Pakistan-based intelligence operatives are targeting sensitive Indian installations and departments by sending malicious files through emails, according to a new circular issued by the government on February 7. Moneycontrol has reviewed the said circular.
"It has come to our notice that cyber attacks are being mounted by Pak (sic) intelligence operatives (PIOs) on various sensitive Indian installations/departments," said the circular by the Controller General of Defence Accounts.
The defence body that looks after the accounts of the Armed forces said that it was informed by reliable sources that intelligence operatives based out of Pakistan and other countries were persistently attempting to "ferret out strategic, sensitive and tactical information using pseudonymous calls as modus operandi".
"They have (now) stepped up efforts to mount cyber attacks on various sensitive installations/departments by sending malicious files through email. These files disguised as legitimate documents contain embedded malware," said the circular.
Spate of attacks
This circular comes at a time when Indian government establishments, including its critical infrastructure such as telecom, banking and other sectors have been routinely targeted by cyber attackers. In 2023, a ransomware attack on the All India Institute of Medical Sciences (AIIMS) crippled its entire digital infrastructure.
Since then, the Central government, through Ministry of Electronics and Information Technology, Ministry of Communciations, Ministry of Home Affairs, Ministry of Defence, and others have been grappling with this issue.
Most recently, the Indian Telecommunications Bill 2023, which replaced the more-than-a-century-old regulatory framework for the telecom sector, has made ample space for provisions on securing telecom networks from cyber attacks.
Through the bill, the central government will be empowered to establish rules for the protection and assurance of cybersecurity in telecommunication networks and services.
Similarly, recent reports also suggest that the government is expected to bring in the National Cybersecurity Reference Framework, through which the government may mandate private and government players to mandatorily use made-in-India cybersecurity products.
Meanwhile, this is also not the first such advisory/circular that the Controller General of Defence Accounts has issued on cybersecurity. Recently, the defence body flagged two loan apps, CASHe and Toop, claiming that these apps made it possible for foreign actors to harvest sensitive personal details of defence personnel.
Recently, the Ministry of Home Affairs, too issued directions on how to tackle honey trap and social engineering attacks on government employees, by suggesting that officials stay away "from unknown dating sites". 'Honey trapping' refers to the use of romantic or sexual relationships to get information out of a target.
The publication had also earlier reported how central government officials were receiving malware-laden emails disguised as recommendations on how to prevent honey trapping.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
![[Deeptech Digest] This startup quietly secured an airbase; its encryption now guards railways, laptops and more](https://images.moneycontrol.com/static-mcnews/2025/10/20251105054148_Pantherun.jpg?impolicy=website&width=168&height=118 "[Deeptech Digest] This startup quietly secured an airbase; its encryption now guards railways, laptops and more")
