Cyber Espionage and Hacktivism Escalate in Middle East, Raising Risks for India’s Critical Infrastructure
Recent cyberattacks in the Middle East including a historic offensive by Israel against Iran have heightened concerns about potential spillover threats to India’s critical infrastructure. Cybersecurity experts warn that state-backed and hacktivist groups, particularly those aligned with Iran, may target Indian sectors such as power grids, telecom networks, banking systems, and government services in retaliation for regional geopolitical tensions.
On Saturday, Israel executed what has been described as the largest cyberattack in history against Iran, causing a near-total internet blackout and disrupting government services, media, energy, and aviation. The attack coincided with the compromise of BadeSaba Calendar, a widely used Iranian prayer app with over 5 million users, which was hijacked to send push notifications urging surrender during joint US-Israeli airstrikes in Tehran.
Indian cybersecurity firms, including PwC and CloudSEK, have issued advisories anticipating increased risks of distributed denial-of-service (DDoS) attacks, phishing campaigns, ransomware, and credential-based intrusions. Experts note that cyber warfare often precedes physical conflict, with misinformation, espionage, and intelligence-gathering serving as early indicators of broader aggression.
India has faced similar threats before, including during Operation Sindoor and the 2025 India-Pakistan tensions, when foreign hacker groups such as Moroccan Soldiers, Team R70 (Russia), Lulzsec Arabs, and Islamic Hacker Army targeted government and private sector digital infrastructure. The current escalation in the Middle East suggests a renewed wave of cyber threats, with Indian firms on high alert to mitigate potential disruptions.
Badesaba | بادصبا cybersecurity rating report: https://www.rankiteo.com/company/badesaba
National Iranian Oil Company cybersecurity rating report: https://www.rankiteo.com/company/national-iranian-oil-company
Israel Police - Cyber crime unit cybersecurity rating report: https://www.rankiteo.com/company/israel-police---cyber-crime-unit
"id": "BADNATISR1772454636",
"linkid": "badesaba, national-iranian-oil-company, israel-police---cyber-crime-unit",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Public Sector',
'location': 'Iran',
'name': 'Iran Government',
'type': 'Government'},
{'customers_affected': '5 million users',
'industry': 'Technology',
'location': 'Iran',
'name': 'BadeSaba Calendar',
'type': 'Mobile Application'},
{'industry': ['Energy',
'Telecom',
'Banking',
'Government'],
'location': 'India',
'name': 'Indian Critical Infrastructure',
'type': 'Multiple Sectors'}],
'attack_vector': ['Internet Blackout',
'App Hijacking',
'Push Notifications',
'Misinformation'],
'description': 'Recent cyberattacks in the Middle East, including a historic '
'offensive by Israel against Iran, have heightened concerns '
'about potential spillover threats to India’s critical '
'infrastructure. State-backed and hacktivist groups aligned '
'with Iran may target Indian sectors such as power grids, '
'telecom networks, banking systems, and government services in '
'retaliation for regional geopolitical tensions. Israel '
'executed a large-scale cyberattack against Iran, causing a '
'near-total internet blackout and disrupting government '
'services, media, energy, and aviation. The BadeSaba Calendar '
'app was compromised to send push notifications urging '
'surrender during joint US-Israeli airstrikes in Tehran. '
'Indian cybersecurity firms anticipate increased risks of DDoS '
'attacks, phishing campaigns, ransomware, and credential-based '
'intrusions.',
'impact': {'downtime': 'Near-total internet blackout',
'operational_impact': 'Disruption of government services, media, '
'energy, and aviation in Iran',
'systems_affected': ['Government services',
'Media',
'Energy',
'Aviation',
'Power grids',
'Telecom networks',
'Banking systems']},
'lessons_learned': 'Cyber warfare often precedes physical conflict, with '
'misinformation, espionage, and intelligence-gathering '
'serving as early indicators of broader aggression.',
'motivation': ['Geopolitical retaliation',
'Espionage',
'Intelligence-gathering',
'Misinformation'],
'recommendations': 'Indian firms should enhance monitoring and mitigation '
'strategies to address potential DDoS, phishing, '
'ransomware, and credential-based threats.',
'references': [{'source': 'PwC Advisory'}, {'source': 'CloudSEK Advisory'}],
'response': {'enhanced_monitoring': 'High alert by Indian cybersecurity firms '
'(PwC, CloudSEK)'},
'stakeholder_advisories': 'Indian cybersecurity firms (PwC, CloudSEK) have '
'issued advisories anticipating increased risks.',
'threat_actor': ['State-backed groups (Israel, Iran)',
'Hacktivist groups (Moroccan Soldiers, Team R70, Lulzsec '
'Arabs, Islamic Hacker Army)'],
'title': 'Cyber Espionage and Hacktivism Escalation in Middle East with '
'Potential Spillover to India’s Critical Infrastructure',
'type': ['Cyber Espionage',
'Hacktivism',
'DDoS',
'Phishing',
'Ransomware',
'Credential-based Intrusions']}