Cooperative Bank Hacking Case, Gujarat Police makes several arrests

Police have delivered a coordinated blow to an international cybercrime syndicate known as “Solar Spider”, which specialises in hacking cooperative banks with weak cybersecurity and laundering proceeds through mule accounts.
The Cyber Centre of Excellence, Gandhinagar (Gujarat Police) has been running Operation Mule Hunt 2.0 to target the Indian backbone of such syndicates, the mule account operators and local facilitators who receive and layer the hacked funds.
In the press release issued on 3 July 2026, Gujarat Police detailed major successes, including direct linkage to the Bhavnagar bank hacking case
- Bhavnagar Bank Hacking Case (FIR No. 11201018260022/2026): Accused hacked into the computer system, server, database, and core banking system of a Bhavnagar District Co-operative Bank. They artificially created fake balances/credits worth ₹7,34,91,682 (approx. ₹7.35 crore) and transferred the amount to various accounts. This matches the ₹7 crore Bhavnagar heist mentioned in the Noida case.
- Mule Account Network: Fake firms (e.g., “Chamunda Communication” run by Vishal Sureshbhai Dodiya) opened multiple bank accounts that were supplied to cyber syndicates. These accounts were used to receive and layer fraud proceeds.
- Scale of Network Busted: Over ₹161 crore cyber fraud network dismantled. More than 55 accused arrested in the last one month alone under Operation Mule Hunt 2.0. Total fraud detected in recent modules: ₹3.802 crore.
- Pan-India Complaints: 1,117+ cyber fraud complaints registered across India on the NCCRP portal linked to these accounts. State-wise: Maharashtra (56), Karnataka (28), Gujarat (23), Telangana (20), Uttar Pradesh (20), Rajasthan (18), Tamil Nadu (16), Delhi (14), West Bengal (13), and others, totalling 253 complaints in one module alone.
- Recent Arrests: Vishal Sureshbhai Dodiya (Ahmedabad), Mohammad Khalik Gulam Husen & Soyeb S/o Gulabnabi Rana (Surat), and newly arrested Afzal Pir Mohmad Mansuri (Ahmedabad), all linked to operating or facilitating mule accounts for the syndicate.
The Modus Operandi
Hackers leveraged sophisticated methods to get access into the Bank's core banking system (CBS). Bank balance was tampered in the CBS and transfers were made to several mule accounts.
Earlier, this year, in a joint operation by the Cyber Crime Unit of Gautam Buddh Nagar Police Commissionerate, Knowledge Park Police Station, and Meerut Zone Cyber Commandos, two Nigerian nationals were arrested in Noida:
- Modebe Joseph (42)
- Sunday Okonkwo (35)
The accused were part of the “Solar Spider” international cybercrime syndicate (with links to criminal networks in Nigeria and South Africa). They were planning to siphon off ₹60–80 crore from Indian cooperative banks.
Operation Team of Gujarat Centre of Excellence:
The operation was carried out by PI V.S. Rathod, PI K.S. Patel, PI P.K. Rohel, PI Anmol Saliya, PI R.B. Vihol, Dy. PI P.K. Rohel, PI V.M. Jotaniya, PI M.S. Herd, PI H.G. Patel, PI P.J. Parekh, PI H.J. Parmar, PSI N.R. Prajapati, PSI P.K. Rohel, ASI Nikit Ben Parmar, Hiteshbhai D. Bhi, Dharmeshbhai Rathod, Kakvati Devsinh Zala, PC Kanjibhai L. Rabari, PC Karan Chaudhary, PC Maulikbhai Patel and other staff.
Cybersecurity recommendations for Cooperative Banks
Owing to rise in cooperative Bank related attacks in recent past, experts have suggested some measures that can be adopted by bank.
- Hire a CERT-In empaneled auditor. Lower the cost of engagement / assignment, lower the quality of audit. Always go for QCBS instead of L1 in cyber security matter.
- To prevent such attacks, have a database activity monitoring solution - which detects any unauthorized modifications.
- In the Age of AI, a thorough risk assessment of AI related cyber attacks may be done.
- RBI's Cyber Security framework is a comprehensive piece of document, which can be implemented in letter and spirit.
From press release of Gujarat's Centre of Excellence, Gandhinagar