Seqrite identifies 650+ cyber incidents linked to geopolitical tensions surrounding ‘Operation Sindoor’

Quick Heal Technologies Limited, through its Seqrite Labs, has revealed some critical details about coordinated cyberattacks exploiting geopolitical tensions during ‘Operation Sindoor’, India’s military counterterrorism response to the April 22, 2025, Pahalgam terror attack. While the Indian Armed Forces conducted precision strikes on terrorist infrastructure in Pakistan-administered Kashmir from May 7-10, 2025, the threat intelligence team at Seqrite Labs identified parallel cyber campaigns by Pakistan-aligned threat actors targeting defense, healthcare, telecom, and government sectors across India.

The cyber offensive began on April 17, 2025, with spear-phishing emails distributing weaponised files such as Final_List_of_OGWs.xlam and Preventive_Measures_Sindoor.ppam. These attachments exploited public concern about national security by masquerading as official Indian government advisories. Forensic analysis confirmed the use of Ares RAT, an evolved variant of APT36’s Crimson RAT malware, which established covert communication channels with command-and-control (C2) servers at IP 167.86.97[.]58:17854. Attackers ...