In 2025, India’s digital backbone—comprising power grids, government portals, healthcare systems, and transportation networks—is under constant siege. Adversaries ranging from nation-states to hacktivist collectives are launching increasingly sophisticated campaigns aimed at disrupting operations, siphoning sensitive data, and eroding public trust.
As a cybersecurity expert, one thing is clear: attacks on critical information infrastructure (CII) have escalated in frequency, coordination, and ambition.
Let’s unpack the latest incidents, insights, and what they mean for India’s digital resilience.
1️⃣ Massive Surge During “Operation Sindoor”
In May 2025, amid the India–Pakistan conflict, India faced a coordinated cyber offensive—dubbed Operation Sindoor. Over 650 cyberattacks struck critical infrastructure between May 7–10, including government portals, telecom services like BSNL, UIDAI, and powergrid systems. The wave involved state-aligned actors, hacktivist groups from Pakistan, Bangladesh, and Southeast Asia, and backing from Chinese sources The Economic Times+1The Times of India+1.
Key incidents:
-
DDoS & defacements hit government websites.
-
Credential theft and access-based intrusions targeted bureaucratic email accounts.
-
A Gujarat ATS investigation flagged involvement of local perpetrators, including an 18‑year‑old linked to over 50 attacks on government sites Industrial Cyber+1Cyble+1The Times of India.
This massive cyber barrage coincided with drone incursions, signaling a new era of hybrid warfare where physical and cyber domains entwine The Economic Times.
2️⃣ Phishing Domains Threaten Public Confidence
The NTRO’s CII cell detected and reported 1,172 malicious phishing domains in just the first half of 2025. These domains masqueraded as public services, financial institutions, telecom providers, and utilities—posing a direct threat to critical systems and consumer trust Corbado+3Wikipedia+3The Economic Times+3.
These domains were promptly shared with stakeholders to initiate takedown and user alerting actions.
3️⃣ CII Websites Hit by Hacktivists
Eventus Security noted a variety of high-profile targets in 2025: ICICI vendor portals, UIDAI APIs and portals, DigiLocker APIs, DRDO spear-phishing attempts, Central Bank of India phishing infra, and ransomware targeting AIIMS Delhi. These attacks show that both sensitive government bodies and public/private CII players are being actively probed Eventus Security –.
4️⃣ ICS/OT Attacks on Utilities and Manufacturing
Global cybersecurity firm Cyble revealed that ICS/OT attacks escalated rapidly, accounting for 38 infrastructure breaches (primarily in energy sectors) in Q2 2025—up 150% from Q1—with Russia-linked hacktivist group “Z-Pentest” leading the surge Industrial Cyber+1Cyble+1.
Meanwhile, Kaspersky ICS CERT noted that 19.1% of industrial control systems in India blocked malicious payloads in Q1 2025, largely via the internet and email—highlighting persistent ICS exposure DIGITAL TERMINAL+1The Hacker News+1.
These incidents highlight escalating risk to vital systems like electricity, water, oil, and transport—often tied to older, legacy operational tech.
5️⃣ Ongoing State Actor Campaigns
India’s CII defences face sustained pressure from nation-state campaigns. A Pakistani tech analyst report cites “Operation Bunyān Marsoos”, claiming cyber engagement against government satellites, military sites, telecom, and surveillance systems, with alleged 1.5 million intrusion attempts Wikipedia+1Eventus Security –+1.
In addition, China, Pakistan, and other actors continue probing CII sectors—particularly energy and critical comms systems—seen as strategic targets in geopolitical maneuvers .
Why CII Attacks Are Escalating
The rise in CII incidents reflects several critical factors:
| Catalyst | Description |
|---|---|
| 🛠 Digitization of OT/ICS | Critical systems now connected to corporate networks and the internet, drastically increasing vulnerability . |
| 🏴☠ Hacktivist evolution | Groups like Z‑Pentest focus on energy infrastructure to maximize impact . |
| 🌐 Hybrid conflict strategies | Cyber attacks are now part of physical and political warfare, as seen in Operation Sindoor . |
| 🎯 Low-cost, high-impact targeting | Attacks like phishing domains are easy to launch and dangerous to CII operations. |
| 🤖 Legacy vulnerabilities | Aging OT infrastructure often lacks modern cybersecurity defenses. |
Impact of These Attacks
-
Disruption of Vital Services: Rumors of major grid outages—though denied by authorities—underscore the real potential for service disruption .
-
Espionage & Data Theft: Spear-phishing campaigns target military tech and R&D bodies like DRDO.
-
National Security Risks: Prolonged or simultaneous CII outages could impact public safety, public morale, and economic stability.
How India Is Responding
🛡 NCIIPC – National Critical Information Infrastructure Protection Centre
-
Established under NTRO, it coordinates CII defense across government and industry chase-advisors.com+5Wikipedia+5The Times of India+5.
-
Manages a 24/7 incident response line (1800‑11‑4430), guidance issuance, and vulnerability disclosure programs.
💂 CERT‑In Directives
-
Regulatory requirements include 6‑hour incident reporting, log retention, time sync, and secure communications policies WikipediaWikipedia.
🤝 Public-Private Collaboration
-
Government works with telecoms, energy utilities, and others on threat intelligence sharing and sector-specific drills .
🔧 OT/ICS Hardening
-
Agencies and private operators are implementing network segmentation, real-time anomaly detection, and ICS-specific security tools.
Key Takeaways for CII Operators
-
ICT/OT Segmentation: Ensure logical separation with strict access control and network segmentation.
-
Real-Time Monitoring: Deploy ICS-aware monitoring to detect anomalous traffic.
-
Phishing Defenses: Regularly scan for phishing domains and train staff to recognize phishing risks.
-
Patch Management: Apply updates regularly, even to legacy ICS devices.
-
Incident Response Planning: Develop drills simulating hybrid-warfare breach conditions.
-
Multi-Layer Defense: Combine network defenses with endpoint protection and OT safeguards.
-
Collaboration & Reporting: Share intel with NCIIPC, CERT‑In, and industry peers.
What Individuals & Organizations Should Know
-
Awareness: Understand that attacks extend beyond “IT” to include national infrastructure.
-
Vigilance: Stay alert for phishing, suspicious communications, or false domains.
-
Support: Urge leadership to prioritize segmentation, monitoring, and CII collaboration.
-
Compliance: Follow cybersecurity regulations to protect critical assets and build national resilience.
Conclusion
India’s critical information infrastructure is under persistent, evolving threats—from advanced nation-state stealth campaigns to hacktivists and multilayered hybrid warfare strategies. The stakes are high: compromised systems can ripple through national security, public safety, and essential services.
But India isn’t standing still. Agencies like NCIIPC, CERT‑In, as well as public-private partnerships and emerging security protocols, are building an ecosystem to monitor, detect, and respond faster.
As a cybersecurity professional, I believe protecting CII isn’t optional—it’s a national imperative. Defense must be multi-layered, collaborative, and proactive.
In 2025, safeguarding our critical infrastructure means embedding security into every layer—from physical systems and operational environments to national digital policy.
Together, we must secure our nation—and our future—against the next digital storm.
