CloudSEK’s contextual AI digital risk platform, XVigil, has uncovered a chilling plan by multiple hacktivist groups to launch cyber attacks on India, timed perfectly with the upcoming G20 Summit. It is observed that the government’s digital infrastructure is the primary target of hacktivists.
This orchestrated campaign, known as #OpIndia, is motivated by a complex web of political factors, with many attacks seen as retaliatory strikes in the ongoing hacktivist warfare between nations. The primary attack methods anticipated in this campaign are Mass Defacement and DDoS (Distributed Denial of Service) attacks.
The ominous call for action was sounded on September 7, 2023, when Team Herox, a hacktivist group, issued a message on Telegram. They sought support from fellow hacktivist organizations to join forces for a series of attacks scheduled for September 9 and 10, 2023, aligning perfectly with the G20 summit’s timeline.
This disturbing wave of hacktivist activities isn’t new. CloudSEK’s research shows that hacktivist groups have been plotting cyberattacks on both public and private Indian organizations, with tactics ranging from DDoS attacks to compromised account takeovers and data breaches.
Notably, CloudSEK researchers highlighted a similar concerning insight into a recent hacktivist campaign that targeted over 1,000 Indian websites as part of their Independence Day campaign ( on August 15). The campaign, orchestrated by hacktivist groups from various countries, utilized tactics such as DDoS attacks, defacement attacks, and user account takeovers, echoing the patterns previously highlighted in CloudSEK’s hacktivists warfare report. The report also reveals a significant spike in hacktivist attacks during the first quarter of 2023 with India emerging as the primary focus of attacks.
“Cyber attacks by hacktivist groups have surged exponentially in recent times, with India emerging as their primary target. These hacktivists consistently exploit significant political events like the G20 Summit to gain visibility, making the government’s digital infrastructure a prime objective. The coordinated efforts by hacktivist groups from Pakistan and Indonesia to target India’s G20 Summit with planned cyberattacks are a stark reminder of the digital threats nations face. Our mission is to stay ahead of these evolving risks and empower organizations and individuals to fortify their digital defenses,” said Darshit Ashara, Head of Security Research & Threat Intelligence at CloudSEK.
Historical Attack Type and Modus Operandi
CloudSEK’s analysis has identified the following common attack vectors employed by hacktivist groups:
Open-source HTTP Flooding tools and proxy services for DDoS attacks.
Compromised credentials sourced from malware logs.
Website misconfigurations, weak passwords, and leaked internal credentials.
Vulnerabilities like SQL injection for accessing databases and administrator panels.
Mirroring compromised defaced websites on popular mirror sites for notoriety.
In addition, the threat landscape includes reflective DDoS attacks, where attackers manipulate user agents and referrer headers to make attack traffic appear legitimate, thus evading detection.
CloudSEK urges organizations and authorities to remain vigilant and bolster their cybersecurity measures to thwart these malicious activities. The security of our digital world relies on collective efforts, and CloudSEK remains committed to helping safeguard from cyber threats.