Hyderabad: It’s not just the country’s western border that took heavy enemy fire during Operation Sindoor. India was attacked in cyberspace, too, by state-backed hackers and hacktivists from Pakistan, Turkey, Bangladesh, Malaysia, and Indonesia, with backing from China, according to cybersecurity experts.Apart from defence PSUs and their MSME vendors, critical infrastructure like ports, airports, power grids, transportation services like Indian Railways and airlines, telecom players like BSNL, fintech platforms like UPI, digital wallets, stock exchanges, and major Indian conglomerates with investments in infrastructure too came under attack, sources said.The attempt was to both embarrass India and also extract sensitive information about its defence systems, including its missiles, they said.In the wake of Operation Sindoor, new alliances are emerging among Southeast Asian hacktivists. Some of these alliances even extend to groups traditionally opposed to Israel, such as the Iranian hacktivist group Vulture, said cybersecurity firm Radware.Cybersecurity firms also pointed to a peak in attacks directed towards India ever since the Pahalgam attack on April 22, with pro-Indianhacktivist groupsjumping into the fray to counter these attacks.Cybersecurity firm Technisanct has pointed to over 1,000 cyber incidents between April 22 and May 10, while FalconFeeds.io said over 2,500 govt and private entities were targeted in India by pro-Pakistani and Bangladeshi hacktivists.Radware reported a significant spike in hacktivist DDoS (distributed denial of service) attacks against India that peaked between May 7 and May 10.“Following Operation Sindoor, hacktivist DDoS intensified, peaking on May 7, 2025, at 9.30pm IST as tensions between India and Pakistan escalated, with seven claimed DDoS attacks reported per hour,” Radware said in its special cybersecurity alert on Operation Sindoor.According to the report, over 75% of the claimed DDoS attacks were directed at govt organisations. “The most frequently targeted sectors included education (8.3%), finance (7.4%), manufacturing (6.5%) and telecom (6.5%),” it added. It pointed to politically, socially and religiously motivated hacktivist groups increasingly coordinating efforts, amplifying their attacks against shared adversaries.The most active threat groups included AnonSec, Keymous+, Mr Hamza, Anonymous VNLBN and Arabian Hosts. Also, Islamic Hacker Army, Sylhet Gang, Red Wolf Cyber and Iranian group Vulture also claimed responsibility for DDoS attacks targeting organisations in India.Suhas Gopinath, CEO of Globals, a Bengaluru-based cybersecurity and threat intelligence company, said that during Operation Sindoor a range of cyber-attack attempts originating from state-sponsored actors and pro-Pakistan hacktivist groups, including APT36 (Transparent Tribe), Team Insane PK, and SideCopy, were witnessed. “These actors launched various campaigns, such as DDoS, ransomware deployment attempts, website defacement, and targeted attacks on API servers. Fortunately, none of these attacks were successful,” he said.According to him, one notable tactic observed was the effort to establish command and control (C2) servers within India to evade detection and maintain plausible deniability. “Via crypto, or using stolen credit cards, hackers can buy servers in India and use these to carry out an attack on Indian infrastructure, which means the traffic is not longer coming from abroad but from within India, making it difficult to detect,” said a cybersecurity expert.According to Radware, India has long been a focal point for hacktivist activity, especially from religiously driven Southeast Asian groups, with a “significant concentration” of these operations originating in Bangladesh.”For years, these threat actors have consistently targeted the nation’s infrastructure and institutions. As of January 1, 2025, 100 organisations across India have been targeted by 26 distinct threat groups, resulting in a total of 256 claimed DDoS attacks,” it said.ACTIVE THREAT GROUPS In 2025 RipperSec has been the most active threat group against India, responsible for over 30% of all DDoS claimsOther prominent hacktivist groups targeting India include Anonymous VNLBN, Bangladesh Civilian Force, SPIDER-X, RuskiNet, Arabian Ghosts Over half of all claimed DDoS attacks in 2025 were directed at govt institutionsSource: Radware