New research from the Global Cyber Alliance highlights a growing threat to Indian networks: weak routing security is enabling cross-border cyber campaigns, including state-sponsored espionage from neighboring Pakistan. Data from GCA’s AIDE honeypot platform reveals that Advanced Persistent Threat group APT36 (also known as Transparent Tribe) systematically abused Internet service provider (ISP) infrastructure to launch cyber operations against Indian targets throughout 2025.
Between April and August, AIDE recorded more than 116,000 incidents against Indian sensors originating from 75 Pakistani Autonomous System Numbers (ASNs). Activity peaked at over 26,000 attacks in a single day—nearly 10 times normal traffic—closely mirroring geopolitical tensions. Attacks originated from networks with significant routing security deficiencies, underscoring the correlation between poor practices and infrastructure abuse.
Routing Security Gaps at Scale
The AIDE data paints a troubling picture of the 75 ASNs in question:
- 98.7% of networks had unregistered or outdated IRR entries
- 98.7% failed RPKI validation
- 98.7% experienced route leaks or bogon incidents
- Only 9.2% were MANRS participants
This reveals that nearly every ASN involved in the surge showed systemic routing security weaknesses. The campaign involved large-scale exploitation of ISP infrastructure, malware propagation across IoT devices, and sustained cross-border operations targeting critical sectors.
Why This Matters for India
Routing security is not an abstract, technical issue. It is a matter of national security. Hospitals, schools, businesses, and governments all depend on reliable Internet connectivity. When malicious actors can exploit routing weaknesses, they not only compromise individual organizations but also threaten regional stability and economic trust. The escalation of APT36’s activity demonstrates that leaving routing security gaps unaddressed creates opportunities for adversaries to weaponize the Internet’s core infrastructure.
How MANRS Helps
MANRS provides clear, actionable best practices to close these gaps. By joining the MANRS Network Operators Program, Indian network operators agree to:
- Maintain accurate IRR records to prevent hijacks and leaks.
- Filter out bogons and invalid routes to block malicious traffic.
- Collaborate with a global community of operators committed to protecting the Internet’s core.
- Deploy RPKI validation to ensure route authenticity (optional but highly encouraged).
Even modest improvements in routing security make it significantly harder for groups like APT36 to sustain operations at scale. By adopting MANRS practices, Indian networks can ensure their infrastructure is not repurposed for geopolitical conflicts and help strengthen the resilience of the global Internet.
A Call to Indian Network Operators
The findings from GCA’s research are a wake-up call: India’s connectivity is too important to be left exposed. Closing systemic routing security gaps is essential to protecting national interests, safeguarding critical services, and building trust in the Internet.
The path forward is clear—Indian networks must join MANRS and implement routing security best practices now. Together, we can stop adversaries from turning weaknesses in our shared infrastructure into weapons of disruption and espionage.
The post A Call to Action for Indian Network Operators: Weak Routing Security Is Fueling Cross-Border Cyber Attacks appeared first on MANRS.