Profiling Hacktivist Groups,Alliances and Capabilities
Beyond the noise, capability vs influence
Following the escalating military tensions between India and Pakistan there has been a surge in Hacktivist groups activity, from new groups surfacing to new collectives and alliances being formed.
I have been tracking some of them, pretty much following every of the mentioned channels update to try and map the current situation and active alliances.
Since politacaly motivated actors usually follow the latest conflict and ‘injustice’, many of the groups I’ll mention are operating and targeting other regions as well.
Pro Palestinian / Pro Islamic (anti India)
The majority of the Groups are mainly aligned with Pro Palestinian / Pro Islamic (anti Western) agendas and have also started targeting India through alliances mainly with the collective AnonSec.
AnonSec
TG : t,me/+wP33Q9NXAURlMzNk
Subs : 968
AnonSec is an English speaking collective that serves as a main hub for several alliances and groups often coordinating attacks between groups. They mainly attack using DDoS and deface websites mainly linked to organizations in India.
Mr Hamza
TG : @mrhamzaofficiel
Subs : 696
First entry in the list is Mr Hamza. Active since at least August 2024, increased activity following the one year anniversary of Hamas attack against Israel. They mainly conduct DDoS attacks and leak data.
Targeting mainly organizations and entities that are aligned with Israel, India or NATO. Latest attacks have been against Brazil, India, US, Spain, Algeria, Germany.
Sylhet Gang-SG
TG : @SylhetGangSG1
Subs: 11K
Next, SylhetGang, active around Sept 2023, they mainly perform DDoS attacks, web defacements and breaches. Based on their TG channel they have been targeting government, critical infrastructure and financial institutions in Israel, UK, UA, India & US.
They have been associated with KillNet a pro Russian hacktivist group but have also announced their alliance with Anon Sec one of the biggest alliances actively targeting India.
This is just one case that outlines how blured the lines can get when talking about hacktivist groups and alliances.
The Anonymous 71
Active since around July 2024, this one is positioned a little stronger towards the anti India movement while also supporting pro Islamic and pro Bangladesh groups and operations. Like the rest, they are involved in defacements, leaking account credentials and DDoS attacks. Around April 15 Websec announced that it had merged with Anonymous 71
ERROR T4U51F
@ERROR_T4U51F
Subs : 33
The group supports Palestine also promoting anti India agenda. They have seen performing hacks and web defacement on Indian entities.
Garuda Error System
TG: @GarudaHacktivis
Subs : 27
A pro Indonesia group closely working with other pro Islamic groups that started launching attacks against India in May 2025. Similar to other groups, they focus on database breaches and leaks.
Additional targets include Bangladesh and Cambodia.
Dark Cyber Gank
Another pro Islamic english speaking group with recent announcements about their alliance with other similarly alligned collectives like Anonymous Jordan and AnonSec.
Nation of Saviors
TG : t,me/+XEIlTs24j9AwMGQ0
Subs : 969
Anti Israel, pr Islamic and anti Indian, mixed speaking group with multiple alliances, notably AnonSec. They are targeting Indian public and private sector and have claimed an attack against the Indian Air Force. Additional targets include Saudi Arabia, US, Bangladesh.
Pro India
There is one group I found that is supporting India and pushing pro-India naratives and operations, targeting mainly Pakistani entities.
India Cyber Force
X : x,com/CyberForceX
Followers : 30K
An English speaking group primarily targeting Pakistan. Following their X account indicates that they are a little more sophisticated than other groups, not focusing solely on DDoS attacks but also claiming breaches in Pakistani security systems in industrial zones, schools/unis, banks and ATMs. Couldn’t find any recent alliances or merges so for now I would say they operate as a standalone entity.
Analysis & Closing Thoughts
What I found interesting are the attacks beyond the typical DDoS noise. Groups like India Cyber Force stand out with a 30K following on X but also claiming actual system breaches in Pakistani infrastructure, banks, industrial zones, and ATMs.
This suggests they've either developed more sophisticated capabilities or are better at intel gathering and targeting than some of the other groups.
Also, as you can see, high sub/follower numbers don't always correlate with technical capability. Sylhet Gang's 11K subscribers might reflect good propaganda rather than actual skill. Smaller groups like Garuda Error System (27 subscribers) are still claiming database breaches, suggesting either lower barriers to entry or hidden capabilities that don't match their social media presence.
On the other hand, follower counts do matter for influence operations and recruitment. Groups with larger audiences can amplify their impact beyond just the technical damage they cause (running psyops alongside cyber attacks).
I am certain that I have missed many groups and updates but that’s how this space works, it’s impossible to track everything all the time so this is just a snapshot in time.
That’s all, hope you are all doing well.
Take care!
Notable Mentions (alliance with AnonSec)
Al-Qassam Brigades
X : @Al7Qassam
Electronic Army Special Forces
TG : @Anonymous_VNLBN - banned
SpidrXXX
TG : t,me/+rf1n2gxSPRM0NjE0
Subs : 13K
Arab Ghosts Hackers (renamed ‘Ghosts of Gaza’)
TG : @ArabGhostsHackers
Ghosts of Gaza
TG : @gostsofgaza
Subs : 36
Pakistani Leet Hackers
X : @Team_insane_pk1
Followers : 650