Fragile ceasefire and rising hybrid threats
This article is authored by Hriday Sarma, senior fellow, South Asia Democratic Forum, Brussels.
The recent ceasefire between India and Pakistan, declared on May 10, 2025, in the aftermath of the Pahalgam terror attack and subsequent Operation Sindoor, has ushered in a tenuous calm. However, this truce masks an evolving and complex conflict landscape marked by intermittent ceasefire violations and sophisticated hybrid warfare tactics that stretch beyond traditional battlefields.

What may appear to be de-escalation is, in fact, the onset of a new phase of the conflict--less visible, yet equally dangerous. The brief lull in hostilities has already been disrupted by multiple ceasefire violations along the Line of Control, particularly in the Rajouri and Poonch sectors. These incidents, reportedly involving mortar shelling and small arms fire by the Pakistan army, indicate that the ceasefire remains precarious. While both sides have refrained from formally acknowledging violations, local accounts and reports suggest a pattern of low-intensity engagements that challenge the ceasefire’s credibility on the ground.
More significantly, the confrontation has expanded into cyberspace and the information domain, marking a paradigm shift. Since May 11, Indian cyber agencies have reported over 1.5 million cyberattacks—not only from Pakistan but also from IP addresses traced to Bangladesh, Indonesia, Morocco, and parts of West Asia. A report titled Road of Sindoor, compiled by the Maharashtra cyber police and shared with key law enforcement bodies, attributes these attacks to Pakistan-linked hacking groups such as APT 36, Pakistan Cyber Force, and Mysterious Bangladesh, suggesting the emergence of a coordinated, transnational cyber warfare strategy.
These attacks, employing malware, Distributed Denial-of-Service (DDoS) tactics, and misinformation campaigns, constitute advanced persistent threats (APTs) and are multi-vector in nature. While many were neutralized, some succeeded in defacing websites and allegedly extracting data from key institutions. For instance, the Mizoram Public Service Commission’s portal was compromised, displaying messages glorifying Pakistan. Cybersecurity firms like SentinelOne and CrowdStrike have observed breaches exploiting vulnerabilities in South Asia and proxy networks across North Africa, West Asia, and North Korea, often employing tools like ShadowPad—a modular backdoor linked to suspected China-affiliated cyber-espionage groups. These attacks frequently use VPN chains and layered infrastructure to obscure their origin, underscoring the growing complexity of attribution and response in this diffuse, transnational threat environment.
Simultaneously, intelligence agencies have reported a surge in information warfare. Social media platforms, especially X (formerly Twitter), have witnessed coordinated inauthentic activity including hashtag campaigns, doctored images, and Artificial Intelligence (AI)-generated deepfakes targeting Indian military actions in Kashmir and the Northeast. Government sources in Delhi have linked many of these operations to bot networks previously associated with Pakistani influence campaigns. This psychological warfare appears aimed at influencing global perceptions, potentially affecting domestic morale and amplifying internal divisions--particularly during sensitive moments such as military funerals and regional protests.
Adding another layer of complexity is the deepening Chinese connection to Pakistan’s military posture. Defence analysts and satellite imagery confirm the deployment of Chinese-origin J-10C fighter jets armed with PL-15E beyond-visual-range missiles in the Skardu region. Though officially described as routine, their proximity to contested air corridors in Ladakh and Gilgit-Baltistan suggests strategic signalling. Open-source military trackers note that this may be the first time such assets have been stationed in high-altitude readiness since the 2020 Galwan clashes.
Turkey and Azerbaijan have also openly supported Pakistan amid the rising tensions. President Recep Tayyip Erdogan’s government continues to raise the Kashmir issue in international forums and extend diplomatic backing to Islamabad. Azerbaijan, closely aligned with Turkey through cultural and strategic ties, has also reinforced its relationship with Pakistan—strengthened during the 2020 Nagorno-Karabakh conflict where Pakistan offered military support. These alliances raise the prospect of material or strategic backing for Pakistan, adding a broader regional dimension to the current standoff.
India now faces a formidable challenge: How to respond to attacks that are neither clearly visible nor easily attributable. The war has shifted from terrain to networks, from troop deployments to data disruptions, from conventional battles to algorithmic influence. Defence strategists are urging a robust focus on military-grade cyber deterrence, State-level cybersecurity capacity building, and the development of a legal framework for transnational cyber attribution and response. Cross-sector coordination between military, civil defence, and private cybersecurity stakeholders has become not just necessary but urgent.
What is unfolding is not a post-war calm but a transition into War 2.0—--a state of continuous, low-intensity, multidomain conflict. While the guns may be temporarily silent, the digital battlefield is active, adaptive, and expanding. India’s challenge is no longer just winning conventional wars but fortifying its systems, institutions, and civil society against a war that rarely declares itself.
This article is authored by Hriday Sarma, senior fellow, South Asia Democratic Forum, Brussels.

E-Paper

