Following suspended BJP spokesperson Nupur Sharma’s recent remarks about the Prophet Muhammad, Malaysia-based hacktivist group DragonForce has launched a series of cyberattacks against the Indian government. Sharma made some remarks about the Prophet Muhammad during a panel discussion on the Gyanvapi Mosque investigation hosted by a TV news channel, which offended many around the world. Shortly after, she apologized on Twitter.

The hacking group has launched an OpsPatuk campaign which translates to “counterattack”, against the Indian government. He is also seeking help from “worldwide Muslim hackers, human rights organizations and activists (sic)”.

A tweet screenshot of threat actor group DragonForce’s call to unite against India

Religiously and politically motivated campaigns, such as OpsPatuk, can lead to breaches of certain sensitive government websites containing personally identifiable information (PII), military operations and other government secrets, which, in the wrong hands, can allow targeted attacks against the country. and its citizens.

READ ALSO | Kuwait to deport expats who protested remarks against Prophet

Cyber ​​experts predict that the intensity and volume of these attacks against Indian entities will only increase, and the government and companies should ensure adequate security measures to secure their digital properties.


In its June 10 research, Bengaluru-based cybersecurity firm CloudSEK uncovered a tweet posted by a Malaysian hacktivist group known as DragonForce calling for attacks on Indian government websites by Muslim hackers. of the whole world.

READ ALSO | As outcry over prophet’s remark spreads to other countries, Taliban are now lecturing India on fanatics

According to CloudSEK researchers, the main purpose of the attack was to retaliate against the Indian government for the controversial comments made about the Prophet Muhammad by Nupur Sharma. To enable their allies to launch attacks, the group shared the credentials of Indian users on social media, in particular Facebook access and key bank username and password combinations. .

Leaked credentials for logging into social media accounts

During the detailed investigation, CloudSEK discovered several threat actors participating in this operation and hacking various Indian websites.


The group also shared evidence that it hacked Indian government websites, such as,,, and , and others.

The organization has published a list of websites that its supporters and allies are encouraged to attack. This includes private Indian websites as well as many Indian government websites, such as those of logistics and supply chain companies, educational institutions, technology and software companies, and hosting providers website.


This cyber call to arms is the work of DragonForce Malaysia, a pro-Palestinian hacktivist group based in the country. This organization owns and operates a forum where it posts announcements and discusses its most recent actions. The group also has Instagram and Facebook profiles, as well as numerous Telegram channels. The gang conducted frequent recruiting and promotion efforts using Tiktok and Instagram reels. More than 2.4 million people have seen the posts calling for action against the Indian government.

DragonForce has previously been associated with Malaysian or Pakistani groups such as Revolution Pakistan, RileksCrew, T3DimensionMalaysia, UnitedMuslimCyberArmy, CodeNewbie, PhantomCrews, LocalhostMalaysia, HarimauMalayaCyberArmy and GroupTempurRakyatMalaysia. This operation is likely to get more support and attention from hacktivists around the world.


According to Darshit Ashara, Senior Threat Researcher, CloudSEK, the Indian government and private organizations must take this campaign seriously and nip the advances of these threat actors in the bud.

“As we saw during the Russian-Ukrainian conflict, hacktivists are persistent and resourceful. It is therefore imperative that the Indian government and private organizations take this campaign seriously. We need to start by negating the low-hanging fruits that threat actors typically use as initial vectors to launch attacks. This includes malware logs, misconfigured applications, default passwords, unpatched or outdated servers and other assets, and previously leaked databases sold on the dark web,” says Darshit Ashara, commenting on the country.