In the wake of heightened tensions between India and Pakistan following the April 22, 2025, Pahalgam terror attack, cyberspace became a critical battleground during Operation Sindoor. This operation, launched by India on May 7, 2025, in response to the terror attack, triggered a massive wave of cyberattacks aimed at crippling India's top offices and critical infrastructure. However, India's cyber defenses stood strong, successfully thwarting the majority of these attacks.

Union Power Minister Manohar Lal Khattar revealed that India faced nearly 2 lakh cyberattacks targeting its power sector alone during Operation Sindoor. These attacks began immediately after India launched its operation and continued for 8-10 days. The primary targets included government organizations, defense PSUs, critical infrastructure such as ports, airports, power grids, transportation services (Indian Railways and airlines), telecom players like BSNL, fintech platforms like UPI, digital wallets, stock exchanges, and major Indian conglomerates. The intent behind these attacks was to embarrass India, extract sensitive information about its defense systems, and disrupt national operations.

Cybersecurity firms reported a significant spike in Distributed Denial of Service (DDoS) attacks against India, peaking between May 7 and May 10, 2025. Radware highlighted that the DDoS attacks intensified, reaching a high of seven claimed attacks per hour on May 7. According to their report, over 75% of these attacks targeted government organizations.

Several threat actors from Pakistan, Turkey, Bangladesh, Malaysia, and Indonesia, with support from China, were involved in these cyber offensives. Some of the most active groups included AnonSec, Keymous+, Mr Hamza, Anonymous VNLBN, Arabian Hosts, Islamic Hacker Army, Sylhet Gang, Red Wolf Cyber, and the Iranian group Vulture. These groups employed various tactics, including DDoS attacks, ransomware deployment attempts, website defacements, and targeted attacks on API servers. Fortunately, none of these attacks were entirely successful in causing significant damage.

India's cyber agencies and private cybersecurity firms worked diligently to counter these threats. They identified and neutralized malicious domains and command-and-control (C2) servers established within India to evade detection. They also countered disinformation campaigns aimed at misleading Indian citizens and manipulating their thinking. Maharashtra Cyber reported over 1.5 million cyberattacks during the period, with 150 successfully intruding into systems. They identified seven Advanced Persistent Threat (APT) groups responsible for launching these attacks.

The response to these cyberattacks also saw the arrest of individuals involved in cyber terrorism. The Gujarat Anti-Terrorism Squad (ATS) apprehended an 18-year-old named Jasim Shahnawaz Ansari and a minor for allegedly launching DDoS attacks on over 50 Indian government websites. They operated a Telegram group called "AnonSec," where they planned and executed these attacks, using tools and techniques learned online.

Operation Sindoor exposed the vulnerabilities and strengths of India's cyber infrastructure. The strategic targeting of defense, government IT, healthcare, education, and telecom sectors underscored the intent to disrupt national operations and gather intelligence. Despite the intensity of the cyber storm, India's cyber defenses largely held, demonstrating the resilience of the country's critical infrastructure. This event served as a wake-up call, highlighting the need for continuous improvement in cybersecurity measures and international cooperation to combat cyber threats effectively. The success in mitigating the cyber storm during Operation Sindoor underscores India's growing capabilities in the cyber domain.