More than 100 Indian government and public-sector websites have been compromised by illegal gambling operators to promote betting and casino content, according to UK-based cybersecurity firm FalconFeeds. The affected domains include those of central ministries, a High Court, a constitutional audit body, police and tax portals, and top academic institutions. This activity was revealed in a post on X this week.
FalconFeeds detailed that hackers exploited security vulnerabilities in government-owned sites to turn them into search engine optimisation (SEO) tools for gambling content such as rummy, satta, and Aviator-style crash games. The attackers used server-side cloaking techniques, serving keyword-stuffed gambling pages to Google’s crawler bots, sometimes in Thai to evade detection. Meanwhile, mobile users clicking through Google search results are redirected to offshore betting apps, while administrators and desktop visitors see normal or error pages.
This method leverages the trust associated with official .gov.in, .nic.in, .ac.in, and .edu.in domains to funnel users into illegal gambling platforms. The scale and diversity of the compromised sites, including a diplomatic mission and a land registration system, highlight significant cybersecurity gaps in Indian government infrastructure. Such misuse of trusted domains poses challenges for both cybersecurity and regulatory enforcement in India’s digital ecosystem.
FalconFeeds’ findings underscore the need for urgent government action to patch vulnerabilities and monitor official websites for misuse. The report was published on medianama.com on June 3, 2026, providing detailed insights into the hacking techniques and the extent of the compromise.