Skip to content

Threat actors target Indian elections with data leaks, campaigns

  • by
  • 4 min read

Cyber crooks are targeting Indian general elections by orchestrating cyber-attacks and leaking personal identifiable information (PII) of Indian citizens on the dark web, raising concerns about the integrity and security of the election.

The general election, set to choose all 543 Lok Sabha members, has experienced a dramatic rise in cyber-attacks, nearly tripling after the #OpIsrael campaign began. This spike aligns with heightened online protests related to the Israel-Gaza conflict, the researchers at Resecurity noted.

Given India’s vast population of over 1.4 billion and its GDP surpassing $3.4 trillion, it has become an attractive target for foreign threat actors and nation-state groups.

Here’s a list of threat actors targeting Indian general elections, law enforcement, healthcare, financial institutions and the private sector in the country:

  • Anon Black Flag | Indonesia
  • Anonymous Bangladesh
  • Morocco Black Cyber Army
  • Toxcar Cyber Team
  • Islamic Cyber Team
  • Lulzsec Indonesia
  • Ketapang Grey Hat Team
  • Team Ahadun Ahad (2.0)
  • Bangladesh Dark Net
  • Nixon Cyber Team
  • Cyber Shield Force BD
  • UnitedSec-313
  • Sylhet Gang

According to the National Counterintelligence and Security Center, threat actors can target national elections in the following ways:

  • By targeting election infrastructure.
  • By targeting political parties, campaigns, and public officials.
  • By conducting covert influence operations to harm or assist political organisations and campaigns.
  • By conducting covert influence operations to sway public minds.
  • By conducting covert influence operations to influence policymakers.

These incidents, often precursors to more significant malicious activities, can be further amplified by foreign interference campaigns. The objective is to disrupt and manipulate public opinion, creating uncertainty about the election’s integrity.

The current geopolitical climate, marked by conflicts in the Middle East and Eastern Europe, underscores the importance of securing elections from cyber threats.

Leaked Voter ID cards

Source: Resecurity

Cyber security experts’ ongoing monitoring revealed multiple instances of leaked Voter ID cards on the dark web, primarily by the Ahadun-Ahad 2.0 Team. These leaks are likely linked to compromised third-party entities involved in KYC processes.

The primary aim is to create a narrative of election system insecurity affecting public trust. However, the leaked data often originates from identity theft incidents rather than vulnerabilities in the election systems.

As soon as the researchers came across this trove of data, they alerted Indian law enforcement and provided samples of the leaked data. The majority of the leaked documents, including Aadhaar, PAN, and driving licenses, were provided in graphic form, suggesting they were obtained from KYC systems.

According to cybersecurity experts, threat actors used malware such as Nexus, Medusa, Redline, Lumma, and Racoon to steal credentials.

Public opinion manipulation and influence campaign

Source: Resecurity

Furthermore, researchers observed several campaigns targeting Indian government leaders, including the Prime Minister. These campaigns combine data leaks, website defacements, and political narratives to undermine the public’s trust in the government.

The adversaries aim to create social conflict and blur attribution by operating under the guise of independent hacktivists.

False Flags

Source: Resecurity

In the current geopolitical scenarios, cyber threat actors are rapidly exploiting global trends. In Maldives, pro-India groups have launched cyber-attacks on key institutions, leveraging narratives to exaggerate problems and create tensions. Such activities might be conducted under a ‘false flag’ to amplify narratives for geopolitical gains.

Researchers conclude key Indian groups involved in that attack:

  • Black Dragon Sec
  • Team Blackdragonsec
  • Team NWH Security
  • Kerala Cyber Black Squad
  • Kerala Cyber Extractors
  • Team Anon One
  • Team ICP
  • Anonymous India
  • Unknown Cyber Cult
  • India Cyber Punk
  • Team NWH
  • All India Hackers
  • Network Nine
  • Black Dragon Sec
  • Dark Cyber Warrior
  • Glory Sec
  • Team Garuna

To address these risks, securing digital identity data and complying with data protection laws is essential. Strengthening cybersecurity measures and raising awareness can build voter trust and safeguard privacy.

With the general elections nearing the end, cybersecurity’s significance is paramount. Protecting the electoral process is critical for maintaining democracy. By enhancing security protocols and educating the public, India can protect its elections from cyber threats and uphold citizens’ trust.

In the News: Adobe introduces six tools for Lightroom; two are AI-powered

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: