India-Pakistan Conflicts Escalating: Military Operations and DDoS Attacks Making Targeted Strikes

Background

On May 7, 2025, NSFOCUS Fuying Lab released “Two-Front Confrontation: Parallel Narratives of India-Pakistan Reality Friction and Cyber DDoS Attacks“, which analyzed the DDoS attack activities in the early stage of India-Pakistan friction. This article is the second in this series, mainly analyzing the DDoS attack activities against India after May 7.

May 7, 2025: As the situation between India and Pakistan further escalated, NSFOCUS’s Fuying Lab Global Threat Hunting System continued to monitor more intense DDoS activities against India, further confirming that there are obvious parallel evolutionary characteristics of real-world conflicts and cyberspace confrontations. Attackers not only publicly announced their attacks, but also implemented a “targeted strike” strategy, escalating the targets of attack to high-value targets such as government agencies, military facilities and critical information infrastructure. At the same time, the attack duration is also growing. The DDoS attack on the website of the Indian President’s Office lasted a record high of 19 hours.

After May 7, 2025, the India-Pakistan conflict turned into an air contest. On May 8 and 9, Pakistan successively destroyed 77 Indian drones; on May 10, Pakistan officially took military action, named “Iron Wall”, targeted 26 Indian military targets, accompanied by cyber attacks, which Pakistan claimed paralyzed about 70% of India’s power grid.

Timeline

April 22nd: A shooting incident targeting tourists occurred in Pahalgam town of Indian – administered Kashmir, resulting in 26 deaths. India accused Pakistan of supporting cross – border terrorism, but Pakistan denied it.

April 23rd – 24th: India closed border crossings, expelled Pakistani diplomats, suspended issuing visas to Pakistani citizens, and its military entered a “high – alert” status. Pakistan announced the closure of its airspace over India, suspension of all trade, revocation of some visas for Indian citizens, and mobilized JF – 17 Thunder fighter jets and missile bases for war preparation.

April 25th – 28th: The two sides exchanged fire continuously in Kashmir. The conflict spread to areas such as the Jhelum Valley and Ranbir Singh Pura district, using small arms, mortars, and drones.

May 2nd – 5th: India banned the import of Pakistani goods and blocked Pakistani social media accounts. Pakistan prohibited Indian ships from entering its ports.

May 7th: India launched a “major military operation” and launched attacks on nine “terrorist infrastructure” target sites within Pakistan. The Pakistani air force shot down three Indian military aircraft and launched missiles to destroy a military command post within India in response to India’s air strikes on Pakistan.

May 8th – 10th: Pakistan launched the “Solid Wall” military operation and launched a new round of attacks on Indian air force bases. The Pakistani military announced that it paralyzed 70% of India’s power grid through cyber – attacks, causing power outages in multiple cities and severely affecting the operation of military and civilian facilities.

May 10th: Indian Foreign Secretary Vikram Misri and Pakistani Foreign Minister Ishaq Dar stated that the military of both sides agreed to a comprehensive cease – fire, and hostilities would end at 5:00 PM / 4:30 PM PKT (11:30 GMT).

As conflicts between countries continue to escalate, the confrontation mode in cyberspace has changed from traditional covert operations to openly declared “combat” behavior. Even state actors have begun to directly participate in cyber attacks-Pakistani officials claim that cyber attacks are quite effective in this conflict. We can see a new form of hybrid combat with “real military-cyberspace” dual-line linkage being formed.

DDoS Attacks Against India

Note: All the times and dates shown below are in GMT+8.

According to the monitoring data of the Global Threat Hunting System of NSFOCUS Fuying Laboratory, DDoS attacks against India have shown a significant upward trend since May 7, 2025.

Since May 7, India has launched a “major military operation” and the India-Pakistan conflict has escalated into an air confrontation, with India first launching fighter jet missile strikes. With the evolution of physical warfare, the number of DDoS attacks against India has also shown a significant increase, rising continuously from May 7 to reaching its peak on May 10, 97 times (9700%) higher than before the friction on April 22, and 14 times (1400%) higher than during the exchange of fire between the two sides from April 25 to 28. On the same day, Pakistan also launched the “Iron Wall” military operation and claimed that its cyberspace operations had paralyzed 70% of India’s power grid. On May 11, after both sides agreed to a comprehensive ceasefire, the intensity of DDoS attacks has dropped, but the overall attack situation has not completely subsided.

Comparative analysis of attack targets shows that before May 7, DDoS attacks were mainly aimed at industries such as telecommunications and news. However, as the situation escalates, the target of attack has shifted significantly. Key departments such as government agencies and military facilities have become the primary targets of attack, and the duration has gradually increased. This may be related to the direct participation of organizations supported by state actors, which often have more resources and stronger capabilities, and cause greater attack effects and impacts.

Cyberattack on Indian Ministry of Defense website

May 10, 2025 At 15:39, the official website of the Ministry of Defence (MoD) (mod.gov.in) was attacked by a DDoS attack lasting 3 hours, 56 minutes and 57 seconds. Monitoring data showed that the attack used NTP reflection amplification.

The Indian Ministry of Defense is a key administrative department of the Indian government, responsible for coordinating the country’s military defense, especially during the armed conflict with Pakistan. The Ministry of Defense is the most important and authoritative coordinating department. Its official website is an authoritative information release platform for India’s defense affairs, and undertakes multiple functions such as publishing policy documents, military education, recruitment propaganda, and maintaining the national image. As of May 12, the official website of the Indian Ministry of Defense may have blocked network requests from abroad to reduce the impact of DDoS attacks, and the external propaganda function of the Ministry of Defense’s official website is paralyzed.

Cyberattack on the Press and Information Bureau of India

May 10, 2025 At 18:59, the official website of the Press Information Bureau (PIB) of India (pib.gov.in) was attacked by a DDoS attack lasting 1 hour, 2 minutes and 37 seconds. The attack used DNS reflection amplification. The Press and Information Authority of India is a nodal agency under the Ministry of Information and Broadcasting of the Indian government that manages print, media and online news throughout India. Its head also serves as the official spokesperson for the Indian government, which is an authoritative media organization in India. At 10 a.m. on May 10, Indian time, the Press and Information Bureau of India refuted the news that “Pakistani officials claimed that they had used cyber attacks to paralyze 70% of India’s power system”, claiming that the power system was operating normally. At 18:59:17 on the same evening, it was attacked by DDoS.

Cyberattack on Indian Prime Minister’s Office website

May 10, 2025 At 16:55, the Indian Prime Minister’s Office website (pmindia.gov.in) was hit by a DDoS attack lasting 1 hour, 51 minutes and 13 seconds. Monitoring data shows that the attack used DNS reflection amplification.

The Indian Prime Minister’s Office has core functions such as policy delivery, government affairs disclosure and public interaction. It is the de facto highest authority in India, playing an important political and spiritual leadership role. The DDoS attack on the Prime Minister’s Office website will affect India’s social public opinion, international image, social order and other aspects.

Attack on the government website of Jammu and Kashmir, India

May 9, 2025 At 14:21, the Mirai botnet was detected targeting the government website of Jammu and Kashmir State, India (www.jkgad.nic.in). The attacker used the ACK Flood attack method.

The website mainly publishes administrative notices, policy updates and public affairs statements of the Jammu and Kashmir State Government, provides job vacancies, examination notices and recruitment results of the state government and its subordinate agencies, and obtains government forms, reports, annual plans and other documents. The attack on this website affects core functions such as government announcement release and administrative document download.

Attack on the Indian President’s Office website

May 7-8, 2025, the Indian Presidential Office website (presidentofindia.gov.in) suffered two consecutive rounds of DDoS attacks. Monitoring data shows that attackers use DNS reflection amplification to launch attacks. The first round of attacks began at 17:38 on May 7 and lasted for 2 hours, 16 minutes and 11 seconds; the second round of attacks was even worse, starting at 00:47 on May 8 and lasting 19 hours, 46 minutes and 29 seconds.

As the official portal of the Office of the Supreme Head of State of India, the Presidential Office website undertakes important functions such as government affairs disclosure and foreign affairs activities publicity. The attack may affect website services, affecting a number of core government functions including foreign affairs activity inquiries, presidential announcements, and citizen petition submissions.

Cyber attack on the domain name resolution service of the Indian Informatics Center

From May 7 to 8, 2025, the domain name resolution service (ns2.nic.in) of the Indian National Informatics Center suffered two consecutive rounds of DDoS attacks. Monitoring data shows that the attack used DNS reflection amplification to launch the attack. The first round of attacks began at 22:29:28 on May 7 and lasted 19 minutes and 03 seconds; the second round of attacks was even worse, starting at 00:46:44 on May 8 and lasting 1 hour, 05 minutes and 11 seconds.

The National Informatics Center (NIC) is a technical partner under the Indian Ministry of Electronics and Information Technology (MeitY). NIC was founded in 1976 to provide technology-driven solutions for central and state governments. As the core IT infrastructure management agency of the Indian government, NIC’s domain name resolution service may be paralyzed by an attack, resulting in a large-scale interruption of Internet services across the country, which has a huge impact.

Summary

As the situation in India and Pakistan continues to escalate, the immediacy of DDoS attacks has become more prominent, while also showing the dual effects of “scale suppression” and “precision strikes”. On the one hand, the scale of attacks has increased by nearly two orders of magnitude; on the other hand, the targets are clearly concentrated in high-value targets such as critical infrastructure and core government departments.

In addition, as physical conflicts escalate to the stage of hot war, cyber attacks have completely abandoned their traditional concealment characteristics. Attackers have begun to openly declare attack actions, especially the direct intervention of state power, making cyber strikes unprecedented in scale and precision. It is worth noting that even if the real conflict tends to ease, the confrontation in cyberspace has not stopped immediately. Although India and Pakistan have reached a ceasefire agreement on May 10, 2025, DDoS attacks continue to exist, but the scale of the attacks has been reduced. This fully reflects the long-term and complex nature of cyberspace confrontation.

The post India-Pakistan Conflicts Escalating: Military Operations and DDoS Attacks Making Targeted Strikes appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

*** This is a Security Bloggers Network syndicated blog from NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. authored by NSFOCUS. Read the original post at: https://nsfocusglobal.com/india-pakistan-conflicts-escalating-military-operations-and-ddos-attacks-making-targeted-strikes/