Amid an alarming surge in cyberattacks on Indian institutions — allegedly launched by Pakistan-based groups — the Indian government has moved swiftly to reinforce its digital defences. A comprehensive set of cybersecurity guidelines has been dispatched to key industry stakeholders, aiming to boost preparedness across sectors ranging from banking and energy to education and public services.
The Ministry of Electronics and Information Technology (MeitY), in coordination with the Indian Computer Emergency Response Team (CERT-In), is spearheading this response. The move comes in the wake of Operation Sindoor and heightened tensions between India and Pakistan, which have triggered over a million cybersecurity alerts within just ten days.
New Compliance Rules for Enterprises and MSMEs
As part of the new initiative, large enterprises and data fiduciaries have been instructed to bolster access control systems, conduct continuous infrastructure scans, and isolate legacy IT infrastructure. Automated tools must now be used to enforce regular updates and security patching, according to officials.
Organizations have been told to implement data loss prevention (DLP) systems, encrypt data transmissions, and monitor all incoming and outgoing traffic rigorously. Those depending on third-party vendors must vigilantly track any unauthorized software updates or misconfigurations.
Micro, Small, and Medium Enterprises (MSMEs) are also under the spotlight. Recognizing their limited resources, the government is pushing cost-effective solutions: complex alphanumeric passwords, antivirus and anti-malware programs, regular employee training, and routine offline backups. A push for “zero-trust architecture” has also been made, ensuring that no access is granted without multilayer verification.
While MSMEs may not ramp up defences overnight, we are working closely with them to improve digital resilience, a senior official said.
Cyberattacks Surge Post Operation Sindoor
The urgency of these measures became evident after a string of attacks on Indian digital assets, reportedly launched from Pakistan following Operation Sindoor and the terrorist attack in Pahalgam. In just over a week, intelligence agencies flagged over one million incidents.
Recent weeks saw targeted cyberattacks into websites associated with the armed forces, including Army Public Schools in Srinagar and Ranikhet. Hackers deployed inflammatory propaganda, executed denial-of-service (DDoS) attacks, and attempted to breach the Army Welfare Housing Organisation and the Indian Air Force Placement portal.
All cyberattacks were quickly isolated and rectified without compromising operational or classified networks. According to sources, the intrusions were linked to a group calling itself ‘IOK Hacker’ or the ‘Internet of Khilafah.’
“Pakistan-based cyber actors have once again failed to breach India’s core cyber infrastructure,” an Army source said.
APT Groups and Foreign Actors Escalate Digital Offensive
But the threat has not been limited to symbolic defacements or propaganda. Between April and mid-May, cybersecurity experts have documented a five-phase cyber offensive against India. Initial defacements gave way to coordinated denial-of-service attacks, ransomware, data theft, and intrusion attempts on banking systems, including the National Payments Corporation of India (NPCI).
APT36 — also known as Transparent Tribe — has been particularly active, deploying remote access trojans like CrimsonRAT and CapraRAT to penetrate Indian networks. This group, with known affiliations to Pakistan’s military-intelligence apparatus, has a history of targeting India since 2013.
The fifth and most dangerous phase began on May 13, allegedly involving state-sponsored groups from China, Iran, North Korea, and Turkey. These actors — including Lazarus Group, MuddyWater, SideWinder, and APT28 — are reportedly using zero-day exploits and targeting supply chains to compromise national infrastructure.
In a news report from the Business Standard, according to Tarun Wig, co-founder of Innefu Labs, attackers have employed spear-phishing campaigns with advanced malware like CrimsonRAT and MeshAgent to exploit human and system vulnerabilities alike.
Public Vigilance and Institutional Readiness Crucial
Cyber forensic expert and Interpol trainer Pendyala Krishna Shastry told Business Standard that this is not just a string of isolated incidents, but a calculated campaign of cyber and information warfare.
“This is a wake-up call. India needs layered cybersecurity, public awareness, and institutional readiness. It’s not just about high-tech defence — it’s also about basic cyber hygiene,” he said.
In light of the escalating threat, the government has reiterated its call to all digital stakeholders — from Fortune 500 firms to local businesses — to adhere to cybersecurity protocols, report incidents swiftly, and prepare for rapid recovery when attacked.
