On February 24, 2022, hours before Russia’s ground offensive in Ukraine began, a major cyber attack crippled American satellite firm Viasat. Ukrainian forces relying on Viasat lost critical communications as ‘AcidRain’ malware disabled thousands of modems―an early act of hybrid warfare.
As tensions rise along the India-Pakistan border, experts warn that India must prepare not just for conventional conflict but cyber warfare targeting critical infrastructure. “We should not assume that the threat is limited to border areas. We must be prepared for strategic cyber strikes on Mumbai and other major urban centres with the intention of paralysing India,” said K.S. Manoj, director (cyber physical systems security) at the cyber defence firm Intelegrid ECC.
According to the Chennai-based Strava Cyber Labs, a “multi-stage attack” is already underway, with state-backed actors exploiting known vulnerabilities and deploying remote access trojans (RATs) for persistent access and data theft.
After the Pahalgam terror attack, said Manoj, there has been increased activity by a Pakistan-linked“advanced persistent threat” group, which is allegedly backed by a notorious Chinese group. Active at least since 2013, this Pak group targets Indian government and defence networks using malicious tools such as Crimson RAT and steals data by creating fake domains and exploiting software vulnerabilities as those in WinRAR. In late April, Pune-based Seqrite Labs uncovered a phishing campaign using “Pahalgam Terror Attack” lures aimed at government and defence personnel.
Experts warn cyber attacks will likely involve RATs and remote code execution, exploiting vulnerabilities in India’s critical systems. Manoj warned that the national power grid, modernised in the 2000s incorporating technologies like SCADA (supervisory control and data acquisition) and DMS (distribution management systems), is especially at risk. Chinese component suppliers may have been granted access to install SCADA hardware, software and network components without having to undergo rigorous cyber security vetting. Malicious implants, he said, may already be embedded within critical systems. “We currently lack a comprehensive detection mechanism,” Manoj said. He also pointed out that the SCADA-DMS systems were integrated with outdated legacy infrastructure, resulting in significant security vulnerabilities.
Also Read
- How India planned Operation Sindoor
- Seizing the narrative
- How India pulled off the stand-off strike mission
- Operation Sindoor a success; but would a prolonged war prove detrimental?
- Pakistan army chief seems to have limited options: Anju Gupta, strategic affairs expert
- How the Army, Navy and Air Force combined to make Operation Sindoor a success
Unsecured SCADA systems could allow attackers to trip breakers, overload transformers or disable substations―like the October 2020 Mumbai blackout. Though officially deemed a technical failure, firms like Recorded Future linked it to a China-based group using RATs and remote code execution.
Strava Cyber Labs said India needed multi-pronged defence: mandatory resilient design standards in infrastructure, innovation in cyber security tech, and strong public-private collaboration. Quick Heal Technologies, in its India Cyber Threat Report 2025, recorded 369 million incidents in 2024 alone―roughly 11 every second. The health care sector was hit the hardest, accounting for 21.8 per cent of attacks.
Given the rise of AI-powered malware and looming threats from “quantum hacking”, experts urge deeper coordination between public and private sectors. In late 2024, Chinese researchers claimed to have hacked military-grade encryption using a quantum computer.
Experts say India must adopt “zero trust architecture”―a security model that assumes that no user or device can be trusted by default―across sectors and invest in indigenous quantum-resistant infrastructure and capabilities.