By Sshruti Mantri

In the digital and interconnected world, geopolitical tensions no longer play out through diplomacy or military posturing. They are deeply connected with the realm of cyberspace. Nation-state threat vectors, ideological groups and proxy actors are increasingly using cyberattacks as a tool for disruption and retaliation.

From ransomware targeting critical infrastructure to sophisticated state-sponsored espionage campaigns, the line between geopolitics and cybersecurity is rapidly blurring. India has been witnessing a shift in the cybersecurity threat landscape shaped by its rapid economic growth and expanding digital footprints. As industries such as manufacturing, ICT, financial services, e-commerce, and pharmaceuticals gain prominence, they increasingly draw the attention of cyber threat actors driven by diverse motives.

The Indian digital space and critical infrastructure have been a target of adversaries linked to countries like China, Russia, Pakistan and North Korea. While the adoption of transformative technologies — such as the Internet of Things (IoT), cloud computing, and artificial intelligence — offers significant advantages, it also exposes new vulnerabilities. Particularly at risk is India's Micro, Small, and Medium Enterprises (MSME) sector, which, despite being a backbone of the economy, often lacks the resources and infrastructure to defend against sophisticated cyberattacks.

India’s security is intrinsically linked to the security of its neighbours, especially China and Pakistan, to maintain peace and stability in the region. India, with its position and strong economy, plays a unique role in international geopolitics and is simultaneously a member of BRICS and the Shanghai Cooperation Organisation alongside China and Russia, while also being a key player in QUAD with the United States of America, Japan and Australia.

The Data Security Council's 2024 report highlights malware as a persistent global challenge, impacting millions of devices. Trojans led the threat landscape at 43%, followed by Infectors (34%) and Worms (8%). Within India, Telangana recorded the highest malware detection rate at 15.03%, ahead of Tamil Nadu (11.97%) and Delhi (11.79%). City-wise, Surat experienced the most detections (69.34%), with Bengaluru (56.75%) and Hyderabad (54.93%) also seeing high rates.

The healthcare sector was most affected (21.82%), followed by BFSI (17.38%) and hospitality (19.57%). A significant portion of these attacks originated from hacktivist groups, particularly Anon Black Flag, Indonesian (23%), and The Anonymous Bangladesh (15%). As a rapidly growing digital economy, India faces heightened cyber threats at the intersection of regional geopolitical tensions. The Israel-Iran conflict and broader Middle Eastern instability have fuelled a surge in politically motivated cyberattacks on Indian infrastructure by both state and hacktivist actors.

As India launched 'Operation Sindoor' in May 2025, cyberspace turned into a war theatre with malware, disinformation, and digital offensives, marking new frontiers in India-Pakistan rivalry. Pakistani-linked cyber actors launched a triad of malicious activities: symbolic website defacements, deployment of malware and Advanced Persistent Threats (APTs), and a wave of coordinated disinformation campaigns.

In the aftermath of the Pahalgam terror attack, the Indian Computer Emergency Response Team (CERT), the Ministry of Home Affairs sounded alarms about a surge in Pakistan-origin cyberattacks, especially against financial institutions and critical infrastructure.

As India conducted missile strikes, experts noted a sharp increase in Distributed Denial of Service (DDoS) attacks on key government systems. Maharashtra Cyber’s post-operation report, Road of Sindoor, documented more than 1.5 million cyber incidents, including 150 successful intrusions involving DDoS, malware, and GPS spoofing.

Notably, some attacks appeared to originate from third-party countries, potentially to obscure Pakistani involvement. Central to these attacks was APT-36 (also known as Transparent Tribe or Earth Karkaddan), a Pakistan-based group known for targeting Indian defence and government networks.

China's indirect involvement further complicated the picture, with suspected support for Pakistan’s cyber capabilities and the amplification of anti-India messaging through state and social media channels. This emerging cyber nexus between China and Pakistan underscores India's strategic concern over a potential two-front threat across both physical and digital theatres.

India's deepening diplomatic and strategic relationship with Israel, particularly since the Israel-Hamas conflict in October 2023, has positioned it as a primary target for pro-Palestinian hacktivist groups. Entities such as Ghost of Palestine, Anonymous Arabic, and KromSec have intensified cyberattacks against Indian assets.

These attacks manifest as website defacements spreading political messages, Distributed Denial of Service (DDoS) assaults crippling vital financial, governmental, and private sector services, and data breaches exposing sensitive information to discredit India's international affiliations.

In 2023, Indian entities faced daily attacks from over 150 hacktivist groups, averaging more than 50 incidents per day. Additionally, a 2023 Cyfirma report documented 42 distinct cyber campaigns targeting diverse Indian industries, predominantly attributed to state-sponsored threat actors from China, Russia, Pakistan, and North Korea. These sophisticated campaigns specifically targeted critical infrastructure, generating significant economic and social repercussions.

India's expansive and rapidly digitising economy, characterised by its burgeoning IT sector, widespread digital payment systems, and varying levels of cybersecurity readiness, makes it a prime target for ransomware groups. These groups exploit existing vulnerabilities to access high-value data from Indian businesses and government agencies, aiming for substantial ransom payments. A notable example is the self-proclaimed Pakistani hacker, ShakalaBumBum, who claimed successful intrusions into India's CERT network, Indian Oil, and leaked data from police and BSNL.

The #IndiaOut campaign in the Maldives, driven by anti-India sentiment, has successfully diminished India's influence, culminating in the rise of a pro-China administration under Mohamed Muizzu. This outcome aligns with China's broader objective to expand its influence in Asia, evident through substantial investments in the Maldives' military aid and infrastructure, and India's subsequent military withdrawal.

In Bangladesh, while direct Chinese interference is not definitively proven, the potential for indirect support to hacktivists targeting Indian interests remains a concern. Collectively, the #IndiaOut campaigns in the Maldives and Bangladesh, coupled with persistent anti-India sentiments and China's strategic manoeuvres, present multifaceted cybersecurity and regional influence challenges for India, underscoring the intricate nature of its strategic landscape.

While the Indian Cyber Crime Coordination Centre (I4C) and the government have proactively strengthened cybersecurity measures, launched awareness campaigns, and increased international collaborations, the rapid escalation of hacktivist attacks continues to challenge India's cyber defence infrastructure, underscoring the need for more adaptable and robust responses to politically driven cyber incidents.

The evolving global geopolitical landscape has undeniably transformed cybersecurity from a purely technical challenge into a critical component of national security and international relations. For India, a rapidly digitising economy at the intersection of complex geopolitical tensions, this necessitates a robust and forward-looking cybersecurity strategy.

Moving forward, India needs to prioritise a multi-pronged approach that includes bolstering its critical infrastructure defences, fostering deeper public-private partnerships, investing heavily in indigenous cybersecurity talent and research, and actively engaging in international collaborations to establish norms for responsible state behaviour in cyberspace.

Only through such a comprehensive and agile strategy can India effectively navigate the intricate interplay of geopolitics and cybersecurity, safeguarding its digital future and preserving its strategic influence on the global stage.

(Disclaimer: The opinions expressed in this article are those of the writer. The facts and opinions expressed here do not reflect the views of ETV Bharat)