Prophet row: International hackers launch series of cyber attacks on India against Nupur Sharma’s statement

Following recent remarks by suspended BJP spokesperson, Nupur Sharma, about Prophet Muhammad, the Malaysia-based hacktivist group DragonForce has launched a series of cyber attacks against the Indian government. Sharma made some remarks about Prophet Muhammad during a panel discussion about the Gyanvapi Mosque survey, hosted by a television news channel, which offended many people around the world. Soon after, she apologised on Twitter.

The hacking group has launched a campaign OpsPatuk which translates to “strike back”, against the Indian government. It is also seeking help from “Muslim Hackers From All Over The World, Human Rights Organizations, and Activists (sic)”.

Religiously and politically motivated campaigns, such as OpsPatuk, can result in a breach of some sensitive government websites containing Personal Identifiable Information (PII), military operations, and other government secrets, which, in the wrong hands, can enable targeted attacks on the country and its citizens.

Cyber experts predict that the intensity and volume of such attacks on Indian entities are only going to increase, and the government and enterprises should ensure adequate safety measures to secure their digital properties.

Series of cyber attacks

In its research on June 10, Bengaluru-based cyber security firm, CloudSEK, discovered a tweet posted by a Malaysian hacktivist group known as DragonForce, calling for attacks on Indian government websites by Muslim hackers all over the world.

According to CloudSEK researchers, the primary goal of the attack was to retaliate against the Indian government for the controversial comments made about Prophet Muhammad by Nupur Sharma. To enable their allies to launch attacks, the group shared Indian users’ social media credentials, particularly Facebook access and leading bank username and password combinations.

During the detailed investigation, CloudSEK discovered multiple threat actors participating in this operation and hacking various Indian websites.

Scale of attack

The group has also shared evidence that they have hacked Indian government websites, such as,,, and, and others.

The organisation has published a list of websites that supporters and allies are encouraged to attack. This includes private Indian websites as well as many Indian government websites, such as those of logistics and supply-chain companies, educational institutions, technology and software companies, and web hosting providers.

What is DragonForce?

This cyber call-to-arms is the work of DragonForce Malaysia, a pro-Palestinian hacktivist group based in the country. This organisation owns and operates a forum where it posts announcements and discusses its most recent actions. The group also has Instagram and Facebook profiles, as well as numerous Telegram channels. The gang has been running frequent recruitment and promotion efforts using Tiktok and Instagram reels. Over 2.4 million people have viewed the posts calling for action against the Indian government.

DragonForce has previously been associated with Malaysian or Pakistani groups such as Revolution Pakistan, RileksCrew, T3DimensionMalaysia, UnitedMuslimCyberArmy, CodeNewbie, PhantomCrews, LocalhostMalaysia, HarimauMalayaCyberArmy, and GroupTempurRakyatMalaysia. This operation has a high chance of gaining more support and attention from hacktivists around the world.

The solution?

According to Darshit Ashara, Principal Threat Researcher, CloudSEK, the Indian government and private organisations must take this campaign seriously, and nip these threat actors’ advances in the bud.

“As we have seen during the Russia-Ukraine conflict, hacktivists are persistent and resourceful. So, it’s imperative for the Indian government and private organisations to take this campaign seriously. We need to start by nullifying the low-hanging fruit that threat actors typically use as initial vectors to initiate attacks. This includes malware logs, misconfigured applications, default passwords, unpatched or outdated servers and other assets, and previously leaked databases being sold on the dark web,” says Darshit Ashara, commenting on the campaign.

Source : India Today

Notice : The source URLs cited in the news/article might be only valid on the date the news/article was published. Most of them may become invalid from a day to a few months later. When a URL fails to work, you may go to the top level of the sources website and search for the news/article.

Disclaimer : The news/article published are collected from various sources and responsibility of news/article lies solely on the source itself. Hindu Janajagruti Samiti (HJS) or its website is not in anyway connected nor it is responsible for the news/article content presented here. ​Opinions expressed in this article are the authors personal opinions. Information, facts or opinions shared by the Author do not reflect the views of HJS and HJS is not responsible or liable for the same. The Author is responsible for accuracy, completeness, suitability and validity of any information in this article. ​