Pakistan-Based Group Embeds Malware In Fake Govt Letters Amid Spike In Ransomware, Attacks On Army Websites

Following the Pahalgam terror attack, Pakistan-based Advanced Persistent Threat (APT) group APT 36 has reportedly become active and is preparing to target Indian infrastructure by crafting fake government websites and forged letters embedded with malware, according to a detailed report by Maharashtra Cyber.

After the initial report titled “Echoes of Pahalgam”, Maharashtra Cyber has compiled a follow-up assessment called “Pahalgam Cyber Warfare”. Maharashtra Cyber Chief Yashasvi Yadav stated, “We have submitted the first report to the agency, and the second report will also be handed over soon.”

Among the newly identified actors, APT 36, believed to be operating out of Pakistan, has reportedly masked its IP address to appear as if located in Bulgaria. The group is allegedly creating forged government letters embedded with malware, which, once introduced to a system, can steal data, change passwords, and potentially hijack the entire system.

“This is essentially a technographic attack disguised as an official government letter. It appears to be the latest modus operandi of APT 36,” said Yadav.

He also warned that other threat actors remain active and there is growing evidence of coordination and synergy between these groups. “They are helping each other and launching coordinated attacks,” he added.

Speaking in the context of the Pahalgam terror incident, Yadav remarked, “We observed a sharp increase in cyber wars and attacks targeting India—particularly aimed at critical infrastructure sectors and government agencies. Departments like the military and defence sector have seen numerous attempts. Government portals have faced DDoS (Distributed Denial-of-Service) attacks and website defacement.”

He further added, “In banking and finance, disruption and digital payment system attacks are being launched. In telecom and technology, ransomware deployment attacks have been identified. Critical infrastructure is being targeted through malware induction attacks.”

Yadav warned that these assaults point towards a cyber war strategy where countries not maintaining cordial relations with India are trying to convey a message that they can cripple critical infrastructure.

Offering recommendations, Yadav urged all agencies to “pay serious attention to cyber security and adopt hygienic cyber behaviour.” He advised that systems must undergo cyber security audits, firewall configurations must be verified, passwords must be strengthened, and red teaming exercises must be conducted to identify vulnerabilities and address them swiftly.

The earlier report had flagged Team Insane PK, a Pakistani APT group, as well as other active players like Bangladesh-based Mysterious Team Bangladesh (MTBD) and Indonesia’s Indo Hax Sec. Threat actor Golden Falcon, based in the Middle East, was also named.

Pakistan-Sponsored Hacker Groups Try To Breach Army-Related Websites

In a continued wave of cyber offensives, Pakistan-sponsored hacker groups such as “Cyber Group HOAX1337” and “National Cyber Crew” also attempted to breach several websites on Thursday. These attempts were swiftly detected and neutralised by cyber security agencies.

Among the targets were the websites of Army Public School Nagrota and Sunjuwan, which hackers tried to deface with messages mocking the victims of the recent Pahalgam terror attack. Another attack targeted a healthcare website for ex-servicemen.

Repeated attempts have been made to attack platforms linked to children, elderly veterans, and other civilians. These acts have been widely condemned as a new low in Pakistan’s cyber operations.

The hacking of the Army Institute of Hotel Management’s website and platforms associated with Indian Air Force veterans further highlight the Pakistani establishment’s continuing attempts to provoke and escalate digital warfare against India.

These coordinated cyberattacks form part of a broader pattern of provocation and information warfare that has long been associated with Pakistan’s hostile stance towards India.

Also read

‘Organised Cyber War’: After Pahalgam Attack, India Hit By Nearly 1 Million Cyberattacks

Amid Tensions With India, Shehbaz Sharif Seeks Help From Jailed Former Pakistan PM Imran Khan