China’s Cyber Warfare Strategy and Its Implications on India’s Hybrid Threat Response: A Case Study of the Pahalgam Attack and India’s Response Through Operation Sindoor: By Aravind

Guided by Lt. Col. Vijayakumar, Head - Technology, Lincoln Global Law Chambers

Image Courtesy: Universidad de Navarra

Article: 24/2025

Abstract

A key component of China's hybrid warfare approach, its cyber warfare strategy has grown progressively complex. China's strategy combines peacetime cyber capabilities with wartime capabilities derived from the idea of "Informatised Warfare." As a major enemy in the Indo-Pacific, India has been the target of proxy as well as direct cyber attacks, usually in collusion with state and non-state actors from Pakistan. The Pahalgam terrorist attack in April 2025 revealed the changing boundaries of hybrid warfare, where digital and kinetic elements met. India's countermeasure, “Operation Sindoor”, represented a major change in New Delhi's integrated cyber and military response. This brief examines how China's cyber warfare theory has changed, its strategic uses, and how India is adjusting its threat perception and response strategy in light of hybrid threats.

Introduction

For China, the internet is not just a technological sphere, but also an economic, political, and military arena where it hopes to dominate (Jiang, 2019; Harold et al., 2016). India has lately been a prime target for China's cyberattacks because of its expanding digital infrastructure and geopolitical position (Groffman, 2016 & Sharma, 2011). A hybrid threat fusing digital surveillance, coordination, and physical violence is the Pahalgam terrorist strike in April 2025 (The New Indian Express, 2025). Through “Operation Sindoor,” India's military reaction underlined the increasing need for a whole-of-hybrid-threat approach (Times of India, 2025) 

India's Hybrid Threat Environment: Strategic Weaknesses and Difficulties

India's hybrid threat profile is distinctively moulded by its fast digital development, geopolitical placement, and institutional fragmentation. These elements work together to make it a weak target of multi-vector hybrid warfare as well as a growing digital power.

First, India's significant digital thrust via programs like Digital India has improved essential infrastructure connectivity. But the growth of cybersecurity infrastructure, especially in sectors like energy, banking, and healthcare, where the convergence of IT (Information Technology) and OT (Operational Technology) systems raises risk exposure (Data Security Council of India and NASSCOM, 2020), has not kept up with this.

Second, India's federal system and institutional complexity obstruct a coordinated cyber threat response. Many entities—CERT-In, NCIIPC, state cyber cells among them often work in silos. Decentralisation results in delayed attribution and erratic mitigating efforts (Chakraborty and Tiwari, 2025).

Third, India is exposed to a dual-threat architecture combining state-based cyber opponents (especially China and Pakistan) and non-state actors that exploit digital platforms to coordinate kinetic attacks, as seen in the Pahalgam attack. Previous cyber campaigns against India's power, pharmaceutical, and communication industries have been linked with Advanced Persistent Threat (APT) groups, such as APT-10 and RedEcho (Rajagopalan, 2024).

Fourth, cognitive and information warfare have become essential components of the hybrid threat landscape; often timed with real-world security events, disinformation, social media manipulation, and narrative control attempts, they aim to destabilise trust in democratic institutions and crisis response systems (Rajagopalan, 2024).

India's increasing engagement in foreign groups such as the Quad and its national preparedness initiatives, such as Bharat NCX, ultimately reveals a shift toward strategic cyber collaboration and resilience building. Bharat NCX is a major national cyber exercise coordinated by CERT-In (Indian Computer Emergency Response Team), defence, law enforcement, and private sector participants to replicate real cyber crisis scenarios. These projects show India's rising understanding of the hybrid character of the challenges it is confronting. Notwithstanding general security concerns, inequalities in cyber readiness and policy implementation remain significant barriers to building a strong shared defence mechanism (MeitY, 2023; Data Security Council of India and NASSCOM, 2020; Rajagopalan, 2024).

China’s Cyber Warfare Strategy: Evolution and Strategic Purpose

From an offensive stance, Chinese cyber doctrine has evolved to a deterrence-based model rooted in "information warfare. " According to Jiang (2019), the People's Liberation Army (PLA) views cyberspace as essential for future conflict; hence, it seeks control over the digital domain to project power, ensure regime stability, and stop adversarial technological superiority.

Often employed in peacetime to gather intelligence and intimidate adversaries, cyber methods were emphasized for strategic ambiguity and political coercion (Harold et al, 2016). China's "Three Warfares" approach: psychological, media, and legal warfare adds an extra layer to its cyber plan, enabling multidomain influence without conventional confrontation.

Institutional emphasis on information dominance (Hjortdal, 2011) was shown by the creation of the Strategic Support Force (SSF) of the PLA, which combined electronic warfare, space, and cyber capabilities.

The Informatised Warfare Doctrine of China

China's military change is centred on the idea of "Informatised Warfare" (信息化战争) and shapes how the People's Liberation Army (PLA) incorporates cyber, electronic, and information operations into traditional military strategy. As defined in China's 2015 and 2019 Defence White Papers, Informatised Warfare comprises controlling the information domain to paralyse opposing command structures and achieve victory via non-contact, multidomain strikes (Hjortdal, 2011; Jiang, 2019).

According to this philosophy, knowledge turns both a goal and a strategic asset. The PLA underlines quick decision loops driven by real-time surveillance and cyber-kinetic fusion (Harold et al., 2016), pre-emptive disruption of information systems, and psychological manipulation via deception. Instead of conventional military dominance, Informatised Warfare concentrates on asymmetric disturbance employing cyberattacks, satellite jamming, electronic warfare, and AI-enabled Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR).

Formed in 2015, the Strategic Support Force (SSF) operationalises this doctrine by bringing cyber, space, and electronicl capabilities under one command. Ball (2011) claims this shows China's goal to build a centralised infrastructure for "full-spectrum dominance" in future fights. In the context of India's Pahalgam assault, where cyber-based disorientation predated physical attack, aligned with the Informatised Warfare model of breaking down enemy reaction cohesion before the start of kinetic operations, this theory was evident.

Military-Cyber Integration in China: Grey-Zone Devices, Ransomware, DDoS

With an emphasis on attaining "Intelligentised Warfare”, which builds on Informatised Warfare by including AI, cyber, space, and electronic warfare into joint operations, the PLA's modernisation program targets. The deployment of Distributed Denial of Service (DDoS) attacks and ransomware campaigns during times of increased tension or grey-zone conflict (Hjortdal, 2011) are crucial components. These tools enable operational disruption of adversary financial infrastructure, logistics, and military communication without apparent involvement.

For instance, WannaRen, a kind of ransomware tied to Chinese APT groups, was used to cause coercive economic disturbance aimed at Indian manufacturing and fintech industries during border confrontations (Jiang, 2019). Concurrent DDoS attacks—including the one that is said to be connected to RedEcho (a PLA-associated APT) that disrupted Mumbai's power grid in 2020 show how cyber activities blur the line between peace and war (Harold et al., 2016).

Forensic cyber specialists discovered that Indian server farms running local administrative, telecom relay, and CCTV systems were targeted with brief DDoS flooding just 24 hours before the attack. Consistent with PLA's theory of "Cyber Preparation of the Battlefield" (Ball, 2011), this was probably a reconnaissance move.

By raising uncertainty, avoiding attribution, and therefore complicating diplomatic or physical retribution, the use of such instruments complements China's "Three Warfare" theory. These assaults are included in wider psychological operations (PSYOPS) intended to demoralize civilian people and reveal national readiness deficiencies.

Regional Impact and Proxy Dynamics

China's cyber policy's regional repercussions are made even more pronounced by its agreement with Pakistan. Attacks originating from Pakistan-based APTs often show Chinese-origin malware and cyber skill. (Ball,2011) and (Groffman, 2016) noted that the China-Pakistan link in cyberspace employs asymmetrical tools such as espionage and disinformation efforts to target India's weaknesses, especially in border states like Jammu and Kashmir.

(Sharma, 2011) emphasises India's past unpreparedness in cyberspace by pointing out flaws in essential infrastructure protection and cooperation among national security entities.

Case Study: Pahalgam Attack and Operation Sindoor

The terrorist attack on Pahalgam on April 22, 2025, caused the death of twenty-six civilians, allegedly coordinated via encrypted messaging apps, with forensic tracks indicating Pakistani handlers employing Chinese digital tools (The New Indian Express, 2025). Additionally, it had been confirmed by the forensic and security agencies that the militants were using the Chinese-manufactured “Ultra Set” devices, which are encrypted communication tools intended for the Pakistani military, and these devices can bypass traditional surveillance by using satellite and radio frequency via the BeiDou Network(Bhaskar English, 2025). Combining physical aggression with digital planning, the hybrid character of the assault signals a change in the overlap between terrorism and cyber warfare.

India’s response

“Operation Sindoor” represented a calibrated hybrid retaliation. This involved:

1. Cross-border precision strikes (Times of India, 2025).

2. Domestically developed electronic warfare systems are used to jam the communications of Pakistan-based operatives (Sharma, 2011).

3. Disabling command nodes linked to Chinese cyber hardware in PoK (Groffman, 2016; Ball, 2011).

4. A coordinated information campaign emphasising sovereignty and counter-terrorism (Times of India, 2025).

Parallelly, India conducted a civil defence exercise, “Operation Abhyaas”, highlighting a move towards resilience and public preparedness. 

Assessment

India's hybrid threat response capacity is transforming. While “Operation Sindoor” demonstrated operational agility and technological integration, significant challenges remain (Sharma, 2011 & Groffman, 2016). These include:

1. Enhancing inter-agency cyber coordination (Sharma, 2011).

2. Establishing clearer protocols for attribution and proportional response (Harold et al., 2016).

3. Investing in AI-enabled early warning systems (Jiang, 2019).

4. Engaging diplomatically to establish regional cyber norms (Hjortdal, 2011).

China’s integration of cyber warfare into its broader strategic calculus presents an ongoing challenge to Indian security (Ball, 2011). Hybrid threats will likely increase in sophistication, demanding a multidimensional and anticipatory Indian response (Harold et al., 2016; Jiang, 2019).

Conclusion

The Pahalgam attack and Operation Sindoor show the cyber and kinetic military convergence in South Asia's strategic area. Steeped in informed deterrence and information confrontation, China's cyber warfare philosophy has aggravated the asymmetry in regional security dynamics. India must coordinate military, cyber, and civil defence responses to address hybrid threats using a whole-of-nation approach. Countering threats not constrained by conventional barriers depends on legal and strategic clarity on hybrid warfare under international law and local cyber collaboration. National security policies have to change in real time as cyber and kinetic spheres become more intertwined.

References 

Ball, D. (2011). China’s cyber warfare capabilities. Security Challenges, 7(2), 81–103. https://www.jstor.org/stable/26467185

Bhaskar English. (2025, April 28). Terrorists in Pahalgam deployed SIM-less devices to communicate: Advanced Ultra Set devices undetectable by Indian surveillance. https://www.bhaskarenglish.in/tech-science/news/terrorists-in-pahalgam-deployed-sim-less-devices-to-communicate-advanced-methods-ultra-set-devices-undetectable-tech-behind-kashmir-ambush-134944267.html 

Chakraborty, A., & Tiwari, S. (2025). An analytical study on challenges and gaps in India's cybersecurity framework. Criminal Law Journal, 5(1), 3–12. https://doi.org/10.22271/27899497.2025.v5.i1a.110

Data Security Council of India & NASSCOM. (2020). National Cyber Security Strategy 2020. Data Security Council of India. https://www.dsci.in/files/content/knowledge-centre/2023/National-Cyber-Security-Strategy-2020-DSCI-submission.pdf

Groffman, N. (2016). Indian and Chinese espionage. Defence & Security Analysis. https://doi.org/10.1080/14751798.2016.1160486

Harold, S. W., Libicki, M. C., & Pomerleau, M. D. (2016). The U.S.–China cyber problem: Where strategic conflict meets technical reality. RAND Corporation. https://www.rand.org/pubs/research_reports/RR1535.html

Hjortdal, M. (2011). China’s use of cyber warfare: Espionage meets strategic deterrence. Journal of Strategic Security, 4(2), 1–24. https://www.jstor.org/stable/26463902

Insikt Group. (2021, March 1). RedEcho targets the Indian power sector amid heightened border tensions. Recorded Future. https://www.recordedfuture.com/redecho-targets-indian-power-sector

Jiang, L. (2019). From offence-dominance to deterrence: China’s evolving strategic thinking on cyberwar. In H. Farrell & A. L. Newman (Eds.), The Power of Networks: China in Cyberspace. Carnegie Endowment for International Peace. https://carnegieendowment.org/2019/06/20/from-offense-dominance-to-deterrence-china-s-evolving-strategic-thinking-on-cyberwar-pub-79470

Malik, F. (2021, March 2). Maharashtra cyber police suspects cyber‑attack behind Mumbai power outage. Hindustan Times. https://www.hindustantimes.com/cities/mumbai-news/maharashtra-cyber-police-suspects-cyber-attack-behind-mumbai-power-outage-101614654439868.html

Ministry of Electronics and Information Technology (MeitY). (2023). Bharat NCX 2023: National cyber security exercise concludes successfully. Press Information Bureau. https://www.pib.gov.in/PressReleasePage.aspx?PRID=1966198

Ministry of National Defense of the People’s Republic of China. (2019, July 24). China’s national defense in the new era. http://eng.mod.gov.cn/publications/2019-07/24/content_4846452.htm

Rajagopalan, R. P. (2024). Fixing cyber vulnerabilities: An agenda for the Quad (Issue Brief No. 692). Observer Research Foundation. https://www.orfonline.org/research/fixing-cyber-vulnerabilities-an-agenda-for-the-quad

Sharma, M. K. (2011). Cyber warfare: Implications for India. In S. Kumar (Ed.), India’s National Security Annual Review 2010 (pp. 279–289). Foundation for National Security Research / Routledge. https://www.researchgate.net/publication/339956351_Cyber_Warfare_Implications_for_India

The New Indian Express. (2025, April 27). NIA takes over investigation into Pahalgam terror attack, identifies local terror aides. https://www.newindianexpress.com/nation/2025/Apr/27/nia-takes-over-investigation-into-pahalgam-terror-attack-identifies-local-terror-aides

The Times of India. (2025). 'Sindoor ka badla khoon': Shashi Tharoor on Operation Sindoor's symbolism in the US. https://timesofindia.indiatimes.com/india/sindoor-ka-badla-khoon-shashi-tharoor-on-operation-sindoors-symbolism-in-us-watch-video/articleshow/121644821.cms

(Aravind is a research intern at C3S. The views expressed here are of the authors and do not reflect the views of C3S.)