New Delhi: Following the 22 April attack on tourists in Pahalgam, apart from the conflict at the borders, a war was also fought on the digital front. Two detailed reports released by NSFOCUS—a global cybersecurity company headquartered in China, with extensive threat monitoring networks and threat intelligence capabilities—confirm that a parallel war was waged in cyberspace alongside the military build-up. The data reveals that India and Pakistan came under sustained cyber assault through distributed denial of service (DDoS) attacks, though the scale, precision, and impact of these operations varied.
Between 22 April and 10 May, India witnessed a surge of over 500% in DDoS attacks, escalating further as military exchanges intensified. Pakistan, by contrast, experienced a steeper rise of over 700%, according to NSFOCUS’s analysis. However, while Pakistan experienced a sharper percentage rise in attacks, India faced more sustained and strategically coordinated assaults on its highest government institutions—yet managed to maintain operational continuity and recover swiftly.
Key Indian government institutions were specifically targeted, including the official websites of the President’s Office, the Ministry of Defence, the Prime Minister’s Office, the Press Information Bureau, the Jammu and Kashmir state administration, and the National Informatics Centre’s DNS service. All were subjected to prolonged and repeated attacks—some lasting nearly 20 hours. Monitoring showed the use of reflection amplification techniques intended to overload services that facilitate core state functions such as public communication, defence coordination, and administrative accessibility.
The attacks disrupted services temporarily, but systems recovered with minimal lag and were largely restored through coordinated mitigation efforts. The analysis of the incidents, based on NSFOCUS’ data, showed that India was comparatively more prepared not only to withstand the intensity of the digital assault but also to respond effectively to prevent further disruption. The country’s critical IT infrastructure exhibited layered resilience, limiting the long-term effects of the attacks.
Other attacks included disruption to the Ministry of Defence’s website, the Press Information Bureau, and more than an hour of downtime for the NIC’s DNS service.
On the other hand, Pakistan also came under significant cyber assault, with at least four major institutions identified as specific targets. On April 25, the Ministry of Commerce’s website was attacked for over an hour. On April 26, Quaid-i-Azam University and the Pakistan Emergency Services Department were hit, with the latter’s site remaining offline for several days. On May 1, WorldCall Telecom Limited, a major telecom and internet provider, faced disruption. The duration of these attacks ranged from 17 minutes to nearly 48 minutes. The nature of the institutions targeted suggests a broad intent to undermine confidence in national infrastructure. However, in contrast to the detailed visibility on the Indian side, the response and recovery measures in Pakistan were less well documented, leaving some ambiguity around the depth of their mitigation capabilities.
These attacks lasted between 17 minutes and just over an hour. WorldCall faced 17 minutes of disruption, Quaid-i-Azam University 32 minutes, the Emergency Services Department nearly 48 minutes, and the Ministry of Commerce for just over an hour.
While both countries were targeted, the data reflects that India’s digital infrastructure was not only able to withstand sustained attacks but continued to operate its highest offices with limited public disruption. The Indian government also actively refuted some exaggerated claims during the period, including assertions that its power grid had been crippled. The Press Information Bureau dismissed these reports on the same day its own portal was attacked, a sequence that adds context to the timing and targeting patterns observed.
India’s visible recovery timelines, restored services, and continuation of official communication platforms reflected not only a defensive capability but also readiness for digital retaliation if needed. Indian infrastructure absorbed longer-duration attacks, yet was largely restored quickly, which reinforces the analysis of greater resilience and preparedness on India’s part.
While Pakistan claimed operational success in its cyber efforts, the documented resilience of Indian digital systems, especially under direct and sustained attack, presents a more measured reality.
The Sunday Guardian reached out to NSFOCUS with a set of detailed questions seeking further clarification on the comparative resilience of Indian and Pakistani digital infrastructure, the technical nature of the attacks, and the response timelines observed during the conflict. However, no response had been received from the company as of the time of going to print.
The credibility of the findings is reinforced by the stature of NSFOCUS, a globally recognized cyber security firm with over two decades of experience in threat intelligence and cyber defence. Known for its precision and technical rigour, NSFOCUS operates one of the most extensive threat monitoring networks in the world. Its Security Labs have been repeatedly acknowledged for excellence, including seven consecutive wins in Microsoft’s Mitigation Bypass Bounty.