Surge in AI-powered cyberwarfare amid India-Pakistan tensions

India’s cybersecurity agencies have flagged a major spike in digital threats, with Maharashtra Cyber identifying seven APT groups behind over 1.5 million cyberattacks, including 150 successful breaches targeting critical infrastructure nationwide

As diplomatic and military standoff continues between India and Pakistan, a quieter but equally dangerous front has emerged—cyberwarfare. Security agencies are warning of intensified digital attacks orchestrated by state-sponsored and criminal actors, aiming to exploit the geopolitical uncertainty.

The April 22 terror attack in Pahalgam, Kashmir, which claimed the lives of 26 tourists, was a flashpoint that triggered a series of retaliatory actions from India. These included the suspension of the Indus Waters Treaty, closure of the Attari-Wagah border crossing, and downgrading diplomatic ties. Pakistan responded by closing its airspace to Indian aircraft and ceasing bilateral trade.

Amid these developments, India’s cybersecurity agencies reported a sharp increase in digital aggression. Maharashtra Cyber, the state’s lead agency for cyber investigations, identified seven Advanced Persistent Threat (APT) groups behind over 1.5 million cyberattacks targeting critical infrastructure across India. While most of these attempts were thwarted, officials confirmed around 150 successful breaches.

Contrary to rumours, the agency denied that vital systems such as the Election Commission website or aviation platforms had been compromised. Still, the persistence of cyber threats, even after hostilities cooled, underscores the severity of this hidden war. Hackers from countries including Pakistan, Bangladesh, Indonesia, and parts of the Middle East continue to probe India's digital defences.

AI-powered cyber threats surge

These cyber intrusions are growing in complexity. Attackers now use artificial intelligence to spread disinformation, mislead the public, and gather sensitive data. The use of malware, phishing links, and deceptive APK files is common, often disguised as news updates or messages on WhatsApp and Facebook.

Punjab Police recently issued a public warning about a Pakistan-linked malware called "Dance of the Hillary," capable of stealing passwords, banking credentials, and enabling remote device access. Similarly, the Hyderabad Cybercrime Police cautioned against malicious apps circulating under the guise of war-related news.

To mitigate these threats, authorities are urging citizens to update antivirus software, back up essential data, and avoid clicking on unverified links. The focus is now on proactive defence, rather than post-attack recovery.

Keith Odom, EVP – Consulting & Services at AHEAD, emphasized the urgent need for continuous monitoring and cyber preparedness. “Attacks on financial institutions, energy systems, and healthcare networks are silent and sudden. There are no warning shots in cyberspace. A zero-trust approach and automated threat response are not optional—they are essential,” he stated.

Following India’s missile operations in Pakistan-occupied Kashmir, financial institutions have heightened their cybersecurity frameworks. Banks near the border have implemented additional digital safeguards. Meanwhile, the Indian Computer Emergency Response Team (CERT-In) released a critical advisory warning the BFSI sector of ongoing threats. In response, both NSE and BSE restricted international access to their websites as a precautionary measure.

Misinformation drives digital conflict

The Press Information Bureau’s official fact-checking wing has also flagged a surge in fake content and propaganda on social media, warning that Pakistan-backed misinformation campaigns are actively circulating. “Critical scrutiny of every message and post is crucial in the days ahead,” the advisory noted.

Kaushal Bheda, Director of GovtTech at Pelorus Technology, called for a paradigm shift in how cyberwarfare is perceived. “The battlefield has moved into the digital realm. AI-fuelled disinformation and embedded digital sleeper cells pose an existential threat. Complacency is the enemy—if defence starts only after the first breach, it’s already too late,” he warned.

He added that cyberattacks today are not isolated incidents but part of coordinated strategies aimed at destabilising national institutions, disrupting operations, and eroding public trust.

As geopolitical tensions evolve, cybersecurity must take centre stage in national defence strategies. The call for enhanced resilience, rapid detection, and seamless response has never been more urgent. With digital borders now as vulnerable as physical ones, securing cyberspace is no longer optional—it is an imperative for national security.