India's Running Sophisticated Cyber Operations Against Its Cricket Partners

India-linked hackers targeted Pakistan's nuclear regulatory authority, Bangladesh's power grid, and Sri Lankan telecoms in a year-long campaign that wrapped up in early 2026.

The operation hit government agencies and critical infrastructure across three democracies. Most of the world has no idea it happened.

Everyone's watching Russia hack the West and China breach US networks. Meanwhile, India's quietly running sophisticated cyber operations against countries it trades with, plays cricket with, and shares thousands of miles of borders with.

Welcome to the emerging pattern of friendly-fire cyber warfare.

The Campaign Nobody Outside South Asia Saw

Arctic Wolf researchers identified the India-linked APT group "SloppyLemming" (also tracked as Outrider Tiger and Fishing Elephant) running the campaign from January 2025 through early 2026.

The target list reads like a South Asian security nightmare.

Pakistan: Nuclear Regulatory Authority, Pakistan Navy, DESCON.

Bangladesh: Power Grid Company, telecom operators, financial institutions.

Sri Lanka: Government agencies, telecoms, technology firms.

These aren't random targets. They're the infrastructure that keeps countries running.

The campaign used two attack chains. One exploited web servers to deliver malware. The other used phishing emails with malicious attachments that triggered backdoor access.

Both worked.

India Built This Capability on Purpose

India doesn't usually make the "hacker state" conversation. That narrative belongs to Russia, China, North Korea, and Iran.

But India's been building offensive cyber capabilities since 2019, when it formed the Defence Cyber Agency (DCyA).

The agency's stated mission: hack into networks, mount surveillance operations, break into encrypted communications, and recover deleted data from hard drives and cellphones.

According to Carnegie's assessment of India's cyber statecraft, the country has "focused on developing cyber capabilities for intelligence collection, defensive, and offensive operations."

Translation: India's not just defending its networks. It's actively penetrating others.

The DCyA works alongside Research and Analysis Wing (RAW), India's external intelligence agency, and the National Technical Research Organisation (NTRO) for signals intelligence.

India unveiled its Joint Doctrine for Cyberspace Operations in June 2024, integrating cyber capabilities across all three military services.

This isn't improvised. It's strategy.

The Context: Two Nuclear Powers Hacking Each Other

India and Pakistan have fought four wars since 1947. They've both got nuclear weapons. And now they're both running active cyber campaigns against each other.

Pakistan-linked APT36 (Transparent Tribe) targets Indian government bodies, military organizations, and universities. India's SloppyLemming and Sidewinder groups hit Pakistani infrastructure.

After India's kinetic strikes during Operation Sindoor in May 2025 (responding to a terrorist attack in Pahalgam), cyberattacks from both sides surged.

Pakistan launched over 1.5 million cyberattacks targeting Indian critical infrastructure. India's state cyber agency identified seven Advanced Persistent Threat groups behind the campaign.

Only about 150 succeeded. But the volume shows intent.

Bangladesh and Sri Lanka aren't nuclear powers. They're not locked in a decades-long military standoff with India. But they're still getting hit.

Why? Because they're neighbors. Because India wants intelligence. Because cyber operations don't stop at official enemies.

The Friendly-Fire Problem

Here's what makes this different from the usual Russia-hacks-US narrative.

India, Pakistan, Bangladesh, and Sri Lanka are all democracies (with varying degrees of backsliding, but still). They're all members of regional trade agreements. They play cricket together in tournaments watched by billions.

And they're hacking each other's nuclear authorities and power grids.

This is friendly-fire cyber warfare. Not between allies exactly, but between countries that share borders, trade routes, cultural ties, and diplomatic channels.

It's the emerging pattern nobody's naming yet.

China hacks Southeast Asian neighbors. The US surveils European allies. Israel penetrates friendly Arab states. Every country with cyber capability uses it against countries it officially cooperates with.

But we don't talk about it that way. We talk about adversaries. We talk about great power competition. We frame it as Us vs. Them.

What happens when "them" is the country you just signed a trade deal with? When it's the neighbor you're negotiating water-sharing agreements with?

Cyber operations make every relationship adversarial by default.

Why This Matters Beyond South Asia

The SloppyLemming campaign reveals a global blind spot.

Western media obsesses over Russian interference and Chinese espionage because those target Western countries. When India runs a sophisticated multi-country cyber operation, it barely registers.

But here's what the silence misses:

First, offensive cyber capabilities are spreading faster than anyone admits. India isn't alone. Vietnam runs operations. Indonesia's building capacity. Every mid-tier power with a tech sector is developing these tools. Second, there's no clear line between espionage and pre-positioning for sabotage. Infiltrating a power grid to steal intelligence looks identical to infiltrating it to shut it down later. Third, democracies hacking democracies sets a dangerous norm. If India can justify targeting Bangladesh's critical infrastructure, what stops every regional power from doing the same?

The Stimson Center's analysis warns that India and Pakistan need to establish cyber hotlines, commit to non-proliferation of intrusive cyber tools to non-state groups, and institutionalize attribution processes.

So far: silence.

The Attribution Gap

Proving who's behind a cyberattack is notoriously hard. IP addresses get spoofed. Operations route through third countries. Attribution takes months or years.

But the India-Pakistan-Bangladesh-Sri Lanka campaigns keep getting attributed to the same groups using the same infrastructure over years.

SloppyLemming has operated since at least 2022. Sidewinder and Patchwork (both India-linked) have been active for over a decade. Pakistan's APT36 dates back to at least 2016.

These aren't one-off hacktivist stunts. They're sustained, state-backed intelligence operations.

And they're happening in a region with 1.9 billion people, nuclear weapons, disputed borders, and a history of going to war over territorial conflicts.

Cyber warfare between South Asian neighbors isn't theoretical. It's ongoing. It's escalating. And most of the world isn't paying attention.

What Comes Next

India's not stopping. Pakistan's not stopping. The capabilities are built. The targets are mapped. The operations are running.

Bangladesh just went through political upheaval in 2024. Sri Lanka's still recovering from economic collapse. Pakistan's navigating domestic instability and flooding from climate whiplash.

These aren't strong positions to defend critical infrastructure from state-sponsored hackers.

And here's the final twist: when these countries get hacked, they can't say much publicly without escalating tensions with a neighbor they need to cooperate with on everything from water rights to counter-terrorism.

So the hacking continues. The silence continues. And the rest of the world keeps watching Russia and China while ignoring the quiet cyber war being waged between countries that share cricket stadiums.

India just proved you don't need to be a global superpower to run sophisticated multi-country cyber espionage campaigns.

You just need neighbors with vulnerable infrastructure and a reason to want their secrets.

Turns out, everyone's got both.