Hacktivist and state-backed cyber groups targeting major Middle East firms underscore risks for India, where similar attacks during Operation Sindoor hit public sector undertakings and other critical infrastructure, cybersecurity experts said.

Cybersecurity experts and consultants have issued advisories to Indian corporates warning that hackers could attempt to attack critical infrastructure including power grids, telecommunication networks, banking ATMs, as observed during Operation Sindoor.

“Cyber warfare typically precedes any kinetic mobilisation on the ground. It often begins with misinformation campaigns, espionage, and intelligence gathering, and the Gulf region has witnessed heightened volatility in cyberspace over the past few months,” said Siddharth Vishwanath, Partner and Risk Consulting Leader at PwC India. “We anticipate an increased risk of compromise targeting government-to-citizen services and critical infrastructure.”

“India may face cyber spillover from the escalating Middle East conflict, particularly through indirect targeting by Iranian-aligned APT groups and hacktivist collectives,” a spokesperson at threat intelligence firm CloudSEK said.

“Indian IT service providers, financial institutions, telecom networks, and cloud infrastructure could experience DDoS campaigns, phishing waves, ransomware attempts, and credential-based intrusions linked to regional geopolitical retaliation,” the person said.

On Saturday, Israel launched what has been described as the largest cyberattack in history against Iran, contributing to a near-total internet blackout, disruption of government services, media, as well as energy and aviation infrastructure.

Meanwhile, BadeSaba Calendar, a popular Iranian app which tracks prayer timings, was compromised in a large-scale cyber operation. The app, which has over 5 million users, was used to send push notifications in Persian including phrases like “Help has arrived” and “lay down your weapons” during US and Israeli joint airstrikes in Tehran.

“We also expect both state and non-state actors to deploy malware for commercial-scale hacking operations. In response, Indian firms remain vigilant, and we have activated our cyber control centre to proactively monitor and neutralise potential threats across clients’ infrastructure,” PwC’s Vishwanathan added.

In May 2025, the India-Pakistan conflict had become an opportunity for several ‘digital war tourists’ or foreign hacker groups to seek some quick bucks or drive religious agenda by launching cyberattacks on the national digital infrastructure, ET had reported.

Back then, cyber researchers had identified an army of state/non-state actors like Moroccan Soldiers, Team R70 (Russia) Lulzsec Arabs (the Middle East), Islamic Hacker Army (Iraq), Sylhet Gang SG (Bangladesh) and Team Azrael-Angel of Death (Palestine) claiming to deface websites and breach sensitive data from several Indian government and private organisations.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!