Cybersecurity as Internal Security Threat

Public Section Preview

Cyber attacks on India's critical infrastructure represent a qualitatively new category of internal security threat.

AIIMS Delhi Ransomware Attack (November 2022)

Server systems brought down for 5 days
Patient data of potentially 3–4 crore patients exposed
Hospital operations severely disrupted — appointments, billing, lab reports switched to manual
Suspected: Chinese state-sponsored APT group
Highlighted vulnerability of healthcare critical infrastructure

Power Grid Attacks

Recorded Future (US cybersecurity firm) documented Chinese APT intrusions into India's Northern Grid and Western Grid control systems during Galwan confrontation period (2020)
Power Ministry denied major breaches but acknowledged suspicious activity
Mumbai power outage (October 2020) possibly linked (Maharashtra government commissioned inquiry)

Banking System Attacks

Cosmos Bank, Pune (2018): Hackers stole ₹94 crore through ATM network hack across 28 countries in 7 hours
Multiple UPI-related frauds reported across the system
RBI mandated banks to report cyber incidents within 6 hours (CERT-In 2022 directive)

India faces persistent cyber threats from three primary state actor sources:

Chinese APTs (Advanced Persistent Threat groups)

APT41 (also known as Winnti Group): Targeted Indian defence, telecom, pharmaceutical sectors
Operation since 2012–present; espionage + financial crime
Post-Galwan (2020): Increased cyber activity targeting India

Pakistani APTs

Transparent Tribe (APT36): Spear-phishing campaigns targeting Indian military, government officials
SideCopy: Mimics Sidewinder; targets Indian defence and government

Non-State Actors