New Delhi has become the focal point of escalating cyber warfare, with cybersecurity experts uncovering sophisticated operations orchestrated from Pakistan targeting Indian government institutions. In a startling revelation, Zscaler ThreatLabs identified two major campaigns dubbed ‘Gopher Strike’ and ‘Sheet Attack’ back in September 2025. These attacks employed novel techniques never seen before, marking a dangerous evolution in state-sponsored cyber espionage.
Researchers Sudeep Singh and Yin Hong Chang detailed how these operations bear similarities to the notorious APT36 group, known for Pakistan affiliations, but with medium confidence, they suspect involvement of a new subgroup or parallel entity. The campaigns showcase attackers’ ingenuity in evading detection and maximizing impact on high-value targets.
In the ‘Sheet Attack,’ perpetrators cleverly misused legitimate Google Sheets, Firebase, and email services as command-and-control infrastructure. This abuse of trusted platforms allowed seamless communication with compromised systems while blending into normal traffic, making it exceptionally hard for traditional defenses to flag.
‘Gopher Strike’ relied on phishing emails distributing malicious PDFs. Victims encountered blurry images overlaid with deceptive pop-ups urging Adobe Acrobat Reader DC updates. Clicking the fake ‘Download and Install’ triggered an ISO image download—but only for requests from Indian IP addresses using Windows user-agents. This geo-targeted, OS-specific delivery bypassed automated analysis tools, ensuring malware reached intended recipients undetected.
Zscaler emphasized that server-side checks prevented security scanners from grabbing the ISO file, honing the attack’s precision. This month’s earlier reports also highlighted fresh Pakistani hacker initiatives spying on Indian universities and government bodies via spyware and malware to extract sensitive data.
As digital borders blur, India’s cybersecurity apparatus faces unprecedented threats. Experts urge immediate bolstering of defenses, employee training, and international collaboration to counter these shadowy incursions. The exposure serves as a wake-up call, underscoring the need for vigilance in an era where cyber weapons rival conventional arsenals.