@cyble.com
//
In May 2025, cybersecurity experts reported a significant surge in hacktivist activity targeting Indian digital infrastructure. This wave of attacks followed the terror attack in Pahalgam, located in the Indian state of Jammu and Kashmir on April 22nd, and India’s retaliatory strikes across the border. A coordinated effort by more than 40 hacktivist groups sought to disrupt and deface numerous Indian websites, leading to widespread alarm across media and social networks as many claimed significant breaches of government, educational, and critical infrastructure websites.
However, detailed technical investigations revealed that the actual impact of these attacks on Indian cyber assets was minimal. Claims of major data breaches, such as a supposed 247 GB breach of the National Informatics Centre (NIC), were largely unfounded as the data was publicly available or fabricated. Website defacements and Distributed Denial of Service (DDoS) attacks, while numerous, were short-lived and ineffective. Despite the relatively low impact, the cyberattacks highlighted the ongoing tensions in cyberspace between India and Pakistan. Technisanct identified 36 pro-Pakistan hacktivist groups involved in the digital assaults, countered by 14 Indian groups retaliating. The escalation in hacktivist activity serves as a reminder of the persistent and evolving cyber threats facing both nations, even amidst military tensions. References :
Classification:
Pierluigi Paganini@Security Affairs
//
Pro-Russia hacktivist group NoName057(16) is actively targeting Dutch organizations with large-scale distributed denial of service (DDoS) attacks. These attacks are causing significant access problems and service disruptions for targeted entities across both the public and private sectors in the Netherlands. The country's National Cyber Security Center (NCSC) has issued a warning about these ongoing cyber activities. The NCSC confirmed that the attacks also affect European organizations alongside Dutch ones.
The attacks are part of a broader campaign of cyber-attacks claimed by the hacktivist group. These persistent DDoS attacks aim to overwhelm the targeted organizations' systems with malicious traffic, rendering them inaccessible to legitimate users. The goal of these attacks appears to be the disruption of services and potentially the undermining of confidence in the targeted organizations. BleepingComputer reported on this campaign, highlighting the severity and widespread impact of these attacks. The National Cyber Security Center (NCSC), part of the Dutch Ministry of Justice, released a statement acknowledging the situation. The statement mentioned that both public and private entities within the Netherlands are being targeted by these large-scale DDoS attacks. The NCSC continues to monitor the situation and is working to mitigate the impact of these attacks. References :
Classification:
@cyble.com
//
Hacktivist groups are increasingly adopting sophisticated and destructive attack methods, moving beyond basic DDoS attacks to target critical infrastructure with ransomware. These groups, motivated by ideological goals, are focusing on government platforms and industrial manufacturers. Pro-Russian hacktivists are primarily targeting NATO-aligned nations and supporters of Ukraine, while pro-Ukrainian, pro-Palestinian, and anti-establishment groups are focusing on Russia, Israel, and the United States. This evolution reflects a shift towards hybrid warfare tactics, combining DDoS, credential leaks, and ICS disruption to overcome single-layer defenses.
The energy sector is particularly vulnerable, with successful cyber breaches posing severe risks to national security, economic stability, and public safety. The CyberAv3ngers, an Iranian state-sponsored hacker group, exemplifies this threat. Despite masquerading as hacktivists, they are actively targeting industrial control systems in water, gas, oil and gas, and other critical infrastructure sectors worldwide. The group has already caused global disruption and shows no signs of slowing down. Their actions represent a rare example of state-sponsored cybersaboteurs crossing the line and disrupting critical infrastructure. Reports and investigations highlight vulnerabilities within power grids and other key systems. Recent investigations have revealed hidden capabilities in Chinese-manufactured power transformers that could allow remote shutdown from overseas. This discovery prompted concerns about potential "sleeper cells" within critical national systems. Furthermore, ransomware attacks continue to be a major threat, causing operational disruptions, data breaches, and financial losses. The industry is responding with increased cybersecurity investment and proactive strategies as professionals see cybersecurity as the greatest risk to their business. References :
Classification:
|