On the afternoon of 18 February, a retired army officer received a seemingly innocuous mail. Sent by a serving and senior member of the army, and coming from a respectable ‘gov.in’ address, it was an invitation to a lunch in Delhi. The message was brief, even by military standards, with the details enclosed in an attachment linked within the email.

Unbeknownst to the retired officer, the link was a veritable Pandora’s box. When clicked, it downloaded an app containing an assortment of circulars and news related to the Indian army. That, however, was just an eyewash. Its true purpose was to unleash malware, which would course through the victim’s computer or phone, stealing everything from WhatsApp chats to SMSes and media files. This malware, if left unchecked, could stay on a target’s system indefinitely, constantly pilfering sensitive data. 

According to multiple sources working closely with one of the cyber incident response teams attached to the Ministry of Defence, the data was being transmitted to a command and control centre in the Netherlands—the source of the phishing attack. They told The Ken that hackers made use of the country’s many ‘bulletproof hosting’ services, which essentially allow hackers to securely host malicious content which can be used to carry out cyber attacks. These servers, which were paid for in Bitcoin, were accessed from Karachi, Pakistan.

While media reports have emerged emerged Hindustan Times Ex-defence personnel hit by phishing attack Read more claiming that only a few dozen retired army personnel were targeted, The Ken has learnt that hundreds of Indian army personnel—both serving and former—fell prey to the email. “The data copied included personal images, audio and call recordings, and PDF documents pertaining to troop movements,” say the sources quoted above. If the claim about leaked troop movement documents is true, it indicates that serving personnel were indeed targeted. The Ken put this claim to the Ministry of Defence, but received no response.

Phishing attacks—using fraudulent or manipulated messages to steal information—are nothing new. These attacks have found increased utility in espionage, with a number of countries using hackers to ferret out sensitive information from both rivals and allies.

In this case, hackers first compromised the email credentials of a serving officer and used it to send malware-laden emails to others. Coming from a high-ranked official and from an official ID, few suspected anything was amiss.

Guess who

According to a response in the Lok Sabha from the Ministry of Electronics and Information Technology (MeitY), cyber intrusions in the country could have links with Pakistan, China, North Korea, Russia, and the US, among others.


Pratap Vikram Singh

Pratap is based out of Delhi and covers policy and myriad intersections with the other sectors, most notably technology. He has worked with Governance Now for seven years, reporting on technology, telecom policy, and the social sector.

View Full Profile

Available exclusively to subscribers of The Ken India

This story is a part of The Ken India edition. Subscribe. Questions?


Annual Subscription

12-month access to 200+ stories, archive of 800+ stories from our India edition. Plus our premium newsletters, Beyond The First Order and The Nutgraf worth Rs. 99/month or $2/month each for free.

Rs. 2,750


Quarterly Subscription

3-month access to 60+ new stories with 3-months worth of archives from our India edition. Plus our premium newsletters, Beyond The First Order and The Nutgraf worth Rs. 99/month or $2/month each for free.

Rs. 1,750


Single Story

Instant access to this story for a year along with comment privileges.

Rs. 500


Annual Subscription

12-month access to 150+ stories from Southeast Asia.

$ 120


Quarterly Subscription

3-month access to 35+ stories from Southeast Asia.

$ 50


Single Story

Instant access to this story for a year along with comment privileges.

$ 20



What is The Ken?

The Ken is a subscription-only business journalism website and app that provides coverage across two editions - India and Southeast Asia.

What kind of stories do you write?

We publish sharp, original and reported stories on technology, business and healthcare. Our stories are forward-looking, analytical and directional — supported by data, visualisations and infographics.

We use language and narrative that is accessible to even lay readers. And we optimise for quality over quantity, every single time.

What do I get if I subscribe?

For subscribers of the India edition, we publish a new story every weekday, a premium daily newsletter, Beyond The First Order and a weekly newsletter - The Nutgraf.

For subscribers of the Southeast Asia edition, we publish a new story three days a week and a weekly newsletter, Strait Up.

The annual subscription will get you complete, exclusive access to our archive of previously published stories for your edition, along with access to our subscriber-only mobile apps, our premium comment sections, our newsletter archives and several other gifts and benefits.

Do I need to pay separately for your premium newsletters?

Nope. Paid, premium subscribers of The Ken get our newsletters delivered for free.

Does a subscription to the India edition grant me access to Southeast Asia stories? Or vice-versa?

Afraid not. Each edition is separate with its own subscription plan. The India edition publishes stories focused on India. The Southeast Asia edition is focused on Southeast Asia. We may occasionally cross-publish stories from one edition to the other.

Do you offer an all-access joint subscription for both editions?

Not yet. If you’d like to access both editions, you’ll have to purchase two subscriptions separately - one for India and the other for Southeast Asia.

Do you offer any discounts?

No. We have a zero discounts policy.

Is there a free trial I can opt for?

We don’t offer any trials, but you can sign up for a free account which will give you access to the weekly free story, our archive of free stories and summaries of the paid stories. You can stay on the free account as long as you’d like.

Do you offer refunds?

We allow you to sample our journalism for free before signing up, and after you do, we stand by its quality. But we do not offer refunds.

I am facing some trouble purchasing a subscription. What can I do?

Please write to us at [email protected] detailing the error or queries.