The digital frontlines between India and Pakistan have heated up, with fresh intelligence exposing two Pakistan-linked cyber offensives against New Delhi’s institutions. Detected by Zscaler ThreatLabs in September 2025, ‘Gopher Strike’ and ‘Sheet Attack’ introduce cutting-edge methods that have left experts reevaluating threat landscapes.
Lead investigators Sudeep Singh and Yin Hong Chang note resemblances to APT36, Pakistan’s go-to cyber unit, yet assess with medium confidence that a novel subgroup or allied faction might be at play. Such overlaps highlight the evolving, interconnected nature of state-sponsored hacking ecosystems.
Delving into ‘Sheet Attack,’ the operation’s brilliance lies in leveraging Google Sheets, Firebase, and email protocols for covert command relays. This ‘living off the land’ approach exploits trusted infrastructures, rendering endpoint protections obsolete against stealthy persistence.
‘Gopher Strike’ unfolds through insidious phishing: Crafted PDFs feature hazy images prompting Acrobat updates. The payload—an ISO file—deploys only upon verification of Indian IP origins and Windows user-agents, artfully sidestepping automated sandboxes and researchers’ probes.
Zscaler’s breakdown reveals server-enforced geofencing, a tactic confining malware dissemination to precise demographics. Paralleling this, recent disclosures confirm Pakistani actors launching spyware assaults on Indian government and educational targets, harvesting intel with ruthless efficiency.
These incidents demand a strategic pivot for India’s cyber defenses. Policymakers must prioritize indigenous tools, real-time threat sharing, and workforce upskilling. On the international stage, they spotlight the urgency of norms governing cyber conduct amid rising interstate digital hostilities.