In a recent revelation by cyber-security researchers, hackers executed a widespread campaign targeting more than 1,000 Indian websites as part of their Independence Day campaign under the hashtag OpIndia.
The campaign, attributed to hacktivist groups from various countries, employed a range of malicious tactics including Distributed Denial of Service (DDoS) attacks, defacement attacks, and user account takeovers. These findings were disclosed by the CloudSEK team, shedding light on the sophisticated and coordinated effort behind the attacks.
The hacktivist campaign, motivated by political and religious factors, zeroed in on websites with weaker security measures and digital infrastructure across multiple sectors including government, education, banking, financial services, insurance (BFSI), and small businesses.
Among the impacted sectors, the government and BFSI domains experienced the brunt of DDoS attacks, while education and small businesses faced bulk defacement attacks and access panel takeovers, as per the report’s observations.
Abhinav Pandey, a cyber threat researcher at CloudSEK, emphasized the potential danger posed by these groups despite their existing limitations. Pandey noted, “Despite their current limitations, these groups could become a significant threat to countries in the near future. The rise in collaboration and easy access to attack tools and data, combined with potential support from state-sponsored hackers, might amplify their impact.”
CloudSEK confirmed that they had informed all the targeted organizations and companies about the hacktivist activities.
While hacktivist groups from neighboring countries like Pakistan and Bangladesh played a role in directing their efforts towards Indian websites, the research conducted by CloudSEK suggested that claims of widespread DDoS attacks and user account takeovers might have been inflated for the sake of attention and recognition.
The cyber-security firm stated, “These claims, often made in their communication channels, have not been fully verified by CloudSEK researchers. However, the tactics and tools used by the hacktivist groups closely align with the findings presented in CloudSEK’s Hacktivism Whitepaper.”
In response to attacks on Indian digital infrastructure, Indian factions adopted similar strategies, targeting websites linked to the air force, military, army, and national revenue board of Bangladesh. Additionally, they aimed at a variety of Pakistani ministries and government entities.
CloudSEK’s research also unveiled a significant surge in hacktivist attacks during the first quarter of 2023, with India emerging as the primary focus of these attacks. Other countries that were prominently targeted included Israel, Poland, Australia, and Pakistan.