In what is being described as one of the most extensive and coordinated digital offensives against India, the Times of India has reported that Pakistan, in collaboration with six other countries, allegedly orchestrated a wave of cyber attacks targeting India’s critical infrastructure during an operation codenamed “Operation Sandur.” The exposé has sent shockwaves across cybersecurity circles, raising fresh alarms about the scale and complexity of state-backed cyber warfare.
The report identifies Pakistan, Turkey, Bangladesh, Malaysia, Indonesia, and China as the key players behind the multi-pronged cyber assault. According to cybersecurity analysts quoted in the story, this alliance of nation-state actors and hacktivist groups concentrated their attacks on India’s sensitive sectors, including defense-related institutions, vendors within the micro, small, and medium enterprise (MSME) ecosystem, key transportation systems like airports and railways, and vital public services such as the Unified Payments Interface (UPI) and stock exchanges.
Sources allege that the attackers’ primary goals were to cause reputational damage to India on the international stage and to extract classified data, particularly information tied to missile development programs. Interpol trainer and cyber forensic expert Pendyala Krishna Shastri described the operation as “highly coordinated,” stating that it was spearheaded by Pakistan-based cyber units that deployed a combination of malware injections, phishing scams, and distributed denial-of-service (DDoS) attacks aimed at overwhelming and disrupting operations in India’s telecom, financial, and energy sectors.
Supporting this claim, Zone-H—a well-known platform that tracks and logs cyber defacement—has reported multiple incidents of Indian government websites being compromised during this alleged campaign. Among the targeted sites were the official portals of the National Institute of Water Sports (niws.nic.in) and nationaltrust.nic.in. While the latter was eventually restored, the initial breach has raised serious concerns over the vulnerability of India’s digital government infrastructure.
Adding to the growing list of incidents, a message appeared earlier this week on the website of Central Coalfields Limited (CCL), purportedly from a hacker who identified themselves as “Mr. Habib 404.” The message ominously read, “You thought you were safe, but we are here.” In response, CCL spokesperson Alok Gupta confirmed the website had been restored and emphasized that no data loss had occurred. However, he stopped short of officially labeling the event a cyberattack, stating that investigations were still underway to determine the exact cause.
The coordinated nature of “Operation Sandur” and the involvement of multiple nation-states underscore the rising threat of cyber warfare as a modern battleground for geopolitical influence and conflict. These developments come on the heels of Pakistani media reports from May 10 that hinted at escalated cyber activities during a tense period of diplomatic strain with India.
As Indian authorities and cybersecurity agencies intensify efforts to trace the origins and impact of these attacks, the incident has reignited calls for stronger cybersecurity frameworks, better preparedness, and greater international cooperation to combat the rising menace of state-sponsored cybercrime. The full extent of the damage remains under investigation, but the breach has already exposed troubling vulnerabilities in India’s digital defenses.
