Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Crime. Show all posts
State Sponsored Hackers
Cyber Crime cyber espionage Daggerfly Evasive Panda State Sponsored Hackers

State-Sponsored Cyber Threats: Daggerfly’s Upgraded Malware Toolkit

State-Sponsored Cyber Threats: Daggerfly’s Upgraded Malware Toolkit

According to a Symantec investigation, the prolific Chinese espionage outfit Daggerfly (also known as Evasive Panda and Bronze Highland) has considerably modified its malware toolset, enhancing its ability to target the majority of key operating systems.

The most recent advancements indicate that the gang is employing a single framework to efficiently target Windows, Linux, macOS, and Android operating systems.

The researchers saw the group using new malware versions in recent operations against Taiwanese organizations and a US NGO operating in China.

The Evolution of Daggerfly

Daggerfly has been active for over a decade, conducting espionage operations both internationally and within China. Their primary targets have included government agencies, defense contractors, and various industries critical to national security. Over the years, Daggerfly has demonstrated a high level of sophistication in their cyber operations, continually evolving their tactics, techniques, and procedures (TTPs) to stay ahead of detection mechanisms.

Symantec reported in April 2023 on a Daggerfly campaign targeting an African telecoms business, in which the gang employed new plugins written with the MgBot malware platform.

In March 2024, ESET identified persistent Daggerfly campaigns targeting Tibetans in multiple countries and territories. The researchers observed the group using Nightdoor, a previously undocumented backdoor.

Daggerfly appears to be capable of responding to disclosure by quickly updating its toolset and continuing its espionage efforts with minimal disturbance.

The Upgraded Malware Arsenal

Symantec stated that it discovered proof that Daggerfly had created the macOS backdoor Macma. Macma was initially documented by Google in 2021, however, it appears to have been used since at least 2019.

According to Google's early study, the modular backdoor provides a variety of data exfiltration capabilities, such as device fingerprinting, command execution, screen capture, keylogging, audio recording, and file uploading and downloading.

A second version of Macma includes incremental improvements to the existing capabilities, such as more debug logging and updated modules in the appended data.

Its main module showed signs of more comprehensive changes, such as new logic to collect a file's system listing and changed code in the AudioRecorderHelper function.

Symantec linked Macma to Daggerfly after discovering two variants of the Macma backdoor connected to a command-and-control (C&C) server also used by a MgBot dropper.

Furthermore, Macma and other well-known Daggerfly malware, such as Mgbot, incorporate code from a single, shared library or framework that has been used to create threats for Windows, macOS, Linux, and Android platforms.

The researchers also noted Daggerfly's usage of the Windows backdoor Suzafk, which ESET initially identified as Nightdoor in March 2024.

Implications for Cybersecurity

Suzafk is a multi-stage backdoor that can use TCP or OneDrive for command and control. It was created using the same shared library as Mgbot, Macma, and several other Daggerfly utilities.

The researchers found a configuration indicating that the ability to connect to OneDrive is in development or exists in other malware copies.

In addition to the tools listed above, Symantec claims Daggerfly can Trojanize Android APKs, SMS interception tools, DNS request interception tools, and even malware families targeting the Solaris operating system.

The Broader Context of Cyber Espionage

Daggerfly’s activities are part of a broader trend of state-sponsored cyber espionage. Nation-states invest heavily in cyber capabilities to gain strategic advantages over their adversaries. These activities often target critical infrastructure, intellectual property, and sensitive government information.

The international community has recognized the threat posed by state-sponsored cyber espionage, leading to increased efforts to develop norms and agreements to govern state behavior in cyberspace. However, the covert nature of these operations makes attribution and enforcement challenging.

Read more »
North Korea Hackers
Asian Payment Firm Cryptoc Cyber Crime Money Laundering North Korea Hackers

Lazarus Hacking Group is Using Asian Firms to Launder Stolen Crypto

 

Cambodian payments company received crypto worth over US$150,000 from a digital wallet employed by North Korean hacking group Lazarus, blockchain data shows, a glimpse of how the criminal outfit has laundered funds in Southeast Asia. 

Huione Pay, based in Phnom Penh and offers currency exchange, payments and remittance services, received the crypto between June 2023 and February this year, according to the previously unreported blockchain data reviewed by Reuters. 

The crypto was transferred to Huione Pay from an anonymous digital wallet that, according to blockchain experts, was used by a hacking outfit to deposit funds stolen from three crypto firms in June and July 2023. 

The United States' Federal Bureau of Investigation said in August last year that Lazarus stole US$160 million from the crypto firms: Estonia-based Atomic Wallet and CoinsPaid; and Alphapo, registered in Saint Vincent and the Grenadines. 

They were the latest in a series of heists by Lazarus that the US said was funding Pyongyang's weapons programmes. Cryptocurrency allows North Korea to circumvent international sanctions, the United Nations has said.

The crypto might have assisted the regime pay for banned goods and services, according to the Royal United Services Institute, a London-based defence and security think tank. 

Huione Pay's board said the company had not known it "received funds indirectly" from the hacks and cited the multiple transactions between its wallet and the source of the hack as the reason it was unaware.

Rhe wallet that sent the funds was not under its management, Huione added. 

Huione Pay — whose three directors include Hun To, a cousin of Prime Minister Hun Manet — refused to elaborate why it had received funds from the wallet or provide details of its compliance policies. The firm stated Hun To's directorship does not include day-to-day oversight of its operations. The National Bank of Cambodia (NBC) said payments companies such as Huione weren't allowed to deal or trade in any cryptocurrencies and digital assets.

US blockchain analysis firm TRM Labs told Reuters that Huione Pay was one of a number of payment platforms and over-the-counter brokers that received a majority of the crypto stolen in the Atomic Wallet hack. Brokers connect buyers and sellers of crypto, offering traders a greater degree of privacy than crypto exchanges. 

TRM also said the attackers conceal their tracks by converting the stolen crypto via a complex laundering operation into different cryptocurrencies, including tether (USDT) — a so-called "stablecoin" that retains a steady value in dollars.
Read more »
surveillance
APT Cyber Crime GuardZoo Spyware surveillance

Houthi-Aligned APT Targets Mideast Militaries With ‘GuardZoo’ Spyware


Since 2019, surveillance equipment deployed by a Yemeni Shia Islamist organization's partners has been used to target troops throughout the Middle East, according to a new study.

Surveillanceware Targeting Middle Eastern Militaries

A Houthi-aligned threat actor utilized GuardZoo malware to capture images, documents, and other files from compromised devices, according to Lookout researchers in a report released Tuesday.

According to unsecured command and control server logs, the majority of the approximately 450 victims were found in Yemen, Saudi Arabia, Egypt, and Oman, with a tiny number in the United Arab Emirates, Turkey, and Qatar.

The Houthis took possession of Yemen's capital city in 2014, sparking a civil conflict and hunger. According to human rights organizations, a contentious Saudi-led intervention in Yemen began in June 2019 and resulted in a wave of arbitrary arrests, torture, and enforced disappearances.

The Houthi-aligned threat actor was identified by "application lures, exfil data, targeting, and the C2 infrastructure location," according to the report.

The Origins

According to Lookout, the spying tool is named after a fragment of source code that persists on an infected device. In addition to collecting images and documents, the study stated that it can "coordinate data files related to marked locations, routes, and tracks," as well as identify an infected device's location, model, cellular service carrier, and Wi-Fi setup.

GuardZoo can also download and install "arbitrary applications on the device," implying it can offer more destructive abilities once the gadget is infected," according to the paper.

Technical Details

According to Lookout, the spyware has been detected primarily in military-themed applications, with distribution and infections originating primarily in WhatsApp, WhatsApp Business, and browser downloads. In a few other cases, victims were enticed by content with a religious-themed prayer app or an e-book theme.

Researchers initially found GuardZoo in October 2022. Lookout claims the tool is based on Dendroid RAT, a "commodity spyware" that has been in use for at least a decade.

Capabilities

After infecting a device, GuardZoo communicates to the command and control server and sends four commands to each new victim, including deactivating local logging and uploading metadata for all files.

"These extensions are related to maps, GPS and markings showing waypoints, routes and tracks," according to Lookout's findings.

GuardZoo's lures were originally general, but they've evolved to include military themes with titles like "Constitution Of The Armed Forces" and "Restructuring Of The New Armed Forces." Military apps used as a lure featured emblems from numerous Middle Eastern countries, including Yemen and Saudi Arabia.

Operational Impact

After infecting a device, GuardZoo communicates to the command and control server and sends four commands to each new victim, including deactivating local logging and uploading metadata for all files.

"These extensions are related to maps, GPS and markings showing waypoints, routes and tracks," according to Lookout's findings.

GuardZoo's lures were originally general, but they've evolved to include military themes with titles like "Constitution Of The Armed Forces" and "Restructuring Of The New Armed Forces." Military apps used as a lure featured emblems from numerous Middle Eastern countries, including Yemen and Saudi Arabia.
Read more »
Five Eye
APT40 Chinese Hackers Cyber Crime cyber espionage Five Eye

Chinese APT40 Attackers Exploit SOHO Routers to Launch Attacks

 

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the United Kingdom, and the United States have issued a joint advisory about APT40, a China-linked cyber espionage group, warning regarding its ability to co-opt exploits for newly disclosed security vulnerabilities within hours or days of public release.

"APT40 has previously targeted organizations in various countries, including Australia and the United States," the agencies noted. "Notably, APT40 possesses the ability to quickly transform and adapt vulnerability proofs-of-concept (PoCs) for targeting, reconnaissance, and exploitation operations.” 

The threat group, also known as Bronze Mohawk, Gingham Typhoon (previously Gadolinium), ISLANDDREAMS, Kryptonite Panda, Leviathan, Red Ladon, TA423, and TEMP.Periscope, has been active since at least 2011, carrying out cyber attacks against companies in the Asia Pacific region. It is believed to be based in Haikou.

In July 2021, the US and its allies officially identified the group as being linked to China's Ministry of State Security (MSS), indicting several members of the hacking crew for orchestrating a multiyear campaign aimed at various sectors to facilitate the theft of trade secrets, intellectual property, and high-value information. 

Over the last few years, APT40 has been linked to intrusion waves that distribute the ScanBox reconnaissance framework, as well as the exploitation of a security vulnerability in WinRAR (CVE-2023-38831, CVSS score: 7.8) as part of a phishing effort targeting Papua New Guinea to deliver a backdoor known as BOXRAT. Then, earlier this March, the New Zealand government implicated the threat actor in the 2021 deal between the Parliamentary Counsel Office and the Parliamentary Service.

The group has also been observed using out-of-date or unpatched devices, such as small-office/home-office (SOHO) routers, as part of its attack infrastructure in an attempt to reroute malicious traffic and avoid detection, a strategy similar to that used by other China-based groups such as Volt Typhoon.

According to Google-owned Mandiant, this is part of a larger shift in Chinese cyber espionage activity that aims to prioritise stealth by increasingly weaponizing network edge devices, operational relay box (ORB) networks, and living-off-the-land (LotL) techniques to avoid detection. 

Attack chains also include reconnaissance, privilege escalation, and lateral movement actions that use the remote desktop protocol (RDP) to steal credentials and exfiltrate sensitive information. To reduce the risks posed by such threats, organisations should maintain adequate logging mechanisms, enforce multi-factor authentication (MFA), implement an effective patch management system, replace obsolete equipment, disable unused services, ports, and protocols, and segment networks to prevent access to sensitive data.
Read more »
threat report
Cyber Crime Extortion Scheme Ransomware Ransomware Actors threat report

Ransomware Extortion Demands Increase to $5.2 Million Per Attack

 

Ransomware demands are skyrocketing in 2024, with the average extortion demand per ransomware attack exceeding $5.2 million per incident in the first half of the year. 

Following an attack on India's Regional Cancer Centre (RCC) on April 20, a review of 56 ransom demands from January to June of this year revealed that the highest demand was $100 million. The second and third highest extortion demands were issued to Synnovis, a UK pathology supplier, and London Drugs, a Canadian retailer, at $50 million and $25 million, respectively. 

Even though there were 421 ransomware attacks in the first half of 2024 as opposed to 704 attacks in the same time of 2023, the numbers for 2024 are probably going to rise as long as there are more SEC-mandated breach disclosures. In terms of how much data has been stolen in these attacks, private companies have had 29.7 million records compromised thus far, whilst governments have had 52,390, and the healthcare industry has had a startling 5.4 million exposed records. 

Prevention tips 

Maintain backups: The researchers recommend that backing up critical information is the single most effective strategy to recover from a ransomware outbreak. There are a few things to consider, however. Backup files should be securely safeguarded and stored offline or out-of-band to prevent attackers from targeting them. 

Using cloud services may help alleviate a ransomware outbreak as many retain previous versions of files, allowing you to restore to an unencrypted version.Regularly test backups for efficacy. In the case of an attack, be sure your backups aren't infected before rolling back. 

Develop strategies and policies: Create an incident response strategy so that your IT security personnel knows what to do in the case of a ransomware attack. The plan should include the roles and communications to be shared during an assault. 

You should also include a list of contacts, such as any partners or vendors that need to be informed. Do you have a "suspicious email" policy? If not, try implementing a company-wide policy. This will help instruct employees on what to do if they receive an email that they don't understand. It may be as simple as forwarding the email to the IT security staff. 

Keep systems up-to-date: Make sure that all of your organization's operating systems, apps, and software are constantly updated. Applying the most recent updates will help close the security gaps that attackers are attempting to exploit. Wherever possible, enable auto-updates so that you always have the most recent security fixes.
Read more »
Spear Phishing
Cyber Crime cyber espionage Hackers Russia Spear Phishing

Inside the Espionage: How Nobelium Targets French Diplomatic Staff


Cybersecurity threats have become increasingly sophisticated, and state-sponsored actors continue to target government institutions and diplomatic entities. One such incident involves a Russian threat actor known as “Nobelium,” which has been launching spear phishing attacks against French diplomats.

ANSSI Issued an Alert

France's cybersecurity agency, ANSSI, has issued a notice outlining a Russian spear phishing attempt aimed at French diplomats, the Record writes. The CIA connects the campaign to "Nobelium," a threat actor linked to Russia's Foreign Intelligence Service (SVR).

The Campaign

Nobelium, believed to have ties to Russia’s Foreign Intelligence Service (the SVR), primarily uses compromised legitimate email accounts belonging to diplomatic staff to conduct these attacks. The goal is to exfiltrate valuable intelligence and gain insights into French diplomatic activities.

Compromising Email Accounts of French Ministers

These events included the penetration of email accounts at the French Ministry of Culture and the National Agency for Territorial Cohesion, but according to ANSSI, the hackers were unable to access any elements of those networks other than the compromised inboxes.

However, the hackers subsequently used those email addresses to target other organizations, including France's Ministry of Foreign Affairs. ANSSI stated that Nobelium attempted to acquire remote access to the network by installing Cobalt Strike, a penetration testing system infamous for being abused by bad actors, but was unsuccessful.

Other occurrences reported by ANSSI included the use of a French diplomat's stolen email account to send a malicious message falsely proclaiming the closure of the French Embassy in South Africa due to an alleged terror assault.

Tactics and Techniques

Nobelium’s spear phishing campaigns are highly targeted. They craft convincing lure documents tailored to specific individuals within diplomatic institutions, embassies, and consulates. Here are some tactics and techniques they employ:

Email Spoofing: Nobelium impersonates trusted senders, often using official-looking email addresses. This makes it challenging for recipients to discern the malicious intent.

Lure Documents: The threat actor attaches seemingly innocuous files (such as PDFs or Word documents) to their emails. These files contain hidden malware or exploit vulnerabilities in software applications.

Social Engineering: Nobelium leverages social engineering techniques to manipulate recipients into opening the attachments. They might use urgent language, reference official matters, or create a sense of curiosity.

Credential Harvesting: Once the recipient opens the attachment, the malware may attempt to steal login credentials or gain unauthorized access to sensitive systems.

Read more »
NTA
Cyber Crime cyber threat Darknet Exam Scam India NTA

NTA Faces Exam Security Crisis Amid Darknet Threats

 

The National Testing Agency (NTA) in India is in the midst of a serious crisis, with its staff worried about the safety of any exam due to claims that the NTA's website was hacked. 

Following the cancellation of the UGC-NET due to claimed cyberthreats, an NTA officer has come forward, suggesting further risks to examinations.

According to the local media outlet, a senior NTA official stated that the testing organization's IT and administrative staff are concerned that re-conducting the examinations will be impossible owing to "terrorist organisations" getting into the NTA's security systems via the dark web to expose the chinks this year. 

Earlier this week, the Bihar Police asked for data about six candidates, including their roll numbers. Two of the roll numbers do not exist, and the names of the remaining two candidates do not match. There are other discrepancies, including the timing of the seizures, which took place after the exam, when all of the question papers had already been made public, the official added.

He also stated that simply looking at exam models would not be sufficient, saying that the computer-based ITEP exam had to be cancelled since each file of the examination was 5 GB and had to be downloaded at the allocated centres, and that some applicants received false question papers. 

What's happened so far?

Earlier, the NTA published a statement, claiming that the NTA website and all of its other web portals are completely secure and that accusations of hacking were false and misleading. The clarification comes amid a debate over suspected irregularities in exams such as NEET-UG and UGC-NET.

The investigation into the irregularities in the medical entrance exam NEET-UG has also been handed over to CBI, followed by the assigning of the India Trade Promotion Organisation (ITPO) Chairman and Managing Director Pradeep Singh Kharola as the additional charge of the NTA.

A high-level seven-member team, led by a former ISRO chairman Dr K Radhakrishnan, has been constituted to investigate the functioning and fair conduct of exams by the NTA, and will give its report in two months, the Centre revealed on June 22.
Read more »
Youtube
Cyber Crime Facebook Google ISIS Youtube

Terrorist Tactics: How ISIS Duped Viewers with Fake CNN and Al Jazeera Channels


ISIS, a terrorist organization allegedly launched two fake channels on Google-owned video platforms YouTube and Facebook. CNN and Al Jazeera claimed to be global news platforms through their YouTube feeds. This goal was to provide credibility and ease the spread of ISIS propaganda.

According to research by the Institute for Strategic Dialogue, they managed two YouTube channels as well as two accounts on Facebook and X (earlier Twitter) with the help of the outlet 'War and Media'.

The campaign went live in March of this year. Furthermore, false profiles that resembled reputable channels were used on Facebook and YouTube to spread propaganda. These videos remained live on YouTube for more than a month. It's unclear when they were taken from Facebook.

The Deceptive Channels

ISIS operatives set up multiple fake channels on YouTube, each mimicking the branding and style of reputable news outlets. These channels featured professionally edited videos, complete with logos and graphics reminiscent of CNN and Al Jazeera. The content ranged from news updates to opinion pieces, all designed to lend an air of credibility.

Tactics and Objectives

1. Impersonation: By posing as established media organizations, ISIS aimed to deceive viewers into believing that the content was authentic. Unsuspecting users might stumble upon these channels while searching for legitimate news, inadvertently consuming extremist propaganda.

2. Content Variety: The fake channels covered various topics related to ISIS’s global expansion. Videos included recruitment messages, calls for violence, and glorification of terrorist acts. The diversity of content allowed them to reach a broader audience.

3. Evading Moderation: YouTube’s content moderation algorithms struggled to detect these fake channels. The professional production quality and branding made it challenging to distinguish them from genuine news sources. As a result, the channels remained active for over a month before being taken down.

Challenges for Social Media Platforms

  • Algorithmic Blind Spots: Algorithms designed to identify extremist content often fail when faced with sophisticated deception. The reliance on visual cues (such as logos) can be exploited by malicious actors.
  • Speed vs. Accuracy: Platforms must strike a balance between rapid takedowns and accurate content assessment. Delayed action allows harmful content to spread, while hasty removal risks false positives.
  • User Vigilance: Users play a crucial role in reporting suspicious content. However, the resemblance to legitimate news channels makes it difficult for them to discern fake from real.

Why is this harmful for Facebook, X users, and YouTube users?

A new method of creating phony social media channels for renowned news broadcasters such as CNN and Al Jazeera reveals how the terrorist organization's approach to avoiding content moderation on social media platforms has developed.

Unsuspecting users may be influenced by "honeypot" efforts, which, according to the research, will become more sophisticated, making it even more difficult to restrict the spread of terrorist content online.

Read more »
Threat Landscape
Credential Theft Cyber Crime Cyber Extortion Cyber Gang SaaS Apps Threat Landscape

Notorious Cyber Gang UNC3944 Shifts Focus to SaaS Apps vSphere and Azure

 

The notorious cyber gang UNC3944, which is suspected of involvement in the recent attacks on Snowflake and MGM Entertainment, among other things, has modified its methods and is now targeting SaaS apps. 

According to Google Cloud's Mandiant threat intelligence team, UNC3944's operations coincide significantly with those of the assault groups known as "0ktapus," "Octo Tempest," "Scatter Swine," and "Scattered Spider." The group's operations began with credential harvesting and SIM swapping attacks, progressed to ransomware and data theft extortion, and has now transitioned to "primarily data theft extortion, without the use of ransomware.” 

Mandiant claimed to have heard recordings of UNC3944's calls to corporate help desks, in which it attempted social engineering attacks. 

"The threat actors spoke with clear English and targeted accounts with high privilege potential,” Mandiant's researchers noted last week. In some cases, callers already possessed victims' personally identifiable information – allowing the attackers to bypass identity verification checks. 

Scammers posing as callers from UNC3944 would frequently say they were getting a new phone, requiring an MFA reset. Help desk employees would enable the attackers to reset passwords and get around MFA protections if they allowed such reset. 

"UNC3944 has occasionally resorted to fearmongering tactics to gain access to victim credentials," Mandiant added. "These tactics include threats of doxxing personal information, physical harm to victims and their families, and the distribution of compromising material.” 

When the hackers infiltrated an organization's infrastructure, they would immediately hunt for information on tools such as VPNs, virtual desktops, and remote telework programmes that would provide persistent access. Access to Okta was another target; tampering with the vendor's single sign-on tools (SSO) allowed attackers to create accounts that could be used to log into other systems. 

VMware's vSphere hybrid cloud management tool was one of the targets of attacks resulting from compromised SSO tools. Microsoft Azure was another option. Both were intended to allow UC3944 operatives to design virtual machines within an organisation and use them for malicious purposes. This makes sense because most of an organization's resources will use IP addresses within a safe range.
Read more »
Police Scam
Banking fraud Cyber Crime Fake Arrest India Police Scam

How Fear Tactics Led to a Pune Woman’s Financial Ruin: Insights into Cyber Fraud

How Fear Tactics Led to a Pune Woman’s Financial Ruin: Insights into Cyber Fraud

A 67-year-old Pune woman lost Rs 1.6 crore of her life savings to cyber crooks after receiving a call claiming that her phone number was used to send vulgar texts and that Mumbai police had arrested her.

She was issued an arrest order under the guise of a 'national security danger' and a 'Supreme Court case', and she was informed that disclosing her ordeal would result in the arrest of her children and seizure of their assets.

The deceptive call

The 67-year-old woman from Kothrud filed a First Information Report in the case at Pune's Cyber Crime Police Station earlier this week. In the first week of May, she received a call from a man posing as a Tilak Nagar police officer in Mumbai. While the individual presented himself as a sub-inspector, he used the identity of an IPS officer now stationed in Pune.

He informed her that vulgar messages had been sent from her phone number and requested her personal, financial, and Aadhar information for further clarity. He then stated that a 'FIR' had been registered in the 'Supreme Court' and that the charges included money laundering. The man said a CBI officer would call her and help.

The ‘fake’ CBI officer

The next day, she received a video call from a man pretending as a 'CBI officer' and providing the name of another working IPS officer. The officer informed her that to ensure that the money in her account was real and not used for money laundering, all funds from her account would have to be transferred to 'beneficiary accounts owned by the Reserve Bank of India.'

The officer informed her that the case against her was classified as 'national secrets' and that the account had been used to commit major crimes. Fearing legal repercussions, the victim made substantial transactions of Rs one crore and Rs 29 lakh from two separate accounts.

Coercion and surveillance: Imposing fear

During these transfers, the complainant was forced to remain on messenger calls, alleging she was under observation. The 'CBI official' informed her that if she shared the case with anyone in the family, her children would be detained and their possessions seized by the government. She was also instructed to make remittances of Rs 50 lakh to the 'Supreme Court.' The woman transferred more than Rs 30 lakh.

The aftermath

As the internet thieves increased their demands, the mother eventually confided in her daughter, who informed her that she had been duped by cybercriminals. She filed a complaint with the Cyber Crime Portal, and the case was then referred to the Cyber Crime Police Station in Pune City.

According to an officer from the Cybercrime Police Station, the crime's modus operandi is the same as that of drugs in parcel scams, but the grounds for threatening the victim differ. In a similar case recorded at Wakad police station in Pimpri Chinchwad, a software engineer in his 40s was duped of Rs 40 lakh after he was told that his number was being 'used to mistreat a woman' and threatened action under "national secret rule."

In these types of schemes, fraudsters mimic IPS personnel to defraud people. They pressure victims into transferring money for a variety of reasons, including customs taxes or legal expenses, as well as by saying that their bank accounts are under threat from hackers. Callers frequently threaten victims, stating they are under monitoring by the government.

Read more »
RBI
Banking fraud Cyber Crime Loan Scam online frauds RBI

Online Banking Frauds: The Silent Threat to India’s Financial Stability

Online Banking Frauds: The Silent Threat to India’s Financial Stability

Bank frauds in India: A soaring trend

According to an analysis of frauds recorded across banks, the number of fraud cases filed in FY24 increased by approximately 300 percent from 9,046 in FY22. However, the sum involved has decreased from Rs 45,358 crore to Rs 13,930 crore, according to the central bank's annual report for fiscal year 24 released on Thursday.

Every year, the amount involved in total frauds reported decreased by 46.7% during fiscal year 24.

The numbers speak

The RBI stated that, while private sector banks reported the most frauds in the recent three years, public sector banks contributed the most to the fraud total. According to the RBI, digital payments (card payments and internet) were the most common source of fraud. 

According to the RBI, digital payments (card payments and internet) were the most common source of fraud. However, in terms of value, the frauds were concentrated in the loan portfolio.

While small value card/internet frauds accounted for the majority of frauds recorded by private sector banks, RBI investigation revealed that frauds in public sector banks were primarily in loan portfolios.

The number of scams involving card and internet payments jumped from 3,596 in FY22 to 29,082 in FY24. In terms of value, it rose from Rs 155 crore in FY22 to Rs 1,457 crore.

Observing the time lag

In an assessment of cases reported in FY23 and FY24, the RBI discovered a significant time lag between the date a fraud occurred and its identification.

According to the RBI, the amount engaged in frauds from prior fiscal years accounted for 94.0 percent of the frauds reported in FY23 in terms of value. Approximately 89% of the frauds recorded in FY24 by value occurred in previous fiscal years.

Factors contributing to the surge

  • Technological advancements: The digital revolution has transformed banking, making transactions faster and more accessible. However, it has also exposed vulnerabilities. Cybercriminals exploit weak security measures, phishing attacks, and identity theft to siphon off funds.
  • Lax oversight: Despite regulatory frameworks, some banks struggle to implement robust risk management practices. Inadequate internal controls and complacency contribute to the rising fraud numbers.
  • Insider threats: Employees with access to sensitive information can be both an asset and a liability. Insider fraud—whether intentional or due to negligence—poses a significant risk.
  • Complex financial products: As financial products become more intricate, so do the opportunities for fraud. From complex derivatives to shadow banking, the landscape is ripe for exploitation.

Mitigating the risk

  • Enhanced security measures: Banks must invest in cutting-edge cybersecurity tools. Multi-factor authentication, real-time monitoring, and AI-driven anomaly detection can help thwart fraud attempts.
  • Training and awareness: Educating bank staff and customers about fraud risks is crucial. Regular workshops, simulated phishing exercises, and awareness campaigns can empower everyone to stay vigilant.
  • Collaboration: Banks, regulators, and law enforcement agencies must collaborate closely. Sharing threat intelligence and best practices can strengthen the collective defense against fraud.
  • Strengthening legal frameworks: Stricter penalties and faster legal proceedings can act as deterrents. Swift action against fraudsters sends a strong message.

Read more »
Shell
Cyber Crime Data Privacy Hacking Sensitive Information Shell

Shell Data Breach: Hacker Group 888 Claims Responsibility

 



A hacker group known as 888 has claimed responsibility for a data breach targeting Shell, the British multinational oil and gas company. The breach, allegedly impacting around 80,000 individuals across multiple countries, has raised significant concerns about data security within the organisation.

The compromised data includes sensitive information such as shopper codes, names, email addresses, mobile numbers, postcodes, site addresses, and transaction details. This information reportedly pertains to Australian users, specifically linked to transactions at Reddy Express (formerly Coles Express) locations in Australia. The hacker, using the pseudonym Kingpin, shared samples of the data on a popular hacking forum, indicating that the breach occurred in May 2024.

The breach affects individuals in several countries, including the United States, United Kingdom, Australia, France, India, Singapore, the Philippines, the Netherlands, Malaysia, and Canada. The extensive range of affected regions stresses upon the potential severity and widespread implications of the breach for Shell’s customers and stakeholders.

At present, there has been no official statement from Shell confirming the breach. The Cyber Express reached out to Shell for verification, but no response has been received. This lack of confirmation leaves the authenticity of the claims uncertain, though the potential risks to those involved are considerable.


This is not the first time Shell has faced cyberattacks. In the past, the company experienced a ransomware attack and a security incident involving Accellion’s File Transfer Appliance. These past events highlight the persistent threat cybercriminals pose to the energy sector.


In response to previous incidents, Shell emphasised its commitment to cybersecurity and data privacy. The company has initiated investigations into the recent claims and is working to address any potential risks. Shell has also engaged with relevant regulators and authorities to ensure compliance with data protection regulations and to mitigate the impact of any breaches.


The situation is still unfolding, and The Cyber Express continues to monitor the developments closely. 


The alleged Shell data breach by hacker group 888 serves as a reminder of the vulnerabilities that even large multinational corporations face in the digital age. As investigations continue, the importance of robust cybersecurity measures and vigilant monitoring cannot be overstated.


Read more »
threat report
Cyber Crime Microsoft Moonstone North Korea threat report

Unmasking Moonstone Sleet: A Deep Dive into North Korea’s Latest Cyber Threat

Moonstone Sleet: A New North Korean Threat Actor

Moonstone Sleet: A New North Korean Threat Actor

Microsoft discovered a new North Korean threat actor, Moonstone Sleet (formerly Storm-1789), who targets companies with a combination of tried-and-true techniques used by other North Korean threat actors as well as unique attack methodologies for financial and cyber espionage purposes. 

Moonstone Sleet has been detected setting up phony firms and job chances to engage with potential targets, using trojanized copies of legitimate tools, developing a fully complete malicious game, and delivering a new unique ransomware.

About Moonstone Sleet 

Moonstone Sleet is a threat actor behind a series of malicious acts that Microsoft believes is North Korean state-aligned. It employs tried-and-true techniques other North Korean threat actors utilize and novel attack methodologies. 

When Microsoft first discovered Moonstone Sleet activity, the actor showed strong similarities to Diamond Sleet, reusing code from known Diamond Sleet malware such as Comebacker and employing well-established Diamond Sleet techniques to gain access to organizations, such as using social media to deliver trojanized software. 

However, Moonstone Sleet swiftly adopted its own unique infrastructure and attacks. Microsoft has since observed Moonstone Sleet and Diamond Sleet operating concurrently, with Diamond Sleet continuing to use much of its well-known, established tradecraft.

Moonstone Sleet has a diverse collection of operations that serve its financial and cyberespionage goals. These include delivering proprietary ransomware, building a malicious game, establishing bogus firms, and employing IT personnel.

Why should organizations be concerned?

Moonstone Sleet’s emergence highlights the need for organizations to remain vigilant. Here’s why:

  • Financial Gain: Moonstone Sleet primarily targets financial institutions, seeking monetary gains through cybercrime. Their deceptive tactics make it challenging to detect their presence until it’s too late.
  • Cyberespionage: Beyond financial motives, Moonstone Sleet engages in cyber espionage. They aim to steal sensitive data, trade secrets, and intellectual property, posing a significant risk to organizations.
  • Overlapping TTPs: Moonstone Sleet’s TTPs overlap with other North Korean threat actors. Organizations must recognize these patterns and enhance their defenses accordingly.

Defending against Moonstone Sleet

  • User Awareness: Educate employees about the risks of downloading files from unverified sources. Encourage skepticism when encountering job offers or software downloads.
  • Network Segmentation: Implement network segmentation to limit lateral movement within the organization. Isolate critical systems from less secure areas.
  • Behavioral Analytics: Leverage behavioral analytics to detect unusual activity. Monitor for signs of trojanized tools or suspicious game downloads.
  • Threat Intelligence Sharing: Collaborate with industry peers and share threat intelligence. Stay informed about emerging threat actors and their TTPs.

Read more »
RBI
Banking scam Cyber Crime Digital Arrest Police Scam RBI

Don’t Be a Victim: How to Avoid Digital House Arrest

Don’t Be a Victim: How to Avoid Digital House Arrest

Criminals are using a new "Digital House Arrest" method to target individuals. Scammers contact victims and compel them to stay home by pretending to be law enforcement officials such as police officers, Central Bureau of Investigation (CBI) agents, or customs officials. 

They then exploit the victim's bank accounts. Numerous cases of this fraudulent conduct have recently emerged.

According to a Reserve Bank of India (RBI) study, India experienced bank frauds totaling more than Rs 30,000 crore in FY23. Over the last decade, Indian banks have reported 65,017 fraud instances, resulting in a total loss of Rs 4.69 trillion. 

To deceive naive people, cybercriminals use a variety of strategies, such as UPI, credit card, OTP, job, and delivery scams. Digital house arrest is a new popular scamming strategy.

About digital arrest

Digital house arrest occurs when cybercriminals trap victims in their homes to trick them. Perpetrators instill terror by making calls, frequently impersonating law enforcement officers via AI-generated voice or video calls.

They fraudulently accuse victims of misconduct involving their Aadhaar or phone number, creating a sense of imminent arrest and pushing them to send money.

Hackers usually contact victims and claim they shipped or received boxes carrying illegal substances such as narcotics or false passports. They may even fraudulently alert the target's relatives or acquaintances about their involvement in a crime, instilling a sense of urgency.

Criminals pose as law enforcement officers, and demand money from victims as compensation for covering the case. Victims are pressured to remain visible on video conferencing services until their requests are granted.

Forcing potential victims

Hackers use strategies such as setting up fake police stations or government offices and dressing in uniforms mimicking those of law enforcement authorities.

Uttar Pradesh Police launched an investigation into the first recorded case of 'digital arrest' in December of last year after receiving a complaint from a Noida resident.

The victim fell victim to the fraud, losing more than Rs 11 lakh and facing a day-long 'digital arrest'. Perpetrators posed as police officers, impersonating an IPS officer from the CBI and the founder of a bankrupt airline, and implicated the victim in a manufactured money-laundering case.

Government's response to frauds

The Indian Cyber Crime Coordination Centre (I4C) and the Department of Telecommunications (DoT) are collaborating to combat the influx of spoof calls coming from abroad. These callers falsely claim to be from law enforcement authorities such as the Narcotics Control Bureau or the Central Bureau of Investigation, among others, and claim 'digital arrests'.

In addition, I4C has partnered with Microsoft to fight the abuse of law enforcement emblems. These logos are regularly used by scammers abroad to take money from Indian nationals.

To raise awareness, I4C has released infographics and videos on its social media platform Cyberdost and its X (Twitter), Facebook, and Instagram pages. The Ministry has asked citizens to remain vigilant and raise awareness about cybercrime.

How to stay safe?

If you get a similar call or message, contact the authorities. The government of India has launched the Chakshu portal on the Sanchar Saathi website to combat cyber and online fraud. Individuals can also report similar incidents using the cybercrime helpline 1930 or online http://www.cybercrime.gov.in.


Read more »
Moroccan Cybercrime
Cyber Crime Cyberattacks Cyberhacks Cyberscams CyberThreat Gift Card Microsoft Moroccan Cybercrime

Microsoft Uncovers Moroccan Cybercriminals Exploiting Gift Card Scams

 


An armed cybercriminal group working out of Morocco has been targeting major retailers for creating fake gift cards, infiltrating their systems to steal millions of dollars by using them as a source of revenue, according to a new report by Microsoft. It's not just any old gift card scam that's trying to get shoppers to buy fake gift cards. Its goal is to compromise the internal systems of large retailers, luxury brands, and fast-food chains to steal money. This group is dubbed "Atlas Lion" or "Storm-0539." 

Researchers at Microsoft have tracked the Moroccan group Storm-0539 since 2021, known as Atlas Lion, which specializes in the theft of gift cards. It has been estimated that this cybercriminal group has been active for more than a decade. They create fake charity websites to fool cloud companies into giving them access to their online computers free of charge. To avoid detection, they then trick employees at big US stores into giving them access to their gift card systems to steal gift cards without exceeding the limit. 

Once inside, they use their techniques to steal gift cards. Unlike most cybercriminals who launch a single attack and move on, Storm-0539 establishes a persistent presence within a compromised system, allowing them to repeatedly generate and cash out fraudulent gift cards. This tactic makes them especially dangerous, with Microsoft reporting a troubling 30% increase in their activity leading up to the Memorial Day holiday compared to the previous two months. 

It has always been a common practice for cybercriminals to target gift cards since they are typically unlinked to a specific account, making it difficult for them to be traced. Storm-0539 has taken it to the next level. Cybercriminals have long been drawn to gift cards because they usually are not linked to specific accounts or customers, which makes their use more difficult to scrutinize. It is common for gift card scams to increase during holiday periods such as Christmas and Labor Day because they are usually associated with different companies or customers. 

In the days leading up to Memorial Day, Microsoft revealed that Storm-0539 had conducted a 30% increase in activity compared to the last two months when compared to the previous two months. During this period, Microsoft has been tracking Storm-0539 since late 2021. The group has developed from using malware on retail cash registers and kiosks for stealing payment card information to using malware for stealing payment information from the cards. 

Their strategy changed as technology advanced, and they began targeting cloud services and card systems for large retailers, luxury brands, and fast-food chains. Indeed, fraudsters sometimes ask victims to use gift card codes as payment to avoid tracing them. In this case, however, the hackers have gone to the source and printed gift card codes worth thousands of dollars. When that is done, the hackers will then redeem the gift cards for their value, sell them to others, or cash them out using money mules. 

Storm-0539, also known as Atlas Lion, has been active since at least late 2021 and focuses its activities on cybercrime, such as breaking into payment card accounts. But in recent months, Microsoft has also observed the group compromising gift card code systems, particularly before major holiday seasons.  It is reported that Microsoft observed a 30% increase in intrusion activity from Storm-0539 between March and May 2024, before the summer vacation season. It has been observed that an increase of 60% in attack activity between the fall and winter holidays in 2023, coincided with an increase in attack activity between September and December. 

As part of the attack, the hackers often infiltrate corporations by sending phishing emails to employees' inboxes and phones to trick them into providing the hijackers with access to their accounts when they are not supposed to. A hacker attempts to identify a specific gift card business process that is associated with compromised employee accounts within a targeted organization by moving sideways through the network until they find compromised accounts that are linked to that specific portfolio," Microsoft explains. In his research, Jakkal observed that Storm-0539 has evolved to be adept at resetting the process of issuing gift cards to organizations and granting access to employees before compromising their account accesses. 

Taking the form of legitimate organizations, Storm-0539 adopts the guise of non-profit organizations as part of its ongoing effort to remain undetected by cloud providers. According to Jakkal, "They often exploit unsuspecting victims by creating convincing websites using misleading "typosquatting" domain names that are only a few characters different from legitimate websites to lure them into paying for them, showing their cunning and resourcefulness," he explained.  According to Microsoft, the hackers have recovered legitimate copies of 501(c)(3) letters from nonprofit organizations' public websites, and they are using these to gain access to discounted cloud services from cloud service providers by downloading them. 

After they have gained access to login information by phishing and smishing emails, they register their devices into a victim's network and proceed to bypass the two-factor authentication by registering them into the victim's network, allowing them to continue to access the environment despite the MFA. They create new gift cards to resell them to other cybercriminals on the dark web at a discount or cash them out through money mules to cash out. According to Microsoft researchers, there have been instances where threat actors have stolen up to $100,000 from certain companies each day using ordinary gift cards that have been purchased by employees. 

There is a warning from Microsoft that it wants to remind organizations that issue gift cards to treat the portals used to process the cards as high-value targets that need to be extensively checked and balanced before issuing the cards. In a recent report, Microsoft issued a warning about the rise of cybercriminal activities involving gift card scams, specifically highlighting the actions of a group known as Storm-0539. This warning follows a similar alert from December, where Microsoft reported an increase in attacks by Storm-0539 during the holiday season. 

According to Emiel Haeghebaert, a senior hunt analyst at the Microsoft Threat Intelligence Center, this group is comprised of no more than a dozen individuals based in Morocco. Storm-0539 employs phishing campaigns to target employees and gain unauthorized access to both personal and corporate systems. The FBI has elaborated on their tactics, explaining that once initial access is obtained, the group uses further phishing campaigns to escalate their network privileges. 

Their strategy involves targeting the mobile phones of employees in retail departments, exploiting both personal and work devices through sophisticated phishing kits capable of bypassing multi-factor authentication. Upon compromising an employee's account, Storm-0539 conducts detailed reconnaissance within the business network to identify processes related to gift card management. They then pivot to infiltrate the accounts of employees handling the specific gift card portfolio. 

Within these networks, the attackers seek to obtain secure shell (SSH) passwords and keys, along with the credentials of employees in the gift card department. After securing the necessary access, the group creates fraudulent gift cards using compromised employee accounts. The recent report from Microsoft underscores the severity of this threat, echoing an earlier alert issued by the FBI concerning Storm-0539. 

To mitigate such risks, Microsoft advises that merchants issuing gift cards should regard their gift card portals as high-value targets, necessitating constant monitoring and auditing for any suspicious activity. Microsoft further recommends that organizations establish stringent controls over user access privileges. According to Microsoft, attackers like Storm-0539 typically assume they will encounter users with excessive access privileges, which can be exploited for significant impact. Regular reviews of privileges, distribution list memberships, and other user attributes are essential to limit the fallout from initial intrusions and to complicate the efforts of potential intruders. 

In conclusion, both Microsoft and the FBI emphasize the importance of vigilance and proactive security measures in combating the sophisticated tactics employed by groups like Storm-0539. By treating gift card systems as critical assets and implementing rigorous access controls, organizations can better defend themselves against these evolving cyber threats.
Read more »
User Privacy
Bank Manager Cyber Crime Financial Fraud Gurugram Police User Privacy

Gurugram: Deputy Manager Arrested For Providing Bank Details To Cyber Thieves

 

A team from the Gurugram Police cyber unit detained a Deputy Manager of a private bank for allegedly providing bank accounts for cyber fraud in order to attain his goals, police said. 

According to Priyanshu Diwan, Assistant Commissioner of Police (Cyber Crime), the arrested accused is Yusuf Mohammad Chand Shaikh, who lives at Bhakti Yoga Society Sangharsh Nagar in Andheri, Mumbai. The suspect was affiliated with Yes Bank. 

A man filed a complaint at the Cyber Crime Police Station East in November 2022, claiming that he was scammed out of Rs 43 lakh while investing in the cryptocurrency market through a fake website, the police stated.

During the investigation, Inspector Savit Kumar, SHO of the police station, apprehended the suspect on Monday for his involvement in the crime. During interrogation, the accused revealed that he was a Yes Bank employee who remained in touch with cyber criminals and provided five bank accounts for them to use in committing cyber fraud. 

Just five bank accounts have been disclosed by the accused, while five have been detained thus far in connection with the case, according to the police.Twelve bank employees who were reportedly involved in cyber fraud were taken into custody by Gurugram Police in less than two months. 

Earlier this year, in February, Haryana Police detained four people, including an assistant manager and two deputy managers from a private bank in Gurugram. These individuals worked with cybercriminals, exchanging personal information about bank accounts. The police recovered two mobile phones from the accused's possession.

Incident Description: At the Cyber Crime Police Station in Manesar, Gurugram, a person filed a written complaint alleging that on November 18, 2023, he received a call from someone claiming to be his friend Devendra.

The caller informed the complainant that his son had been admitted to the hospital and requested a transfer of Rs 10,000 for treatment. 

The complainant transferred the money but later discovered he had been duped. Subsequently, the case was filed under the appropriate sections at the Cyber Crime Police Station in Manesar, Gurugram.
Read more »
Hacker group
Breach Forums Cyber Crime Dark Web Domain FBI Hacker group

Breach Forums Plans Dark Web Return Despite FBI Crackdown

 

Breach Forums, the infamous cybercrime and hacker forum, is all set to return to the dark web under a new Onion label, Hackread reported. While the exact timing for the resuscitation of its clearnet domain is unknown, officials are trying to revive it this week. 

ShinyHunters, a hacker and Breach Forums administrator, confirmed the latest developments to a local media outlet . According to the hacker, the new Onion domain for Breach Forums is preparing for a comeback, which is scheduled for the following week. 

"The onion is ready, it's not public yet, but it will probably be launched this week." When asked about the status of the clearnet domain, the hacker just stated that "the clearnet will come back," without providing a specific timeline. 

Notably, on May 15th, 2024, the FBI seized Breach Forums V2, apparently after apprehending two admins, one known by the moniker Baphomet. ShinyHunters told Hackread.com that they believe Baphomet may have handed up backend credentials to the FBI, resulting in the entire seizure of the forum's Escrow, as well as its dark web and clearnet domains. 

However, recent developments have taken an unexpected turn, with ShinyHunters announcement last week that they had retrieved access to the seized clearnet domain for Breach Forums from the FBI using an unspecified technique. 

Interestingly, neither the FBI nor the Department of Justice has issued a statement on the seizure or any of the linked events. While the FBI has recognised the seizure and requested victims of data breaches on Breach Forums to come forward and fill out a form to help with further investigations, official statements from authorities are still waiting. 

With ShinyHunters' revelation that they had regained access to the confiscated clearnet domain, the narrative develops, leaving many doubts regarding the forum's future and the role of law enforcement authorities. However, it is clear that Breach Forums is undergoing a huge transition. From its confiscation by the FBI to its probable resurrection with a new Onion domain, the story depicts the dangerous and strange world of cybercrime.
Read more »
Telecom Firm
Cyber Crime DoT Indian Government Mobile Connection Telecom Firm

Indian Govt Targets Cyber Criminals: DoT To Deactivate 1.8 Million SIMs

 

According to a recent media report citing 'officials' as sources, telecom operators are planning to disconnect approximately 1.8 million mobile connections at once as part of the government's first all-India operation to combat cybercrime and online fraud. 

This development comes after a thorough investigation conducted by multiple law enforcement authorities to trace the usage of mobile networks for cybercrime and financial theft.

"During investigations, it was detected that in many instances, a single handset was used with thousands of mobile connections," an official privy to the details told the local media outlet. 

On May 9, the Department of Transportation directed telcos to deactivate 28,220 mobile devices and re-verify nearly two million mobile connections that had been misused with these handsets. 

Officials stated that in such cases, just 10% of the connections are verified, with the remainder being disconnected and failing re-verification. They also stated that the disconnection will take place once the telecoms completed the re-verification in 15 days. The action comes amid a consistent increase in the number of mobile phone-related cybercrimes in the country. 

The National Cybercrime Reporting Portal (NCRP) said that digital financial theft victims lost Rs 10,319 crore in 2023. The Parliamentary Standing Committee on Finance said that over 694,000 complaints were received in 2023. 

Officials stated that fraudsters generally employ SIM cards from other telecom circles and frequently change the combination of SIM and handset to avoid detection by law enforcement and carriers.

"For instance, an Odisha or Assam circle SIM could be used in Delhi NCR," a second official noted. "To avoid the radar, fraudsters make only a few outgoing calls and then change the SIM as too many out. going calls from the same number would get detected by telco systems.”

According to an earlier investigation, telcos disconnected almost two lakh SIM cards last year for alleged involvement in cybercrimes. In another case, the authorities investigated places such as Mewat in Haryana, and more than 37,000 SIM cards were disconnected. 

Coordinated Action: To combat cybercrime, the government believes that telecoms should improve their detection of SIM usage patterns, particularly those purchased outside of home circles."As part of their roaming detection system, telcos can instantly capture when a person moves out to a different circle," added the second official.
Read more »
Online fraud
Bengaluru Cyber bullying Cyber Crime Extortion Goa Online fraud

Bengaluru Man Arrested for Exploiting Woman in Online Interview

 



Panaji: In a disturbing cybercrime case, the Goa Cyber Crime Police arrested a Bengaluru resident, Mohan Raj V, for allegedly cyberbullying and extorting a woman from Goa. The arrest was made on Saturday after a strategic operation by the police team.

The case began when the victim, a woman from Goa, filed a complaint with the cyber crime police. She reported that the accused had posted a fake job advertisement for a position at a foreign bank. Responding to the advertisement, the woman was contacted via a chatting app by the accused, who arranged an online interview. During the video call, individuals posing as company representatives coerced the woman into undressing. They recorded the video and took screenshots, which were later used to blackmail her.

According to the complaint, the accused demanded sexual favours in exchange for deleting the compromising material. Over the past two months, he persistently harassed the woman, threatening to make the videos and pictures public if she did not comply. He also demanded that she meet him in Bengaluru.

Following the complaint, the police, led by Superintendent of Police Rahul Gupta, devised a plan to apprehend the accused. A team, including the victim, travelled to Bengaluru and laid a trap. After extensive efforts and a lengthy chase, the accused was caught when he arrived to meet the victim. The police recovered the chats and videos from the accused's phone, which will be sent for a cyber forensic examination.

The investigation revealed that Mohan Raj V used VPN phone numbers to create fake Telegram accounts and post fraudulent job offers. He targeted women by promising high salary packages and conducting fake online interviews.

The accused has confessed to his crimes and has been booked under several sections of the Indian Penal Code, including section 354A (sexual harassment), section 384 (extortion), and relevant provisions of the Information Technology Act. The case is being further investigated by Police Inspector Deepak Pednekar.

SP Rahul Gupta urged the public to verify the authenticity of online job offers through local or cyber police stations before engaging with them. He also cautioned against complying with unethical online demands, no matter the promised benefits.

This case highlights the growing menace of cybercrime and the importance of vigilance in online interactions. The Goa Cyber Crime Police's successful operation furthers the cause for robust cyber security measures and public awareness to prevent such incidents.



Read more »
MHA
CBI Cyber Crime Digital Arrest Fraud Calls Law Enforcement MHA

Watch Out for Cyber Scams Impersonating Police



The Ministry of Home Affairs (MHA) has raised an alarm regarding a spike in cybercrime, where fraudsters impersonate law enforcement officers to extort money from unsuspecting victims. Collaborating with Microsoft, the Indian Cyber Crime Coordination Centre (I4C) has already taken action against over 1,000 Skype IDs associated with such fraudulent activities.

In a recent statement, the MHA cautioned the public against a sophisticated online scam staged by international syndicates. These criminals, masquerading as police personnel or representatives of agencies like the Central Bureau of Investigation (CBI) and the Reserve Bank of India (RBI), target individuals with false accusations of involvement in illegal activities or accidents. Subsequently, they demand payment to avoid legal consequences or secure the release of reportedly detained family members.

The way these fraudsters map out this course of action involves contacting victims and claiming that they have received or are about to receive a parcel containing illicit items such as drugs or fake passports. In some cases, they coerce victims into participating in simulated "digital arrests," where they are forced into appearing on video calls, lending an air of authenticity to the ruse. To support their credibility, these criminals operate from mock police stations and government offices, donning uniforms to deceive their targets.

Instances of individuals falling victim to these scams and losing significant sums of money have been reported across the country. The MHA emphasised that this form of organised cybercrime poses an unprecedented threat and is perpetrated by transnational criminal networks.

The I4C, established under the MHA's purview, serves as the focal point for combating cybercrime in India. Through its Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS), the I4C has intercepted and safeguarded over ₹600 crore from falling into the hands of online fraudsters. This online platform enables rapid reporting of financial cybercrimes, facilitating coordinated action among law enforcement agencies and financial institutions nationwide.

The MHA underscored its collaboration with various ministries, regulatory bodies like the RBI, and other stakeholders to counteract these fraudulent activities. Additionally, the I4C extends technical support and guidance to state and union territory police forces for identifying and investigating cybercrime cases.

To address this issue effectively, the I4C, in partnership with Microsoft, has initiated measures to block Skype IDs, SIM cards, mobile devices, and mule accounts used by cybercriminals. Furthermore, through its social media platform "Cyberdost," the I4C disseminates informational materials, including infographics and videos, to raise awareness and empower citizens to recognise and report cybercrimes promptly.

Given the delicate state of these scams, the MHA urges citizens to remain vigilant and promptly report any suspicious calls or online activities to the designated cyber crime helpline (1930) or the official website (www.cybercrime.gov.in) for assistance and intervention. By fostering a culture of awareness and heedful reporting, individuals can play a critical role in safeguarding themselves and their communities against cyber threats.


Read more »
Subscribe to: Posts (Atom)