{ "id": "af970948-2e76-4379-82d0-296085017886", "created_at": "2026-04-06T00:16:33.147923Z", "updated_at": "2026-04-10T13:12:33.385301Z", "deleted_at": null, "sha1_hash": "cffda9978b6d0792ad598a234e45202b68303804", "title": "Reprisal Hacktivism Targets Indian Ideology", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1933160, "plain_text": "Reprisal Hacktivism Targets Indian Ideology\r\nPublished: 2023-04-28 · Archived: 2026-04-05 17:21:37 UTC\r\nCRIL charts the evolution of recent Hacktivism targeting India, as well as reprisal attacks against the same.\r\nAn Internal Situation of Parallax \u0026 Disarray\r\nHacktivism has begun to pose a considerable threat to India due to its unique societal, ideological, and economic\r\nposition in the continent.\r\nThe ongoing commotion, OpIndia/OpIndia 2.0, by several hacktivists and the response of pro-Indian hacktivists\r\nhas escalated the situation, with businesses and governments caught in the middle of Peter Panners.\r\nWorld's Best AI-Native Threat Intelligence\r\nIt is essential to understand the root cause of such campaigns that are incited due to negative sentiments\r\npromulgated through campaign words like ‘Islamophobia_in_India’ and ‘SaveIndianMuslims’ from within the\r\ncountry. The native/non-native and ideologically misled netizens often post fake content on social media that\r\nincite such hacktivist groups to misconstrue the actual socio-political conditions of a country and react.\r\nAmidst such geo-political developments, Cyble Research \u0026 Intelligence Labs (CRIL) maintains a hawk-eyed\r\napproach to their impact on cyberspace. In the same stride, CRIL captures the account of associated hacktivist\r\nincidents affecting India and other countries in Asia.\r\nChronology of Hacktivist Campaigns Targeting India\r\nIn 2020, the farmer’s protest in India led to the emergence of hacktivist groups such as Anonymous India and the\r\nRed Rabbit Team. These groups use social media platforms to raise awareness about the protests and their\r\nhttps://blog.cyble.com/2023/04/28/indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks/\r\nPage 1 of 11\n\ndemands and carry out cyber-attacks against companies and individuals who were perceived to be against these\r\nmovements.\r\nLast year we observed a flurry of hacktivist incidents targeting India in a two-month-long campaign incited due to\r\nan internal political situation. These campaigns were initiated by a prominent hacktivist group DragonForce\r\nunder the campaign OpsPatuk and were widely participated by several hacktivists sharing the same ideology. The\r\nsame campaign progressed under OpIndia after DragonForce distanced itself from the campaign in June 2022.\r\nOpIndia Reinstated by Team_insane_pk in 2023\r\nIntermittent hacktivism incidents against Indian entities continued throughout 2022. After a brief lull,\r\nTeam_insane_pk reinstated the OpIndia campaign on February 5, 2023, on Kashmir Solidarity Day, by launching\r\nDDoS attacks and leaked documents of the Indian government and private entities. Since then, the group has\r\ncollaborated with several other hacktivists aligned against India.\r\nTeam_insane_pk is operated by a team of threat actors (TA); two of them were identified as Mr Insane and\r\nHOAX1337. The groups were also parallelly involved in targeting other counties, including the Philippines,\r\nSweden, Afghanistan, Russia, Dominican Republic, Indonesia, and Brazil. Ironically, in the past, the group has\r\nalso targeted Pakistan Government websites, such as radio.gov.pk and pabalochistan.gov.pk, claiming religious\r\nreasons to justify the attack.\r\nOperation Payback\r\nIn 2023, another campaign was initiated in March under the name ‘Operation Payback’ by the hacktivist group\r\nMysterious Team Bangladesh. The group launched numerous DDoS attacks against various Indian websites and\r\npublicized them over social media and internet messaging channels.\r\nThis campaign against India by Mysterious Team Bangladesh and other hacktivists was part of a previous global\r\ncampaign in retaliation to the Indian sympathetic hacktivists targeting websites in Pakistan, Bangladesh,\r\nIndonesia, and Malaysia.\r\nThe group also leaked files from historical breaches and shared PDF, SQL, TXT, and image files stolen from\r\nvarious institutions. The files included various identification documents, including Aadhaar cards, PAN cards,\r\npassports, old bank statements, invoices, cheque books, and scanned payment cards. Most of the shared\r\ndocuments appeared outdated, while some remained valid according to their expiry date.\r\nMysterious Team Bangladesh has also historically been trying to run its hacktivism campaigns with a pro-Islamic\r\nideology against several nations. The group claims to be active since 2012. However, they were actively involved\r\nin the May 2022 OpIndia/OpsPatuk campaign and the OpIsrael campaign targeting Israel.\r\nhttps://blog.cyble.com/2023/04/28/indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks/\r\nPage 2 of 11\n\nOther hacktivist groups that supported this campaign were:\r\nMysterious Team Bangladesh Ganosec Team\r\nTeam Insane PK Hacktivist of Garuda\r\nKhalifah Cyber Crew Eagle Cyber Crew\r\nOpsjentikRamadhan\r\nFurther, in the month of Ramadan, on March 27, 2023, another hacktivist group EAGLE CYBER CREW along\r\nwith other 8 groups allegedly from Malaysia, Bangladesh, Pakistan, Indonesia, Yemen, Vietnam, Sudan, and\r\nPalestine, launched #opsjentikRamadhan.\r\nThese prejudiced groups, operating under the notion that Indian Muslims are victims of social injustice, carried\r\nout several DDoS attacks on the Indian side. During the same time, these groups were also involved in OpIsrael.\r\nEAGLE CYBER CREW created its Telegram channel on December 2, 2022, and stated that it is of Malaysian\r\norigin. The hacktivist was also quite vocal in stating themselves as part of the ‘Army of Mahdi’ (Mahdi refers to\r\nthe prophesied redeemer of Islam who will appear before the end of the world to rid the world of evil and injustice\r\nin Islamic scripture) and ‘Anti Dajjal Community’ (Dajjal is an evil figure in Islamic eschatology).\r\nhttps://blog.cyble.com/2023/04/28/indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks/\r\nPage 3 of 11\n\nFigure 1: Announcement of the campaign on the Telegram channel\r\nThe following affiliates participated in the campaign:\r\n4 EXPLOITATION Channel SynixCyberCrimeArmyMY\r\nSTUCX TEAM TIGERCYBERTEAM\r\nMysterious Team Bangladesh 1915 TEAM\r\nTeam_Insane_pk official KEP TEAM\r\nPAKISTAN CYBER HUNTER Mysterious Silent Force\r\nT.Y.G Team Ganosec Team\r\nDuring the campaign, the EAGLE CYBER CREW group claimed to compromise the public-facing web\r\ninfrastructure of the Punjab Police, India. Based on the posts, they leveraged a Local File Inclusion (LFI)\r\nvulnerability to gain access and leak internal configuration files from various sub-domains of the\r\n‘punjabpolice.gov.in’. This also led to the disclosure of MySQL configuration files containing the usernames and\r\nhttps://blog.cyble.com/2023/04/28/indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks/\r\nPage 4 of 11\n\npasswords of database users. This further led to the disclosure of access to the other backend files from different\r\nprovincial websites of the Punjab Police Department.\r\nBesides their campaign, the group, while coordinating with pro-Bangladesh group ‘Mysterious Silent Force’,\r\nlaunched DDoS attacks on several Indian banks public and private sector banks on April 27, 2023.\r\nAnti-India Campaign by ‘Anonymous Sudan’\r\n‘Anonymous Sudan’ is a politically motivated hacktivist group active on their Telegram channel since January\r\n18, 2023. Their activities began on January 23, 2023, with DDoS attacks on organizations in Sweden, Denmark,\r\nthe Netherlands, France, Australia, and Israel. In April 2023, the group declared India their latest target to\r\nsympathize with Indian Muslims under their misperceived Islamic cause.\r\nFigure 2: Announcement by Anonymous Sudan group on their Telegram channel\r\nOn their Telegram channel, the group “Anonymous Sudan” claimed to target websites of the Airports Authority of\r\nIndia (aai.aero), Delhi Airport, Mumbai Airport, Hyderabad Airport, Goa International Airport, and Cochin\r\nAirport. Other than these, the actors also targeted websites of healthcare institutions, including KIMS hospitals\r\nand Apollo Hospitals, to name a few. The TA shared connection status, apparently demonstrating successful\r\nDenial of Service on the websites.\r\nOpsAbabeel:\r\nhttps://blog.cyble.com/2023/04/28/indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks/\r\nPage 5 of 11\n\nOn April 19, 2023, EAGLE CYBER CREW initiated a parallel campaign – OpAbabeel (freedom from sadness,\r\nfears, and horrors), in collaboration with hacktivist groups, 4-EXPLOITATION, KHALIFAH CYBER CREW,\r\nand TIGER CYBER CREW.\r\nThe ongoing campaign is in retaliation to Indian hacktivists leaking data of Muslim citizens. The campaign also\r\ngarnered interest from Team_insane_pk officials and ISLAMIC CYBER CORPS. In this campaign, they used\r\ntactics like DDoS attacks, defacement, and selling compromised databases from India. However, the Indian data\r\nsamples shared by these groups on their channel were from a 2020 leak from a threat actor active on the now-defunct BreachForum.\r\nIn this campaign, these groups primarily target Indian Government entities, the Judiciary, and Educational\r\ninstitutes. These groups are simultaneously also targeting companies in Mexico, the United States, Ghana, and\r\nCyprus.\r\nFigure 3: Announcement of the campaign on the Telegram channel\r\nOpIndia 2.0\r\nOpIndia2.0 campaign was initiated at the behest of Indonesian hacktivist groups – VulzSec and Hacktivist of\r\nGaruda on April 20, 2023, in retaliation to the ongoing attacks on Indonesian government sites by Indian-sympathizing threat actors. The group claimed to launch DDoS attacks on 54 entities, primarily government\r\nwebsites of various states of India.\r\nhttps://blog.cyble.com/2023/04/28/indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks/\r\nPage 6 of 11\n\nFigure 4: Announcement of the campaign by Hacktivist of Garuda\r\nOn April 26, 2023, VulzSecTeam declared to cease the OpIndia 2.0 campaign, when a pro-Indian hacktivist group,\r\nKerala Cyber Xtractors, approached them. According to the conversation between the two, this campaign was also\r\na result of misconceived notions about the perceived suffering of Indian Muslims.\r\nhttps://blog.cyble.com/2023/04/28/indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks/\r\nPage 7 of 11\n\nFigure 5: Excerpt from VulzSec Telegram channel, declaring to cease the OpIndia campaign.\r\nHowever, other Hacktivist groups such as GANOSEC TEAM and Team_insane_pk ignored this truce and\r\ncontinued their attacks on Indian cyber infrastructure.\r\nOpIndia23\r\nPro-Islamic groups came together to launch another campaign, #OpIndia23, on April 26, 2023. This is an ongoing\r\ncampaign to protest against the perceived injustice and prejudice against Indian Muslims. This campaign was\r\nstarted after the conclusion of the OpIndia2.0 campaign.\r\nhttps://blog.cyble.com/2023/04/28/indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks/\r\nPage 8 of 11\n\nFigure 6: Announcement post of the OpIndia campaign\r\nThe following groups are involved in this campaign:\r\nMysterious Silent Force Dragon Force Malaysia\r\nMysterious Team Bangladesh 4 EXPLOITATION Channel\r\nMysterious Team Bangladesh PAKISTAN CYBER HUNTERS\r\nEAGLE CYBER CREW VulzSec Team\r\nAnonGhost Hacktivist Indonesia\r\nTeam_insane_pk official TYG Team\r\nA-E-S 1919 Team\r\nhttps://blog.cyble.com/2023/04/28/indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks/\r\nPage 9 of 11\n\n1915 Team KEP Team\r\nGANOSEC TEAM Anonymous Sudan\r\nThe campaign claimed to compromise the government websites of the state of Kerala, Rajasthan, Maharashtra,\r\nand Jammu \u0026 Kashmir, the Income Tax portal, the AICTE site, and allegedly leaked data related to them.\r\nReprisal Attacks\r\nIn retaliation to attacks on Indian infrastructure, a few Indian-sympathizing hacktivists emerged from the shadows.\r\nThey publicized their claims of DDoS on organizations from Bangladesh, Indonesia, Malaysia, and Pakistan on\r\nsocial media and their Telegram channels.\r\nAmong many such small factions identified recently, we observed the following groups leading a coordinated\r\nwave of attacks:\r\nAnonymous India Mariana’S Web\r\nTeam UCC Operation Indian Cyber Mafia\r\nIndian Cyber Force Team 1-4-1\r\nKerala Cyber Xtractors  \r\nThese groups have launched retaliatory campaigns under the monikers:\r\nop_payback TROLL_KANGLADESH\r\nop_malay OPPAYBACK_BD\r\nop_indo_kids OP_BD\r\nOPPAYBACK_MY op_porkis\r\nOPMALAYSIA OP_PK\r\nOP_MY op_pak\r\nOPHABIBI Payback2023\r\nop_bd_skids TROLL_KANGLADESH\r\nConclusion\r\nOver the years, Hacktivism has become more cynical. Once a tool to voice social and political change, it has\r\nevolved into a nefarious apparatus of across-the-border crime to further their ideological agendas, disrupt\r\ngovernment and business, and create social disharmony. Over the last year, we have also observed the emergence\r\nof state-sponsored and destructive hacktivism.\r\nhttps://blog.cyble.com/2023/04/28/indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks/\r\nPage 10 of 11\n\nInitially started as a tool to promote religious freedom and human rights, Hacktivism has eventually transpired\r\ninto online hate, discrimination, and even violence in some cases. It is important to balance the need for religious\r\nexpression and activism with the need for tolerance, respect, and security in the online world. As the tactics and\r\nideologies in hacktivism continue to evolve, individuals and governments must take steps to ensure regulated\r\nonline activism and build a tolerant online community.\r\nSource: https://blog.cyble.com/2023/04/28/indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks/\r\nhttps://blog.cyble.com/2023/04/28/indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks/\r\nPage 11 of 11", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "origins": [ "web" ], "references": [ "https://blog.cyble.com/2023/04/28/indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks/" ], "report_names": [ "indian-ideology-targeted-by-hacktivists-reprisal-hacktivism-draws-more-attacks" ], "threat_actors": [ { "id": "f68778ec-e021-433b-a262-eba6a0edbb76", "created_at": "2023-11-17T02:00:07.591282Z", "updated_at": "2026-04-10T02:00:03.454381Z", "deleted_at": null, "main_name": "VulzSecTeam", "aliases": [ "VulzSec" ], "source_name": "MISPGALAXY:VulzSecTeam", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e53fc09e-24cc-40d4-b38d-7e2d6dbe81d8", "created_at": "2023-03-17T02:01:50.851615Z", "updated_at": "2026-04-10T02:00:03.362605Z", "deleted_at": null, "main_name": "Anonymous Sudan", "aliases": [], "source_name": "MISPGALAXY:Anonymous Sudan", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6608b798-f92b-42af-a93f-d72800eeb3a3", "created_at": "2023-11-30T02:00:07.292Z", "updated_at": "2026-04-10T02:00:03.482199Z", "deleted_at": null, "main_name": "DragonForce", "aliases": [], "source_name": "MISPGALAXY:DragonForce", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "843f4240-33a7-4de4-8dcf-4ff9f9a8c758", "created_at": "2025-07-24T02:05:00.538379Z", "updated_at": "2026-04-10T02:00:03.657424Z", "deleted_at": null, "main_name": "GOLD FLAME", "aliases": [ "DragonForce" ], "source_name": "Secureworks:GOLD FLAME", "tools": [ "ADFind", "AnyDesk", "Cobalt Strike", "FileSeek", "Mimikatz", "SoftPerfect Network Scanner", "SystemBC", "socks.exe" ], "source_id": "Secureworks", "reports": null }, { "id": "b07fec96-80cd-4d92-aa52-a26a0b25b7c2", "created_at": "2022-10-25T16:07:23.826594Z", "updated_at": "2026-04-10T02:00:04.760416Z", "deleted_at": null, "main_name": "Madi", "aliases": [ "Mahdi" ], "source_name": "ETDA:Madi", "tools": [ "Madi" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434593, "ts_updated_at": 1775826753, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/cffda9978b6d0792ad598a234e45202b68303804.pdf", "text": "https://archive.orkl.eu/cffda9978b6d0792ad598a234e45202b68303804.txt", "img": "https://archive.orkl.eu/cffda9978b6d0792ad598a234e45202b68303804.jpg" } }