Indian Cyber Force (ICF) is an India-based hacktivist group described in the content as founded in 2022 and conducting politically motivated cyberattacks. It is characterized as pro-India and, in multiple cited contexts, pro-Israel. Reported aliases in the content include Indian Cyber Force and ICF. The group publicly describes itself as “Non-Governmental,” although one cited source speculated about possible links to Indian government-linked entities; that linkage is not established in the content. The content attributes to Indian Cyber Force operations involving DDoS attacks, website defacement, data breaches, credential exposure, unauthorized server access, spear phishing, ransomware, social engineering, persistence operations exploiting backdoor vulnerabilities, and compromises of IP camera/CCTV and other networked devices. The group is described as publicly communicating claims and motivations through X/Twitter and Telegram. Targets mentioned in the content include Pakistan, Qatar, Palestine, Canada, Bangladesh, Maldives, China, Indonesia, and Iran-linked or pro-Iran assets. Pakistan is described as its most targeted country. Reported targets include Pakistani government, banking, university, logistics, transport, police, and tax-related systems; Palestinian entities including Hamas-related assets, Palestine National Bank, Palestinian Telecommunication Company, and webmail.gov.ps; Canadian Armed Forces and other Canadian government sites; Qatari servers, websites, CCTV/web servers, and an eCommerce portal; Bangladeshi police and municipal targets; Maldivian government websites and social media; and pro-Iran Telegram channels plus Pakistani and Iranian websites. Specific activity directly mentioned in the content includes claimed attacks on Qatar in November 2023 after a Qatari court sentenced eight former Indian Navy officers to death; claimed attacks on Palestinian targets after the October 7 Israel-Hamas war, including the Hamas website and more than 200 Palestinian network devices; #OpCanada activity tied to diplomatic tensions with Canada; defacements and hacks against Maldives targets during the India-Maldives row; repeated compromises of Pakistani IP cameras and claimed breaches of Habib Bank Limited, Islamia University of Bahawalpur, and Pakistan’s Federal Board of Revenue IRIS portal during 2025; and activity during Operation Sindoor, where Indian Cyber Force was described as among the most active pro-India groups. The content also notes third-party references to the group, including CERT-EU mentioning alleged disruptions of Palestinian entities and Webz.io listing Indian Cyber Force among the most active hacktivist groups of 2024.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Sectors the actor has been observed targeting.
Geographies tied to known operations.
Attributed origin per open-source reporting.
7 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Pro-Israel hacktivist group targeting pro-Iran channels and defacing Pakistani and Iranian websites in solidarity operations.
Pro-India hacktivist group that claimed breaches of Pakistani government, banking, university, and surveillance systems during Operation Sindoor.
Pro-India (and described as pro-Israel) hacktivist collective conducting politically motivated operations including DDoS, website defacements, and data leaks/breaches; also claims compromises of IP camera networks and other networked devices, often in response to geopolitical events involving India (e.g., Canada diplomatic row, Israel-Hamas conflict, India–Maldives row, India–Pakistan tensions).
Hacktivist-style cyber operations targeting Qatar, Canada, Palestinian entities, and Hamas-linked targets, including claimed unauthorized server access, credential leaks, website defacements, DDoS attacks, and compromise of CCTV web servers and network devices.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.