Cyber ​​attacks targeting India's critical infrastructure including OT, energy systems, IT networks, and IoT devices by Pakistan

-

Cyber ​​attacks targeting India's critical infrastructure including OT, energy systems, IT networks, and IoT devices by Pakistan


In May 2025, a significant escalation in cyberattacks attributed to Pakistan-based actors targeted India's critical infrastructure, encompassing OT, energy systems, IT networks, and IoT devices. These attacks coincided with heightened geopolitical tensions following the April 22 Pahalgam terror incident and India's subsequent military response, Operation Sindoor.

Overview of the Cyber Offensive

The cyber onslaught, dubbed "Operation Bunyān al-Marsūs," reportedly aimed to disrupt India's core infrastructure. While some claims, such as the crippling of 70% of India's power grid, were later debunked by the Press Information Bureau as misinformation , there were confirmed disruptions across various sectors:

  • Energy Sector: Ten SCADA systems within India's energy infrastructure were compromised, affecting control systems and potentially destabilizing power generation and distribution networks.

  • Web Infrastructure: Approximately 1,744 web servers were reportedly destroyed, leading to significant data loss in both public and private sectors.

  • Government Portals: Thirteen major government websites, including those of the Crime Research Investigation Agency and the Unique Identification Authority of India, were defaced.

  • Transportation and Utilities: Indian Railways' ICT infrastructure faced disruptions, and services for Delhi Gas Discom and Kashmir Electric Discom were affected.

Key Threat Actors and Tactics

APT36 (Transparent Tribe)

This Pakistan-based Advanced Persistent Threat (APT) group intensified its activities, employing the Crimson RAT malware to target Indian defense networks. The group exploited the emotional aftermath of the Pahalgam attack to deliver phishing emails, aiming to breach sensitive systems.

Hacktivist Groups

Multiple Pakistan-linked hacktivist entities claimed responsibility for over 100 cyberattacks on Indian government, educational, and critical infrastructure websites.

RecapThe cyberattacks in May 2025 underscore the evolving nature of cyber warfare, where state-sponsored and hacktivist groups exploit geopolitical tensions to target critical infrastructure. The incidents highlight the pressing need for robust cybersecurity measures, cross-sector collaboration, and public awareness to safeguard national digital assets.



Comments

Post a Comment

Popular posts from this blog

Don't confuse DCS, PLC and SCADA in front of OT specialists

-
Image
DCS, PLC and SCADA are not the same. If you keep talking only about PLC security in front of the Oil&Gas industry executives where DCS is the main focus, they will not recognize you as a proper expert. We need to understand the characteristics of OT systems such as DCS, PLC, and SCADA accurately, also respect each OT culture uniquely and finally approach the sites in the right way. Don't be confused, here’s a clear and accurate explanation of DCS, PLC, and SCADA . 1. Distributed Control System (DCS) Concept A DCS (Distributed Control System) is an automated control system used for large-scale industrial processes that require continuous operation and high reliability. It consists of multiple controllers distributed throughout the system, which communicate with each other to manage complex processes. Key Features Used in large-scale, continuous processes (e.g., oil refineries, power plants). Decentralized control architecture with multiple controllers working together. Pr...
Read more

Top 20 Threat Scenarios & Playbooks for OT Security

-
Image
A comprehensive list of 20 threat scenarios in OT security along with detailed descriptions and detection rules that can help identify and respond to these threats. This playbook-style table covers different types of attacks—from unauthorized access to insider abuse—with corresponding rules and indicators to alert security teams. # Threat Scenario Detailed Description Detection Rules & Indicators 1 Unauthorized Remote Access Attempt An attacker uses stolen or weak credentials to access OT networks remotely. - Log Analysis: Monitor VPN/RDP logs for unusual login times, geolocation mismatches, and failed/successful login bursts. - User Behavior Analytics (UBA): Alert on deviations from normal remote access patterns. - Anomaly Detection: Trigger an alert when a remote session is initiated from an unusual IP or geographic region. 2 Malware/Ransomware Infiltration in OT Network Malicious code is introduced into the OT network via compromised endpoints or phishing, potentially encr...
Read more

Let's create our own ICS Labs in the VMs!

-
Image
Let's create our own ICS Labs in the VMs: A Step-by-Step Guide Building an Industrial Control System (ICS) lab in a virtualized environment allows security researchers, engineers, and penetration testers to safely simulate industrial networks, study threats, and test security defenses. Below is a detailed step-by-step guide to creating an ICS lab , including HMI, EWS, PLC, and other critical components. 1. Lab Architecture Overview Key Components in an ICS Lab: HMI: Graphical interface for controlling industrial processes. Engineering Workstation (EWS): Used to configure PLCs and SCADA systems. PLC: Controls physical processes (e.g., motors, valves). SCADA System: Supervisory control and monitoring of ICS networks. Historian: Logs and stores process data for analysis. Networking Components: Virtualized switches, routers, and firewalls to segment ICS networks. Attacker Machine: Kali Linux or Metasploit for penetration testing. 2. Choosing the Virtualization ...
Read more