During four days of high-stakes conflict, India faced more than just missiles or militants. Swarms of drones from Pakistan darkened the skies while coordinated cyberattacks attempted to paralyse digital infrastructure. Operation Sindoor, launched by the Indian armed forces in retaliation for the Pahalgam terror attack, became a case study in modern hybrid warfare.
As early as May 7, India had already taken down nine terror camps in Pakistan-Occupied Kashmir through precision strikes. But the battleground wasn’t limited to the Line of Control.
Drone waves, met with missile shields
On the evening of May 8, the Pakistan military launched simultaneous drone attacks on multiple Indian Air Force (IAF) bases.
"At 8 pm local time on May 8, several Pakistan unmanned aerial systems, drones, combat vehicles attacked multiple IAF bases. These included Jammu, Udhampur, Pathankot, Amritsar, Bathinda, Nal, Dalhousie, Thoise, Jaisalmer, Uttarlai, Phalodi, Naliya. These were almost simultaneous and they came in waves. All our AD (air defence) guns, and other systems were waiting for them. All these waves were neutralised by our trained crew," said Air Marshal A K Bharti, Director General of Air Operations, IAF, on 11 May.
There was no damage reported. “These incursions, and mass raids if I could call them from the Pakistani side,” he said, “were thwarted completely.”
India deployed Barak-8 and S-400 air defence systems, Akash missiles, and indigenous anti-drone technologies to intercept the swarm aimed at 15 Indian cities, official sources confirmed.
Digital Frontlines: Hackers, lies, and information warfare
While air defences lit up the skies, the digital domain came under silent siege. Indian websites—military, civilian, and infrastructural—were targeted in a multi-phase cyber offensive.
State-backed hacker groups, such as Pakistan-based APT36 and Team Insane PK, used defacements, denial-of-service attacks, malware, and phishing to target platforms ranging from Army schools to fintech networks.
In one early strike, the website of the Army Nursing College in Jalandhar was defaced with a provocative message. Soon after, at least four Army Public Schools—including those in Nagrota and Sunjuwan—came under similar attack, according to a source on 5 May.
Critical digital infrastructure such as ports, airports, the Indian Railways, BSNL, UPI, stock exchanges, and defence contractors also faced attempted breaches.
According to cyber forensic expert and Interpol trainer Pendyala Krishna Shastry, the digital assaults were “part of a broader campaign of cyber and information warfare waged by Pakistani actors against Indian digital assets.” These included ransomware attacks, data theft in the energy sector, and an eventual pivot towards banking systems such as the NPCI.
APT36, also known as Transparent Tribe, has operated since 2013 and is known for using remote access tools like Crimson RAT and Capra RAT.
Operation Sindoor unveils modern battlefield
Indian authorities responded with a counteroffensive on all fronts. The PIB’s Fact Check Unit debunked numerous false claims. Among them: a rumour spread online that Northern Command’s then-head, Lt Gen MV Suchindra Kumar, had been “removed” after the Pahalgam attack. “Fake,” said the PIB on 30 April.
Pakistan’s attempts to deflect blame also grew bolder. “...that we would attack our own cities is the kind of deranged fantasy that only the Pakistani State can come up with,” said Foreign Secretary Vikram Misri on 9 May. He also dismissed claims about India attacking the Nankana Sahib Gurdwara with a drone as “yet another blatant lie, and part of Pakistan’s disinformation campaign.”
Cyber and defence experts warn that psychological warfare now plays a central role in conflicts.
“It’s a mind game, even if the information is wrong, the adversary seeks to demoralise the other side,” said a member of the Manohar Parrikar Institute for Defence Studies and Analyses.
Col Sofiya Qureshi and Wing Commander Vyomika Singh joined Misri in public briefings, systematically fact-checking claims and exposing fabricated videos shared across social media.
Multi-phased cyber siege with global backing
The cyber offensive, according to Shastry, unfolded in five waves. Between April 23 and May 2, initial attacks came from religious hacktivist collectives, followed by denial-of-service attempts on governance platforms. From May 6, ransomware was launched against Indian manufacturing and oil sectors.
Advanced persistent threat (APT) actors—including APT36—stepped in post May 7, zeroing in on banking systems. A final wave began on May 13, with state-backed groups from China, Turkey, Iran, and North Korea reportedly joining in. Groups like Lazarus, SideWinder, and MuddyWater used zero-day exploits and compromised supply chains to target sensitive Indian systems.
Websites like Zone-H documented breaches. For instance, the National Institute of Water Sports and nationaltrust.nic.in were both defaced, though later restored.
The Central Coalfields Ltd (CCL) website, too, suffered an unexplained glitch. A message allegedly from Pakistani hacker ‘Mr Habib 404’ claimed responsibility. However, CCL’s PRO Alok Gupta denied any confirmed cyberattack, stating, “The website has been restored and is functioning normally... We cannot conclude whether it was hacked or not.”
On 5 May, a defence official stated, “Appropriate and necessary measures are being taken to bolster cybersecurity infrastructure, enhance the overall resilience of our platforms, and strengthen digital defence mechanisms.”
Monitoring has intensified. According to official sources, efforts are underway to detect any further intrusions, especially from actors believed to be operating across the border.
A post from the Headquarters Integrated Defence Staff said Operation Sindoor had “set new normals in India-Pakistan relations”, underscoring the use of indigenous technology and digital superiority in “non-kinetic domains of space, cyber and electronic warfare”.
India and Pakistan have since agreed to halt active military operations. But India’s armed forces and cybersecurity experts remain on high alert.
Because in today’s battlefield, the enemy doesn’t just knock on the border. It pings, probes, and lies—through drones in the sky and deception online.
(With inputs from PTI, TOI)
As early as May 7, India had already taken down nine terror camps in Pakistan-Occupied Kashmir through precision strikes. But the battleground wasn’t limited to the Line of Control.
Drone waves, met with missile shields
On the evening of May 8, the Pakistan military launched simultaneous drone attacks on multiple Indian Air Force (IAF) bases.
"At 8 pm local time on May 8, several Pakistan unmanned aerial systems, drones, combat vehicles attacked multiple IAF bases. These included Jammu, Udhampur, Pathankot, Amritsar, Bathinda, Nal, Dalhousie, Thoise, Jaisalmer, Uttarlai, Phalodi, Naliya. These were almost simultaneous and they came in waves. All our AD (air defence) guns, and other systems were waiting for them. All these waves were neutralised by our trained crew," said Air Marshal A K Bharti, Director General of Air Operations, IAF, on 11 May.
There was no damage reported. “These incursions, and mass raids if I could call them from the Pakistani side,” he said, “were thwarted completely.”
India deployed Barak-8 and S-400 air defence systems, Akash missiles, and indigenous anti-drone technologies to intercept the swarm aimed at 15 Indian cities, official sources confirmed.
Digital Frontlines: Hackers, lies, and information warfare
While air defences lit up the skies, the digital domain came under silent siege. Indian websites—military, civilian, and infrastructural—were targeted in a multi-phase cyber offensive.
State-backed hacker groups, such as Pakistan-based APT36 and Team Insane PK, used defacements, denial-of-service attacks, malware, and phishing to target platforms ranging from Army schools to fintech networks.
In one early strike, the website of the Army Nursing College in Jalandhar was defaced with a provocative message. Soon after, at least four Army Public Schools—including those in Nagrota and Sunjuwan—came under similar attack, according to a source on 5 May.
Critical digital infrastructure such as ports, airports, the Indian Railways, BSNL, UPI, stock exchanges, and defence contractors also faced attempted breaches.
According to cyber forensic expert and Interpol trainer Pendyala Krishna Shastry, the digital assaults were “part of a broader campaign of cyber and information warfare waged by Pakistani actors against Indian digital assets.” These included ransomware attacks, data theft in the energy sector, and an eventual pivot towards banking systems such as the NPCI.
APT36, also known as Transparent Tribe, has operated since 2013 and is known for using remote access tools like Crimson RAT and Capra RAT.
Operation Sindoor unveils modern battlefield
Indian authorities responded with a counteroffensive on all fronts. The PIB’s Fact Check Unit debunked numerous false claims. Among them: a rumour spread online that Northern Command’s then-head, Lt Gen MV Suchindra Kumar, had been “removed” after the Pahalgam attack. “Fake,” said the PIB on 30 April.
Pakistan’s attempts to deflect blame also grew bolder. “...that we would attack our own cities is the kind of deranged fantasy that only the Pakistani State can come up with,” said Foreign Secretary Vikram Misri on 9 May. He also dismissed claims about India attacking the Nankana Sahib Gurdwara with a drone as “yet another blatant lie, and part of Pakistan’s disinformation campaign.”
Cyber and defence experts warn that psychological warfare now plays a central role in conflicts.
“It’s a mind game, even if the information is wrong, the adversary seeks to demoralise the other side,” said a member of the Manohar Parrikar Institute for Defence Studies and Analyses.
Col Sofiya Qureshi and Wing Commander Vyomika Singh joined Misri in public briefings, systematically fact-checking claims and exposing fabricated videos shared across social media.
Multi-phased cyber siege with global backing
The cyber offensive, according to Shastry, unfolded in five waves. Between April 23 and May 2, initial attacks came from religious hacktivist collectives, followed by denial-of-service attempts on governance platforms. From May 6, ransomware was launched against Indian manufacturing and oil sectors.
Advanced persistent threat (APT) actors—including APT36—stepped in post May 7, zeroing in on banking systems. A final wave began on May 13, with state-backed groups from China, Turkey, Iran, and North Korea reportedly joining in. Groups like Lazarus, SideWinder, and MuddyWater used zero-day exploits and compromised supply chains to target sensitive Indian systems.
Websites like Zone-H documented breaches. For instance, the National Institute of Water Sports and nationaltrust.nic.in were both defaced, though later restored.
The Central Coalfields Ltd (CCL) website, too, suffered an unexplained glitch. A message allegedly from Pakistani hacker ‘Mr Habib 404’ claimed responsibility. However, CCL’s PRO Alok Gupta denied any confirmed cyberattack, stating, “The website has been restored and is functioning normally... We cannot conclude whether it was hacked or not.”
On 5 May, a defence official stated, “Appropriate and necessary measures are being taken to bolster cybersecurity infrastructure, enhance the overall resilience of our platforms, and strengthen digital defence mechanisms.”
Monitoring has intensified. According to official sources, efforts are underway to detect any further intrusions, especially from actors believed to be operating across the border.
A post from the Headquarters Integrated Defence Staff said Operation Sindoor had “set new normals in India-Pakistan relations”, underscoring the use of indigenous technology and digital superiority in “non-kinetic domains of space, cyber and electronic warfare”.
India and Pakistan have since agreed to halt active military operations. But India’s armed forces and cybersecurity experts remain on high alert.
Because in today’s battlefield, the enemy doesn’t just knock on the border. It pings, probes, and lies—through drones in the sky and deception online.
(With inputs from PTI, TOI)
You may also like
HM Amit Shah lauds security forces for eliminating 31 Maoists
Odisha: 4-year-old rescued within 3 hours of kidnapping in Bhubaneswar, accused arrested
Kirana Hills: Pakistan's secretive nuclear hub under scrutiny after India's 'Operation Sindoor'
Are You Truly In Love Or Just Obsessed With That Special Someone? Know Why It Is Important To Identify Limerence
Tottenham learn brutal Ruben Amorim tactical truth before Man Utd Europa League final
