With India-Pakistan hostilities on the rise, CERT-In’s cyber threat alert underscores the critical need for robust cyber defense. This advisory highlights possible state-sponsored attacks, including phishing and malware campaigns targeting India’s critical infrastructure.
In early May 2025, India’s cybersecurity agency CERT-In (Indian Computer Emergency Response Team) raised an alarm over a surge in cyber threats amid escalating India-Pakistan tensions. The agency’s advisory came as hostilities increased following a terror attack in Jammu & Kashmir and India’s retaliatory “Operation Sindoor” strikes in Pakistan.
CERT-In warned that Indian businesses and government systems were faced against a sharp rise in ransomware campaigns, denial-of-service (DDoS) attacks, website defacements, data breaches and malware infections. In response, regulators and industry groups, from banks to stock exchanges, moved to shore up defenses, signifying that cyber threats often intensify during such geopolitical crises.
Cyber Threat Alert: Ransomware, Phishing, & State-Sponsored Attacks
CERT-In’s cyber threat alert describes a broad range of attack methods. The agency explicitly listed ransomware, DDoS, defacements, data theft and malware as key dangers. In addition, reports from security firms note that phishing campaigns and social-engineering ploys have appeared, with hackers impersonating government agencies and sending malicious PDF attachments. State-sponsored groups (often called APTs) and nationalist hacktivists have both claimed credit for strikes, although independent analysts say many of these claims are exaggerated.
Several critical sectors were specifically flagged as possible targets. CERT-In’s warning prompted banks and financial institutions to tighten safeguards. India’s stock-exchange regulator (BSE) issued an advisory under CERT-In guidance, cautioning banking, financial services and insurance (BFSI) firms to brace for high-impact attacks like ransomware, supply-chain intrusions, DDoS floods, website defacements and malware.
At the same time, reports indicate power utilities, telecom and government websites were also attacked. For example, security analysts note DDoS campaigns against India’s powergrid, universities and government portals (e.g. UIDAI, PMO sites), as well as media outlets. No critical infrastructure collapse was reported, but the visible attempts highlighted the broad scope of the cyber attacks.
Cert-In Recommended Defenses: Patching, MFA, Incident Response
To counter these threats, CERT-In’s advisories and related industry alerts emphasize immediate defensive actions. The agency urged all organizations, especially small and medium enterprises (MSMEs) who have limited resources, to adopt “cost-effective but robust cybersecurity measures.”
Per the advisory, key recommendations include:
- Enforce strong access controls: Use unique, complex passwords and enable multi-factor authentication (MFA) for all accounts. Adopt role-based access so employees have only the permissions they need.
- Patch and update systems: Regularly apply operating system and software updates. Automated patch management helps close known vulnerabilities before attackers can exploit them.
- Harden networks and endpoints: Configure firewalls to tightly filter traffic, and use email filtering tools to block phishing and malicious attachments. Encrypt sensitive data at rest and in transit, and install reputable antivirus/anti-malware solutions on all devices.
- Maintain data backups: Keep frequent, offline backups of critical data to mitigate ransomware. Test backup restoration procedures regularly to ensure you can recover quickly if an incident occurs.
- Develop an incident response plan: Establish a clear plan for responding to breaches. Monitor logs and network activity continuously for anomalies, and be ready to isolate infected systems. Notify CERT-In promptly of any incident, as required under Indian regulations, so the agency can coordinate mitigation.
Industry bodies have also echoed these steps. The stock-exchange advisory, for instance, urged member firms to audit security controls, conduct risk assessments, increase threat monitoring, and act on CERT-In and critical infrastructure advisories. Banks reportedly set up 24×7 “war rooms” near border regions and stocked extra ATM cash to prepare for worst-case scenarios. Overall, the message is clear: patch urgently, train employees, and assume more sophisticated attacks may be coming.
Historical Context: Cyber Conflicts in Past Crises
CERT-In’s May 2025 cyber threat alert follows a now-familiar pattern, that is, India-Pakistan border flare-ups often coinciding with cyber clashes. During past tensions (e.g. after the 2019 Balakot-Pulwama exchanges), it was noted that hacktivist-driven campaigns in these periods were often more about propaganda than destruction.
Again, similar dynamics played out in the cyber threat incident that occurred in May 2025, where dozens of Pakistan-linked hacktivist groups boasted of defacing hundreds of Indian websites. However, independent analyses found that these claims were mostly smoke and mirrors. According to CloudSEK and other cybersecurity companies, over 100 alleged attacks had “no significant or sustained impact,” as any actual website downtime was typically a few minutes.
Most incidents proved to be low-risk defacements on non-critical sites, or recycled data dumps posed as new breaches. “Most of what we’ve seen are website defacements targeting noncritical domains,” says Pagilla Reddy, a Threat researcher for CloudSEK. Importantly, none of the recent attacks has successfully disrupted India’s core infrastructure.
As CloudSEK’s threat report summarized, such “cyber chaos” in May 2025 was mostly about public perception, while the real digital damage was insignificant. Yet the threat of more potent, state-sponsored attacks remains. During this crisis, for example, India also reported attempted attacks by advanced groups (like Pakistan’s APT36) deploying surveillance malware, highlighting that sophisticated adversaries could strike if given an opening.
Expert Insights and Response Strategy to Cert-In Cyber Threat Alert
Cybersecurity experts advise taking CERT-In’s warning seriously. The consensus is that fundamental cyber hygiene is the best defense, which are, fix known vulnerabilities, apply patches promptly, and improve monitoring. As CGI’s Arati Hiremath puts it, “Security isn’t just about incident management – it’s about building a culture of resilience long before something breaks.”
CloudSEK and Radware researchers observed that after an initial spike on May 7, attack volumes fell sharply. “We saw a surge in attacks on May 7, but after that… serious attacks failed to materialize,” says Radware’s threat-intel head Pascal Geenens.
In practice, New Delhi even preemptively blocked foreign IPs to its stock exchanges as a precaution, and no confirmed cyber attack occurred. Nonetheless, the experts caution that future strikes can never be ruled out. They urge organizations not to become complacent. Instead, firms should continuously integrate threat intelligence, from CERT-In, industry partners and global feeds, into their defenses and practice regular incident drills.
Transparency helps, too, as one legal expert notes that under-reporting of breaches is common in India, so companies should work closely with CERT-In and regulators if an attack is suspected. “Most companies get breached, but they don’t report. They wait until it’s picked up on the dark web or publicly leaked,” Rajgopal, the Managing Director and CEO of NxtGen, told The Core.
Critical Takeaway From Cert-In Cyber Threat Alert
CERT-In’s advisory sends a strong message: when India-Pakistan tensions flare, cyber threats spike too. Whether the threat actors are state proxies or nationalist hacktivists, the result is an urgent call to fortify defenses. The situation demands that all organizations, from government agencies to private sector companies and critical infrastructure operators, to immediately double down on cybersecurity basics. That means patching vulnerabilities, strengthening network security, training users to spot phishing, and being ready with a response plan.
By staying current with threat intelligence, prioritizing vulnerability patching, and refining incident response plans, organizations can mitigate the risks highlighted in CERT-In cyber threat alerts.
