Maharashtra Cyber Identifies Seven APT Groups Behind 15 Lakh Cyber Attacks on Indian Infrastructure

150 Successful Attacks Traced to Pakistan, Bangladesh, and Middle Eastern Hackers Post-Pahalgam Incident​

Mumbai, May 13 – Maharashtra Cyber has identified seven Advanced Persistent Threat (APT) groups responsible for over 1.5 million cyber attacks targeting India's critical infrastructure following the Pahalgam terror strike. Officials confirmed that only 150 of these attacks were successful.

Despite the recent ceasefire agreement between India and Pakistan, government websites in India continue to face relentless cyber threats, with hostile activity traced back to Pakistan, Bangladesh, Indonesia, Morocco, and the Middle East.

Key Report Details the Cyber Onslaught​

A senior official from Maharashtra Cyber dismissed recent claims circulating on social media, denying that hackers stole data from Chhatrapati Shivaji Maharaj International Airport, breached aviation and municipal systems, or compromised the Election Commission’s website.

The agency’s latest report, titled “Road of Sindoor”, was prepared as a follow-up to its earlier dossier “Echoes of Pahalgam”. It documents coordinated cyber warfare activities linked to Pakistan-allied hacking entities, and has been shared with top law enforcement bodies, including the Director General of Police and the State Intelligence Department.

According to Additional Director General of Police Yashasvi Yadav, the attacks involved a mix of malware campaigns, Distributed Denial-of-Service (DDoS) attacks, GPS spoofing, and website defacement.

Hacking Groups Identified in the Report​

The seven groups named in the report are:

• APT 36 (Pakistan-based)
• Pakistan Cyber Force
• Team Insane PK
• Mysterious Bangladesh
• Indo Hacks Sec
• Cyber Group HOAX 1337
• National Cyber Crew (Pakistan-allied)

These groups collectively orchestrated around 1.5 million attacks, with the Kulgaon Badlapur Municipal Council website among those defaced. Other incidents included the defacement of the Defence Nursing College website in Jalandhar and claims of stolen data from telecom firms and Mumbai airport, some of which allegedly surfaced on the darknet.

Ongoing Hybrid Warfare and Misinformation​

The report also outlines a hybrid warfare strategy involving widespread misinformation. These false narratives, amplified through social media, included:

• Fabricated claims of cyber attacks on India’s banking system
• Alleged statewide blackouts and satellite jamming
• Disruption of the Northern Command
• An invented attack on a BrahMos missile storage site

Maharashtra Cyber stated it has taken down over 5,000 misleading posts and flagged 80 specific instances for platform removal. Of these, 35 have been successfully removed while action on the remaining 45 is pending.

Public Advisory Against Misinformation​

Yadav urged the public to refrain from spreading unverified information and to rely only on official sources for updates. He emphasized that while many attacks were neutralized, vigilance remains critical to protecting national digital infrastructure.