On 4 December 2025, Gujarat ATS announced a major counter-intelligence breakthrough: the dismantling of a spy network operating across multiple states, allegedly working for Pakistani intelligence. Two individuals — a former Indian Army official and a woman — were arrested for allegedly passing sensitive military information to Pakistan.
Authorities say the intelligence operation utilized fake online identities, social-media manipulation, and financial conduits to target Indian defence personnel, collect sensitive data, and relay it abroad.
Background of Gujarat ATS Arrest
Espionage against India’s armed forces remains one of the gravest threats to national security. Over the decades, incidents of covert information leaks — whether through human intelligence, cyber methods, or social engineering — have repeatedly underscored the vulnerability of military communication lines and the need for vigilance. Cases such as the historical Samba spy scandal highlight the long-standing efforts by hostile foreign agencies to infiltrate or compromise Indian defence assets.
Read also: From Guns to Smart Guns: Indian Army Evaluates Oerlikon Skyshield for Modern Drone & Missile Threats
In recent years, the advent of social media, encrypted chat apps, and digital payment platforms has given new tools to foreign handlers, enabling them to attempt infiltration through non-traditional routes — from “honey-trap” profiles to malware delivered via smartphones. The current case is a stark example of that evolving modus operandi.
The Arrests: Who Was Caught
Ajaykumar Surendrasingh Singh (47) – A retired Subedar of the Indian Army, originally from Bihar, currently residing in Goa. ATS said he was contacted in 2022, during his posting in Dimapur, by a Pakistani intelligence operative posing as “Ankita Sharma”.
Over time, he reportedly shared troop movement details, officer postings, and unit transfer information. He also allegedly received a Trojan-malware file intended to extract data directly from his mobile phone.
Rashmani Ravindra Pal (35) – A resident of Dadra & Nagar Haveli (originally from Jaunpur district, Uttar Pradesh), arrested from Daman. According to ATS, she acted as a conduit between Pakistan-based handlers and Indian defence personnel.
Under the alias “Priya Thakur”, she allegedly established fake online identities to befriend targeted army personnel, received lists of potential targets from handlers abroad, and facilitated data collection and money transfers via a Payments Bank account.
The arrests reportedly took place on 3 December 2025, with an FIR filed under relevant sections of the Bharatiya Nyaya Sanhita (BNS), including conspiracy and anti-national activity provisions.
Modus Operandi: How the Network Operated
Pakistani intelligence operatives — identified as “PIOs” (Pakistan Intelligence Officers) — created fake social media identities such as “Ankita Sharma” and “Priya Thakur” to approach and befriend Indian defence personnel online.
Targeted individuals were allegedly enticed to share sensitive information about unit deployments, officer transfers, regimental movements, exercises, and other classified military data. Information was exchanged via encrypted messaging apps, photos, videos, and sometimes via malware-installed phones.
The accused were also allegedly provided with funds by their foreign handlers; financial transactions were routed through a payments bank account opened specifically for this purpose.
Technical forensic analysis of seized devices revealed WhatsApp call logs to Pakistan-linked numbers, documents exchanged with handlers, and IP addresses tracing back to Pakistani cities like Multan, Sargodha, and Lahore. In some cases, VPNs and virtual phone numbers were reportedly used to mask real locations.
ATS coordinated with multiple state police agencies and special operations groups across Gujarat, Goa, Daman, and even Uttar Pradesh to piece together a full picture of the network, including triangulating communications and financial records.
Wider Implications of Gujarat ATS Arrest
Evolution of Espionage Tactics: The case underscores how foreign intelligence agencies are increasingly using social engineering — fake profiles, online liaisons, and malware — instead of traditional espionage routes. The digital dimension lowers the barrier for infiltration and widens the pool of potential informants.
Vulnerability of Ex-Servicemen / Retired Personnel: Retired military individuals may lack the institutional oversight that active personnel have, making them more vulnerable to manipulative tactics. This highlights the need for better awareness, monitoring and retraining regarding cybersecurity and social-media vigilance for ex-personnel.
Financial and Cyber Links to Foreign Handlers: The use of payments banking, digital transactions, and cross-border communications shows the blend of cyber, financial, and human-intelligence in contemporary espionage — complicating detection and requiring multidisciplinary counter-intelligence strategies.
Urgency of Counter-intel Vigilance: With such networks potentially widespread, the arrest reinforces the need for strong counter-intelligence determination by domestic agencies, continuous surveillance, updated protocols for retired personnel, and timely reporting of suspicious contacts.
What’s Next: The Ongoing Investigation
According to ATS officials, the current arrests could just be the tip of the iceberg. Investigations are ongoing to:
- Identify other individuals involved in the network — handlers, accomplices, potential targets.
- Trace the full scale of data leakage — what specific information was exchanged, its potential use, whether the network has compromised any ongoing operations.
- Recover all digital evidence — messages, call logs, financial trails, malware, and decrypt any hidden communications.
- Evaluate security protocols regarding ex-servicemen and retired defence personnel to prevent future breaches, and possibly flag similar behavioral and communication anomalies in future cases.
Key Significance in Broader Security Landscape
The arrest comes at a time when Indo-Pak tensions remain high, and any leak of troop deployment, movement, or strategic information to hostile intelligence agencies can severely compromise national security. The case stands as a harsh reminder that defence personnel — active or retired — remain potential targets of foreign intelligence, especially through seemingly innocuous platforms such as social media and messaging apps.
For the agencies involved, this success bolsters confidence in modern digital surveillance, forensic tracking, and inter-state coordination. For citizens and ex-defence personnel, it issues a strong caution: vigilance must not wane even after service ends.
Potential Risks and What Citizens Should Watch For
- Beware of unsolicited friend requests or messages on social media — especially from unknown profiles claiming to be friendly or personal.
- Ex-servicemen should be particularly cautious about sharing work history, unit postings, or even general discussions about past deployments.
- Avoid downloading unknown attachments or files sent to mobile devices — such as the Trojan malware reportedly used in this case — especially from unverified contacts.
- Financial transactions with unknown persons or overseas contacts should be treated with suspicion.
