Written by Sameer Patil.
Image credit: Operation Sindoor Bahawalpur / A screenshot of ‘Pakistan ‘has the right to respond’ to India’s Operation Sindoor, says minister – video’.
The recent episode of military hostilities between India and Pakistan in May 2025 has unveiled a new chapter of cyber warfare. As the two South Asian neighbours traded drones and missiles, a fierce battle unfolded amongst them in cyberspace. This targeting of each other’s digital infrastructure provided a new avenue for the two countries to pursue their battlefield rivalry. Simultaneously, India faced a barrage of disinformation and propaganda campaigns from Pakistan aimed at manipulating Indian public perceptions, closely resembling ‘cognitive warfare.’ More significantly, it also marked the first time that cyberspace played an important role parallel to the conventional military conflict unfolding between the two fierce rivals.
In recent years, cyberspace has emerged as an important arena alongside conventional military campaigns. As the Russia-Ukraine, Azerbaijan-Armenia, and Israel-Hamas/Iran conflicts have demonstrated, offensive cyber operations by belligerents have prominently figured as a core activity. While not determining the overall direction of military campaigns or shaping their outcomes, these cyber operations have nevertheless helped advance the broader goals of military campaigns: keep the adversary engaged, preoccupied and distracted through actions that fall below the threshold of armed conflict. Such actions include, but are not limited to, breaches of critical national infrastructure, malware campaigns, Distributed Denial of Service attacks (DDoS) and cyber espionage campaigns. Accompanying these infractions are the aggressive disinformation and propaganda operations that have sought to create a ‘fog of war’ like situation through deepfake videos and fake news reports.
Operation Sindoor and Cyber Warfare
Interestingly, in the case of India-Pakistan, the cyber rivalry appears to follow its own unique trajectory, with both countries adopting a differentiated approach in pursuing it.
For Pakistan, adept at using sub-conventional tactics – that can also be differently termed as grey zone tactics – like cross-border terrorism through terrorist organisations that serve as its proxies, offensive cyber operations offer another instrument for targeting India. According to an Indian assessment, since the April 2025 Pahalgam terrorist attack – the incident that triggered military tensions between the two countries – India faced over 1.5 million cyberattacks, including DDoS attacks, malware infiltrations, and GPS spoofing. This statistic assumes significance when seen in the context of 2.04 million cyber incidents handled by India’s Computer Emergency Response Team in 2024.
These cyberattacks targeted major Indian government organisations, public sector companies and military facilities. India claimed that it neutralised these attacks; however, reports suggested that at least 150 attacks were successful in breaching the Indian networks. Pakistan-based/Pakistani hackers attempted to mask the origin of several of these attacks by routing them through other countries, including Bangladesh, Indonesia, and Morocco. One prominent Pakistan-aligned threat actor that figured in these attacks was the Advanced Persistent Threat (APT)-36, which is infamous for repeatedly breaching Indian networks to conduct espionage campaigns, collecting information relevant to Pakistan’s military and foreign policy establishment.
On the Indian side, however, the use of cyber instruments was mostly retaliatory, responding to the volley of cyberattacks from the Pakistan-linked threat actors. Several Indian hacking groups, such as Indian Cyber Force, Indian Cyber Defender, WhiteHorse, Cyber Warriors India, AnonOpsIndia, etc., reportedly launched cyberattacks targeting Pakistan’s digital infrastructure. The targets, among others, included Oil & Gas Development Company Limited, Federal Board of Revenue of Pakistan, Habib Bank, etc. One report also claimed that Indian hackers had breached more than 1,000 CCTV cameras operating in Pakistan through remote access.
India-linked threat actors have a well-documented history of successfully breaching Pakistani cyberspace. Despite this capacity and precedent, it appears that the Indian use of cyber tools during Operation Sindoor was far more restrained, leveraging it more as a means of defence, rather than offence. The focus was on hardening the targets, ensuring resilience and defending the Indian cyberspace, rather than engaging in large-scale offensive cyber actions. Although, admittedly, the patriotic Indian hacking groups mobilised themselves effectively to launch coordinated attacks against Pakistani targets, the overall utility of these attacks remains doubtful besides fulfilling retribution.
The Perception Battles
Even as cyberattacks targeting Indian digital infrastructure were surging amidst Operation Sindoor, another front opened up for India in the form of anti-India disinformation and propaganda operations. It was executed by Pakistan-based threat actors and social media accounts on ‘X’ (formerly Twitter), to amplify rumours, fake news and conspiracy theories. Projecting the terrorist attack at Pahalgam as a ‘false flag operation,’ doubting the impact and targets of the Indian drone and missile strikes and disseminating fabricated information about the Pakistani military strikes on India were some of the prominent themes featured in these propaganda campaigns. There was also an attempt to deceive Indian citizens by circulating multiple deepfake videos of Indian political leadership, including Prime Minister Narendra Modi. The videos purportedly showed these leaders apologising to the international community and expressing regret over Operation Sindoor.
What was more interesting from the Indian viewpoint was the support that these Pakistani propaganda efforts received from their partners, namely China and Turkey. Chinese state media outlets like Xinhua and CGTN and their social media accounts augmented Pakistan’s propaganda. Likewise, Türkiye’s TRT World and Anadolu Agency were found to be deliberately spreading misleading information about the Indian military.
Such was the intensity of these disinformation campaigns on ‘X’ that the Indian Ministry of External Affairs had to create a separate handle, “@MEAFactCheck” to curb the spread of fake news. India also requested the platform to block over 8,000 accounts, spreading the disinformation.
Key Takeaways for Taiwan
What lessons does the India-Pakistan cyber hostilities during Operation Sindoor hold for Taiwan? To begin with, the propaganda campaigns revealed India’s susceptibility to disinformation and psychological operations. This lesson is critical because, despite having an upper hand on the military battlefield, the common perception is that India failed to convert that advantage into a perception victory or narrative gain. This ‘loss’ of information warfare holds an important warning for Taiwan, which has been at the receiving end of China’s cognitive warfare for years and has found it difficult to repel it. In the event of any military contingency, Taipei should expect similar grey zone tactics with coordinated cyberattacks and disinformation operations aimed at manipulating public perception and sowing confusion. Fostering resilience in the form of media literacy, trusted news sources, and a proactive offensive disinformation strategy will go a long way. Having national political unity on the external challenges helps, as India’s own experience suggests. In the aftermath of Operation Sindoor, New Delhi dispatched seven all-party delegations to various countries that remained tethered to a common messaging: explaining the rationale of India’s policy of zero-tolerance against terrorism and its actions against Pakistan.
Secondly, a defensive stance in cyberspace helps. Securing and hardening critical national infrastructure indeed will help thwart the adversary’s designs. However, what is even more helpful is adopting an offensive posture that can potentially yield a tactical advantage and also support kinetic actions. Taiwan will need to put in place a multipronged, multi-vector cyber campaign to counter the cyber onslaught from its adversary, which can only be expected to be a tsunami of cyberattacks.
Beyond cyber and information warfare, as India’s own experience on the battlefield during Operation Sindoor has demonstrated, there is no substitute for local, indigenous defence capabilities. Self-reliance in defence is the most assured way to bolster national security, guarantee operational autonomy, and build resilience against external threats. Sustained investment in core defence capabilities is critical, even as collaboration with like-minded partners is pursued for advanced technologies. The pursuit of strategic autonomy is now indispensably tied to battlefield supremacy.
The recent episode of India-Pakistan hostility has demonstrated that new-age warfare is multi-domain, and cyberspace plays a crucial enabling role for militaries. As threats become increasingly hybrid and adversaries incorporate grey zone tactics as a central element of their military strategies, democracies must cultivate proactive and resilient approaches to national security.
Sameer Patil is Director, Centre for Security, Strategy and Technology at the Observer Research Foundation (ORF), India. Based out of ORF’s Mumbai centre, his work focuses on the intersection of technology and national security, including cybersecurity. Additionally, he researches India’s national security priorities, counterterrorism, and regional security. He serves on the World Economic Forum’s Global Future Council on Cybersecurity and RUSI UK’s Global Partnership for Responsible Cyber Behaviour Advisory Board. He has previously worked at India’s National Security Council Secretariat.
This article was published as part of a special issue on ‘India-Pakistan Conflict: Strategic Insights for Taiwan‘.
Taiwan Insight 