hackers employed Distributed Denial-of-Service (DDoS) attacks to disrupt, deface, and degrade Indian defence-related organisations and PSUs like Armoured Vehicle Nigam Limited (AVNL).
So far, most of these attacks have been symbolic, targeting government websites or leaking sensitive documents, but have rarely escalated to damage to critical infrastructure.
The second phase saw aggressive information dissemination aimed at creating confusion, chaos, and anxiety among the public. It was reported that 35 hacktivists were involved.. A group of hackers, named ‘Pakistan Cyber Force’, a handle on X, now withheld in India, claimed that they had stolen 10 GB of data belonging to 1,600 users from the Manohar Parrikar-Institute of Defence and Analysis Studies (MP-IDSA) and Military Engineering Services; MP-IDSA later rejected these claims.
Some groups identified were Cyber Group HOAX1337 and National Cyber Crew. They also targeted educational and welfare websites such as the Army Public Schools (APS) in Nagrota, Srinagar, and Sunjuwan, apart from the Army Welfare Housing Organisation and the Army College of Nursing.
Table 1: Cyber Warfare against India
| Cyber Warfare | Objectives | Social Engineering Techniques | Major Incidents Reported |
| Phase 1 (22 April–7 May) | Disrupting and degrading India’s CNI | DDoS and defacement attacks, and data breaches | Attack against the Ministry of Defence and MP-IDSA websites. Defacement of the Armoured Vehicles Nigam Limited (AVNL) website. DDoS attacks against the websites of the Army Public School (Srinagar, Nagrota, Sunjuwan) and the Army College of Nursing, Rajasthan Education Department |
| Phase 2 (7–10 May) | Information operations | Fake news, disinformation campaigns, deepfakes, and AI-generated content | Fake news incidents included claims such as attacks on the Indian electricity grid, ATMs being shut for 2–3 days, an Indian female pilot held in Pakistani custody, and a deepfake video featuring EAM Dr S. Jaishankar. |
In times of conflict, while cyber warfare often targets CNI, its second strategic phase involves cognitive warfare, leveraging information disruption to manipulate public perception. Pakistan employed tactics to influence public psychology by creating confusion, anxiety and spreading chaos among Indians. For instance, Pakistani media reported fake claims that a cyberattack targeted and damaged 70 percent of India’s power grid. Simultaneously, there were also attempts to incite communal tension by claiming that India attacked Sikh religious sites, which the Government of India subsequently fact-checked. These attempts at sowing confusion were made worse by India’s media environment, which reported without proper fact-checking.
One external factor that intensified this environment of misinformation was the role of Chinese and Turkishmedia agencies like CGTN, Xinhua, Global Times, and TRT, which acted as megaphones for Pakistan, disseminating fake news profusely. These platforms are known to be state-sponsored, and their reporting lacks objectivity and credibility. Even international media outlets like Al Jazeera reported fake claims that Pakistan had captured a female Indian Air Force pilot.
India’s Response to Cyberattacks
After intensifying cyber threats following the Pahalgam massacre, India adopted several timely and precautionary measures to protect its CNI. The Ministry of Finance, recognising the potential for cyber disruption, convened a high-level meeting with stakeholders from the financial sector. A particular focus was laid on bolstering the Unified Payments Interface (UPI), a vital element of India’s digital economy. Responding to an advisory from India-CERT, stock exchanges including the NSE and the BSE restricted foreign access and initiated enhanced cyber risk monitoring. A BSE spokesperson remarked, “BSE, being a critical market infrastructure institution, proactively and continuously monitors risks at domestic and international levels for potential cyber threats.” Taking the hint, several Indian banks also heightened their cybersecurity defences, particularly at the borders. Predicting cash shortages, many banks stocked cash in border town ATMs.
The attacks highlight India’s strategic susceptibility to disinformation and psychological operations, particularly across social media platforms. Although the Press Information Bureau’s (PIB) Fact Check Unitendeavoured to provide real-time counter-messaging, delays in response allowed deepfakes and fake narratives, such as a fabricated video of EAM Dr S. Jaishankar apologising for India’s stance, to briefly dominate the public discourse. While independent fact-checkers like Alt News and Boom contributed significantly, a fragmented approach left critical gaps.
While technically sound in guarding infrastructure, the overall response revealed a lack of preparedness in narrative control. This experience illuminates that cyber defence today must extend beyond firewalls to include cognitive resilience, proactive communication, and trust-building mechanisms in the public information space. These efforts call for a broad coalition of public, private, and third-sector collaboration on fact-checking and establishing a decentralised framework that includes algorithmic tools to ensure that news is verified and disseminated as soon as possible.
Lessons Learnt and the Way Forward
During the conflict, India’s cyber posture remained alert and proactive. India faced 15 lakh cyber attacks, among them only 150 were successful, as reported by the media. However, its ability to counter narrative warfare was severely lacking. One of the most pressing lessons from the event is treating timely and accurate public communication as integral to national security. In moments of heightened tension, the battle for public perception can be as critical as defending critical national infrastructure. Identifying deepfakes and flagging disinformation should become core components of India’s cyber defence strategy.
India’s reactive posture in the face of coordinated disinformation campaigns exposed the inefficiency of existing response mechanisms. While fact-checking efforts were noble, it was decentralised, underfunded, and significantly delayed, creating information voids that adversaries exploited with remarkable promptness and precision. Furthermore, it has become evident that cybersecurity cannot be shouldered by the state alone and needs proficiency and capability at all levels.
India requires a national Standard Operating Procedure (SOP) tailored to cyber conflict scenarios to address these gaps. A pivotal step lies in developing and operationalising a tiered cyber alert system—a structured mechanism that categorises threats by severity and triggers predefined actions at each level. Complementing this, a centralised crisis coordination cell must be institutionalised to integrate the expertise of CERT-In, the PIB, intelligence agencies, and private-sector cyber experts. This task force should continuously monitor, analyse, and respond to cyber incidents with speed and clarity. More importantly, it must possess the legal and operational authority to coordinate technical and narrative responses during heightened conflict.
India could develop a dedicated cognitive operations unit specifically to detect, debunk, and neutralise hostile content regularly. This would involve newsrooms, think tanks, academic institutions, and civil society organisations, all working within an agreed-upon protocol to rapidly vet and correct misleading content. Such a network must be supported through public funding and technological aid to ensure scalability and trustworthiness via public briefings and verified information dissemination through official platforms, providing transparency for the domestic and international audience, as was witnessed during the post-airstrike period.
Conclusion
The India-Pakistan cyber hostility post the Pahalgam attack offers a timely wake-up call. The failure to forestall and effectually counter narrative warfare emphasised India’s cognitive vulnerability. The cyber and information domains are intertwined. Therefore, India must pursue an integrated doctrine of cyber sovereignty, combining digital defence, psychological resilience, and strategic communication. This requires foresight in managing perception, truth, and trust in the information age.
About the authors:
- Soumya Awasthi is a Fellow with the Centre for Security, Strategy and Technology at Observer Research Foundation.
- Abhishek Sharma is a Research Assistant with the Strategic Studies Programme at the Observer Research Foundation.
Source: This article was published by the Observer Research Foundation.
