Indian Cyber Force
Indian Cyber Force '' is a hacktivist group based in India that conducts politically motivated cyberattacks against entities including countries in problematic relations with India. Countries targeted by the group in the past include Canada, Pakistan, China, Palestine, Qatar, Maldives and Bangladesh with Pakistan being the most targeted country. Some attacks are accused to be motivated by Hindu nationalism and anti-Muslim sentiment. The group has been described as pro-India and pro-Israel.
ICF attacked the website of Canadian Armed Forces in 2023 following which, Canada's Communications Security Establishment listed India as a "cyber threat" in October 2024. The group has leaked data of about 270,000 Bangladeshi citizens in 2023. It has attacked the websites of Hamas, Palestinian National Bank and Palestinian Telecommunication Company following October 7 attacks. Following Pahalgam attack, the group claimed data leaks of multiple Pakistani entities including Habib Bank Limited, University of Balochistan, Sindh Police and Federal Board of Revenue.
Webz.io, a Web intelligence firm, named Indian Cyber Force in its list of 5 most active hacktivist groups of 2024. Zone-H archive has 43 records of website defacements by the group while Zone-Xsec has 177 records. As of May 2025, the group had over 30,000 followers on Twitter. Louis Hur, the CEO of Singapore-based threat intelligence platform StealthMole alleged in a social media post that as per StealthMole's data, about 23% of Indian Cyber Force's members are associated with Indian government-linked entities and speculated the group of likely being state-backed. However the group's Twitter profile calls itself "Non-Governmental".
Attacks
2023
Bangladesh Data Leak
On March 17, 2023, Indian Cyber Force compromised Bangladesh's Cox's Bazar police's server and leaked data of about 270,000 Bangladeshi citizens. On March 28, Khulna Metropolitan Police was also attacked.Retaliatory Cyberattacks amid G20 Summit
On September 9, 2023, CloudSEK, an India-based threat intelligence platform, disclosed that hacktivist groups from Pakistan and Indonesia were planning cyberattacks targeting India during the country's hosting of the G20 Summit. Indian hacktivist groups, including ICF, announced plans for cyberattacks in retaliation. ICF reportedly compromised 100 websites and identified over 15 vulnerabilities in government websites. The group gained attention for targeting the domain of Indonesia's Kopassus military unit, making it inaccessible. Additionally, ICF took down the Indonesian Embassy's website, which remained offline for around 35 minutes.#OpCanada
In September 2023, Indian Cyber Force launched a cyberattack operation titled "#OpCanada" following Canadian Prime Minister Justin Trudeau's allegation to the Indian government of being involved in the killing of the Khalistani leader Hardeep Singh Nijjar and a diplomatic row between India and Canada following it. They had attacked the websites of Canadian Armed Forces and Canadian military via DDoS attacks which remained unavailable for two hours. Other websites targeted with DDoS attacks include that of the House of Commons, Elections Canada. Multiple websites belonging to restaurants and medical clinics in Canada were defaced. The defaced websites displayed a message on a dark background with a Matrix digital rain while a music played in background. The website of Ottawa Hospital was attacked which faced a temporary outage. In response to the cyberattack, Canada's Communications Security Establishment listed India as a "cyber threat" in October 2024.Cyberattack on Palestine following October 7 Attack
Following the October 7 attacks, Indian Cyber Force launched attacks against Palestinian entities including Palestinian National Bank, Palestinian Telecommunication Company, Hamas and "webmail.gov.ps"''. Reportedly they also gained unauthorized access into more than 200 networking devices belonging to schools, hospitals and other institutions in Palestine.Qatar Cyberattack
In November 2023, the group launched a series of cyberattacks against Qatar, motivated by the country's decision to sentence eight former Indian Navy officers to death in an espionage case. Reportedly, ICF accessed and exposed account details associated with Qatar, gained unauthorized access into multiple IP cameras and web servers, took down by DDoS attacks for a duration of 2 hours as well as the website of Al Anees, a shopping store in Qatar. Website of a shopping store "oasis.qa" was defaced.Pakistan Police IP Camera Hack
In November 2023, ICF breached Pakistan Police's IP camera network and revealed compromised IP address and login credentials on their social media channels. The camera footage viewed through the IP address showed five people in uniform, working on computers.2024
Maldives Cyberattack
In January 2024, amid the India–Maldives diplomatic row, ICF targeted several Maldivian institutions with cyberattacks. Ministry of Homeland Security and Technology's official website was defaced with a dark background and a message conveying Maldives' alleged "ungratefulness" despite help from India in the past. The website of Maldivian Juvenile Court and the Facebook page of Auditor General's Office were also hackedPakistan IP Cameras Hack
In June 2024, ICF claimed to have hacked more than 150 IP cameras belonging to entities including National Bank of Pakistan, Zeen and other private organizations. They released video footage of the breached cameras on their Twitter handle.Bangladesh ISP Hacks
In August 2024, ICF launched cyberattacks against Bangladesh and released videos claiming to have gained access to the network monitoring dashboard of Grameenphone and other internet service providers.2025
Savar Municipality Website Defacement
On March 18, 2025, Bangladesh's Savar Municipality's website was defaced by the group. The defaced page displayed the following text:You vile Bangladeshi & Pakistani; terrorists, your acts of terror stain our world with innocent blood. Your cowardice and malice will not prevail. Justice will find you and end your reign of terror. These courageous soldiers stand tall, they fight valiantly, they rise to the challenge, and sadly, some even lay down their lives for our nation. It's vital that we all stand up for our country, embrace our pride, culture, and traditions, and work together to defeat these cowardly terrorists. Protecting our homeland is more crucial now than ever before, and it's time to stay alert and determined. Together, we can help our nation rise up and overcome these challenges.
Hacktivism following Pahalgam Attack
In April 2025, following Pahalgam attack, ICF claimed to have breached the internal systems of Pakistan's Habib Bank Limited and extracted HR related data which includes employee records, bank account details, education history, salaries and internal documents. A sample file, sized 6.6 MB, was shared as proof on their Telegram channel. They have also claimed database breaches of Euro Oil, AJK Supreme Court, University of Balochistan, Wada Call Agency and Sindh Police.On May 6, the group compromised more than 1000 IP cameras across Pakistan and shared clips from the camera feeds on their Twitter handle. Additionally they breached Islamia University of Bahawalpur and leaked a 38.2 MB archive file containing records of over 150,000 students including CNICs, passwords, residential addresses. News9, a subsidiary of TV9 Network conducted an investigation of the leaked data and claimed that most of it was found to be authentic, however some older records that dated between 2021 and 2024 were also discovered.
On May 9, the group leaked 150 gigabytes of data allegedly belonging to Pakistan's Federal Board of Revenue IRIS portal. The leaked data contained CNICs, names, phone numbers, addresses and tax records.
Reception
In October 2023, the Computer Emergency Response Team of Europe published its "" containing mention to Indian Cyber Force:Indian Cyber Force allegedly disrupted access to Palestinian entities, including a Hamas website, a telecommunication company, a bank, a government e-mail service, a transportation entity, and an ecommerce websiteA member of cybersecurity team at Equinix, Will Thomas, said to the Wired (magazine):
The Indian cyber force actually claimed to DDoS hamas.ps and webmail.gov.ps'On 23 October 2024, Le Monde, a French daily newspaper, published an article titled "The new era of hacktivism" containing mention to Indian Cyber Force:
NoName057, Anonymous Sudan, Philippines Exodus Security, Indian Cyber Force''': It has become hard to make sense of the jungle of names that have proliferated, particularly on the messaging platform Telegram.