Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Indian Government. Show all posts
User Security
Cyber Fraud Indian Government Loan Apps RBI User Security

Govt, RBI Tighten Grip on Fraudulent Loan Apps

 

The Government of India and the Reserve Bank of India (RBI) have intensified efforts to combat fraudulent digital loan apps that exploit vulnerable borrowers. In a recent Rajya Sabha response, Minister of State for Finance Pankaj Chaudhary outlined coordinated measures to strengthen the digital lending framework and protect consumers from unauthorized platforms. These steps follow growing concerns over illegal apps that charge exorbitant rates and harass users. 

RBI formed a Working Group on Digital Lending, including loans via online platforms and mobile apps, leading to comprehensive guidelines issued to regulated entities (REs). All REs must comply, with supervisory assessments ensuring adherence; non-compliance triggers rectification or enforcement actions. The guidelines aim to make the ecosystem transparent, safe, and customer-focused by firming up regulations for app-based lending. 

A key initiative is RBI's 'Digital Lending Apps (DLAs)' directory, launched on July 1, 2025, listing all apps deployed by REs. This public tool helps users verify an app's legitimacy and association with regulated lenders. It addresses the confusion caused by fake apps mimicking legitimate ones, empowering borrowers to avoid scams before downloading. 

The Ministry of Electronics and Information Technology (MeitY) blocks fraudulent apps under Section 69A of the IT Act, 2000, following due process. Internet intermediaries face directives for tech-driven vetting to stop malicious ads from offshore entities, while the Indian Cyber Crime Coordination Centre (I4C) analyzes risky apps. Citizens can report issues via the National Cybercrime Reporting Portal (cybercrime.gov.in) or helpline 1930, with banks using 'SACHET' and State Level Coordination Committees for complaints. 

Awareness drives include RBI's SMS, radio campaigns, and e-BAAT programs on cyber fraud prevention. States handle enforcement as 'Police' is their domain, supported by central advisories. These multi-pronged actions signal a robust push toward a secure digital lending space in India.
Read more »
Windows
cyber espionage deskrat Indian Government Linux malware RAT Windows

Cross-Platform Spyware Campaigns Target Indian Defense and Government Sectors

 



Cybersecurity researchers have identified multiple coordinated cyber espionage campaigns targeting organizations connected to India’s defense sector and government ecosystem. These operations are designed to infiltrate both Windows and Linux systems using remote access trojans that allow attackers to steal sensitive information and retain long-term control over compromised devices.

The activity involves several spyware families, including Geta RAT, Ares RAT, and DeskRAT. These tools have been associated in open-source security reporting with threat clusters commonly tracked as SideCopy and APT36, also known as Transparent Tribe. Analysts assess that SideCopy has operated for several years and functions as an operational subset of the broader cluster. Rather than introducing radically new tactics, the actors appear to be refining established espionage techniques by expanding their reach across operating systems, using stealthier memory-resident methods, and experimenting with new delivery mechanisms to avoid detection while sustaining strategic targeting.

Across the campaigns, initial access is commonly achieved through phishing emails that deliver malicious attachments or links to attacker-controlled servers. Victims are directed to open Windows shortcut files, Linux executables, or weaponized presentation add-ins. These files initiate multi-stage infection chains that install spyware while displaying decoy documents to reduce suspicion.

One observed Windows attack chain abuses a legitimate system utility to retrieve and execute web-hosted malicious code from compromised, regionally trusted websites. The downloaded component decrypts an embedded library, writes a decoy PDF file to disk, contacts a command-and-control server, and opens the decoy for the user. Before deploying Geta RAT, the malware checks which security products are installed and modifies its persistence technique accordingly to improve survivability. This method has been documented in public research by multiple security vendors.

Geta RAT enables extensive surveillance and control, including system profiling, listing and terminating processes, enumerating installed applications, credential theft, clipboard manipulation, screenshot capture, file management, command execution, and data extraction from connected USB devices.

Parallel Linux-focused attacks begin with a loader written in Go that downloads a shell script to install a Python-based Ares RAT. This malware supports remote command execution, data collection, and the running of attacker-supplied scripts. In a separate infection chain, DeskRAT, a Golang-based backdoor, is delivered through a malicious presentation add-in that establishes outbound communication to retrieve the payload, a technique previously described in independent research.

Researchers note that targets extend beyond defense to policy bodies, research institutions, critical infrastructure, and defense-adjacent organizations within the same trusted networks. The combined deployment of Geta RAT, Ares RAT, and DeskRAT reflects a developing toolkit optimized for stealth, persistence, and long-term intelligence collection.

Read more »
Mobile Numbers
account protection Cyber Fraud Cyber Frauds CyberCrime Data Safety User Data Indian Government Mobile Numbers

Government Flags WhatsApp Account Bans as Indian Number Misuse Raises Cyber Fraud Concerns

 

The Indian government has expressed concern over WhatsApp banning an average of nearly 9.8 million Indian accounts every month until October, amid fears that Indian mobile numbers are being widely misused for scams and cybercrime. Officials familiar with the discussions said the government is engaging with the Meta-owned messaging platform to understand how such large-scale misuse can be prevented and how enforcement efforts can be strengthened. 

Authorities believe WhatsApp’s current approach of not sharing details of the mobile numbers linked to banned accounts is limiting the government’s ability to track spam, impersonation, and cyber fraud. While WhatsApp publishes monthly compliance reports disclosing the number of accounts it removes for policy violations, officials said the lack of information about the specific numbers involved reduces transparency and weakens enforcement efforts. 

India is WhatsApp’s largest market, and the platform identifies Indian accounts through the +91 country code. Government officials noted that in several cases, numbers banned on WhatsApp later reappear on other messaging platforms such as Telegram, where they continue to be used for fraudulent activities. The misuse of Indian phone numbers by scammers operating both within and outside the country remains a persistent issue, despite multiple measures taken to combat digital fraud. 

According to officials, over-the-top messaging platforms are frequently used for scams because once an account is registered using a mobile number, it can function without an active SIM card. This makes it extremely difficult for law enforcement agencies to trace perpetrators. Authorities estimate that nearly 95% of cases involving digital arrest scams and impersonation fraud currently originate on WhatsApp. 

Government representatives said identifying when a SIM card was issued and verifying the authenticity of its know-your-customer details are critical steps in tackling such crimes. Discussions are ongoing with WhatsApp and other OTT platforms to find mechanisms that balance user privacy with national security and fraud prevention. 

The government also issues direct requests to platforms to disable accounts linked to illegal activities. Data from the Department of Telecommunications shows that by November this year, around 2.9 million WhatsApp profiles and groups were disengaged following government directives. However, officials pointed out that while these removals are documented, there is little clarity around accounts banned independently by WhatsApp.  

Former Ministry of Electronics and IT official Rakesh Maheshwari said the purpose of monthly compliance reports was to improve platform accountability. He added that if emerging patterns raise security concerns, authorities are justified in seeking additional information.  

WhatsApp has maintained that due to end-to-end encryption, its enforcement actions rely on behavioural indicators rather than message content. The company has also stated that sharing detailed account data involves complex legal and cross-border challenges. However, government officials argue that limited disclosure, even at the level of mobile numbers, poses a security risk when large-scale fraud is involved.
Read more »
Transparent Tribe
Cyber Attacks Indian Government Linux OS Malicious Files Pakistan Hacker Transparent Tribe

Transparent Tribe Target Indian Government's Custom Linux OS with Weaponized Desktop Files

 

Transparent Tribe, a cyber-espionage group believed to originate from Pakistan and also known as APT36, has stepped up its attacks on Indian government entities by using malicious desktop shortcuts designed to compromise both Windows and BOSS Linux systems. 

The latest tactics involve spear-phishing emails featuring fake meeting notices. These emails contain desktop shortcut files disguised as PDF documents (e.g., “Meeting_Ltr_ID1543ops.pdf.desktop”). When recipients attempt to open what appears to be a typical PDF, they instead activate a shell script that initiates the attack chain. 

The malicious script fetches a hex-encoded file from an attacker-controlled domain (“securestore[.]cv”), decodes it to an ELF binary, and saves it to the target computer's disk. During this process, the victim is shown a decoy PDF hosted on Google Drive, launched in Firefox, to avoid suspicion.

The dropped Go-based ELF binary then connects to a command-and-control (C2) server (“modgovindia[.]space:4000”), allowing attackers to issue commands, deliver additional malicious payloads, and steal sensitive data. 

Transparent Tribe’s campaign ensures persistence by setting up a cron job that automatically runs the main payload after reboots or process terminations. The malware is equipped with reconnaissance capabilities and includes dummy anti-debugging and anti-sandbox techniques to dodge detection by analysts and automated analysis platforms.

A known backdoor associated with the group, Poseidon, is deployed for deeper intrusion. Poseidon enables long-term access, data exfiltration, credential theft, and lateral movement within compromised environments. 

CloudSEK and Hunt.io, two cybersecurity firms, reported that this sophisticated campaign reflects APT36’s ongoing adaptation—modifying attacks based on the victim's operating system to maximize the success rate and persistence. 

In recent weeks, similar attacks by Transparent Tribe targeted Indian defense organizations using spoofed login pages intended to collect credentials and two-factor authentication (2FA) codes, especially the Kavach 2FA system widely adopted within Indian government agencies. 

The phishing pages, designed to closely resemble official Indian government sites, prompt users to enter both their email credentials and Kavach code. Typo-squatted domains and Pakistan-based infrastructure are consistently used, aligning with the group’s established tactics. 

Recent campaigns have also targeted countries such as Bangladesh, Nepal, Pakistan, Sri Lanka, and Turkey using spear-phishing emails that mimic governmental communication and leverage lookalike pages for credential theft. Another South Asian group, SideWinder, has employed similar techniques, using fake Zimbra and portal pages to gather government users’ login information, illustrating the widespread threat landscape in the region.
Read more »
WhatsApp Web
Data Privacy Indian Government Mobile Security User Security WhatsApp Web

Indian Government Flag Security Concerns with WhatsApp Web on Work PCs

 

The Indian government has issued a significant cybersecurity advisory urging citizens to avoid using WhatsApp Web on office computers and laptops, highlighting serious privacy and security risks that could expose personal information to employers and cybercriminals. 

The Ministry of Electronics and Information Technology (MeitY) released this public advisory through its Information Security Awareness (ISEA) team, warning that while accessing WhatsApp Web on office devices may seem convenient, it creates substantial cybersecurity vulnerabilities. The government describes the practice as a "major cybersecurity mistake" that could lead to unauthorized access to personal conversations, files, and login credentials. 

According to the advisory, IT administrators and company systems can gain access to private WhatsApp conversations through multiple pathways, including screen-monitoring software, malware infections, and browser hijacking tools. The government warns that many organizations now view WhatsApp Web as a potential security risk that could serve as a gateway for malware and phishing attacks, potentially compromising entire corporate networks. 

Specific privacy risks identified 

The advisory outlines several "horrors" of using WhatsApp on work-issued devices. Data breaches represent a primary concern, as compromised office laptops could expose confidential WhatsApp conversations containing sensitive personal information. Additionally, using WhatsApp Web on unsecured office Wi-Fi networks creates opportunities for malicious actors to intercept private data.

Perhaps most concerning, the government notes that even using office Wi-Fi to access WhatsApp on personal phones could grant companies some level of access to employees' private devices, further expanding the potential privacy violations. The advisory emphasizes that workplace surveillance capabilities mean employers may monitor browser activity, creating situations where sensitive personal information could be accessed, intercepted, or stored without employees' knowledge. 

Network security implication

Organizations increasingly implement comprehensive monitoring systems on corporate devices, making WhatsApp Web usage particularly risky. The government highlights that corporate networks face elevated vulnerability to phishing attacks and malware distribution through messaging applications like WhatsApp Web. When employees click malicious links or download suspicious attachments through WhatsApp Web on office systems, they could inadvertently provide hackers with backdoor access to organizational IT infrastructure. 

Recommended safety measures

For employees who must use WhatsApp Web on office devices, the government provides specific precautionary guidelines. Users should immediately log out of WhatsApp Web when stepping away from their desks or finishing work sessions. The advisory strongly recommends exercising caution when clicking links or opening attachments from unknown contacts, as these could contain malware designed to exploit corporate networks. 

Additionally, employees should familiarize themselves with their company's IT policies regarding personal application usage and data privacy on work devices. The government emphasizes that understanding organizational policies helps employees make informed decisions about personal technology use in professional environments. 

This advisory represents part of broader cybersecurity awareness efforts as workplace digital threats continue evolving, with the government positioning employee education as crucial for maintaining both personal privacy and corporate network security.
Read more »
Security flaw
Data Privacy Indian Government iPhone Users Mobile Security Security flaw

Beware iPhone Users: Indian Government Issues Urgent Advisory Over Data Theft Risk

 

The Indian government has issued an urgent security warning to iPhone and iPad users, citing major flaws in Apple's iOS and iPadOS software. If not addressed, these vulnerabilities could allow cybercriminals to access sensitive user data or make devices inoperable. The advisory was issued by the Indian Computer Emergency Response Team (CERT-In), which is part of the Ministry of Electronics and Information Technology, and urged users to act immediately.

Apple devices running older versions of iOS (before to 18.3) and iPadOS (prior to 17.7.3 or 18.3) are particularly vulnerable to the security flaws. The iPad Pro (2nd generation and up), iPad 6th generation and later, iPad Air (3rd generation and up), and iPad mini (5th generation and later) are among the popular models that fall within this category, as are the iPhone XS and newer. 

A key aspect of Apple's message system, the Darwin notification system, is one of the major flaws. The vulnerability enables unauthorised apps to send system-level notifications without requiring additional permissions. The device could freeze or crash if it is exploited, necessitating user intervention to restore functionality.

These flaws present serious threats. Hackers could gain access to sensitive information such as personal details, financial information, and so on. In other cases, they could circumvent the device's built-in security protections, running malicious code that jeopardises the system's integrity. In the worst-case situation, a hacker could crash the device, rendering it completely unusable. CERT-In has also confirmed that some of these flaws are actively abused by hackers, emphasising the need for users to act quickly. 

Apple has responded by releasing security upgrades to fix these vulnerabilities. It is highly recommended that impacted users update to the most latest version of iOS or iPadOS on their devices as soon as feasible. To defend against any threats, this update is critical. Additionally, users are cautioned against downloading suspicious or unverified apps as they could act as entry points for malware. It's also critical to monitor any unusual device behaviour as it may be related to a security risk. 

As Apple's footprint in India grows, it is more critical than ever that people remain informed and cautious. Regular software upgrades and sensible, cautious usage patterns are critical for guarding against the growing threat of cyber assaults. iPhone and iPad users can improve the security of their devices and sensitive data by taking proactive measures.
Read more »
Indian Government
Aadhar Card Aadhar Security Authentication Biometric data Cyber Security data security Indian Government

India Expands Aadhaar Authentication, Allowing Private Sector Access to Biometric Data

 

The Indian government has introduced significant changes to its Aadhaar authentication system, expanding its use to a wider range of industries. Previously restricted to sectors like banking, telecommunications, and public utilities, Aadhaar verification will now be available to businesses in healthcare, travel, hospitality, and e-commerce. Officials claim this change will enhance service efficiency and security, but privacy advocates have raised concerns about potential misuse of biometric data. 

On January 31, the Ministry of Electronics and Information Technology (MeitY) announced revisions to the Aadhaar Authentication for Good Governance (Social Welfare, Innovation, Knowledge) Rules, 2025. These amendments allow both public and private organizations to integrate Aadhaar-based authentication into their operations, provided their services align with the public interest. The government states that this update is designed to improve identity verification processes and ensure smoother service delivery across various sectors.  

One major change in the updated framework is the removal of a rule that previously linked Aadhaar authentication to preventing financial fraud. This revision broadens the scope of verification, allowing more businesses to use Aadhaar data for customer identification. The Unique Identification Authority of India (UIDAI), the agency overseeing Aadhaar, will continue to manage the authentication system. The scale of Aadhaar’s use has grown significantly. 

Government records indicate that Aadhaar authentication was conducted in nearly 130 billion transactions by January 2025, a sharp increase from just over 109 billion transactions the previous year. With the new regulations, companies wishing to adopt Aadhaar authentication must submit detailed applications outlining their intended use. These requests will be reviewed by the relevant government department and UIDAI before receiving approval. Despite the government’s assurance that all applications will undergo strict scrutiny, critics argue that the review process lacks clarity. 

Kamesh Shekar, a policy expert at The Dialogue, a technology-focused think tank, has called for more transparency regarding the criteria used to assess these requests. He pointed out that the Supreme Court has previously raised concerns about potential misuse of Aadhaar data. These concerns stem from past legal challenges to Aadhaar’s use. In 2018, the Supreme Court struck down Section 57 of the Aadhaar Act, which had previously allowed private entities to use Aadhaar for identity verification. 

A later amendment in 2019 permitted voluntary authentication, but that provision remains contested in court. Now, with an even broader scope for Aadhaar verification, experts worry that insufficient safeguards could put citizens’ biometric data at risk. While the expansion of Aadhaar authentication is expected to simplify verification for businesses and consumers, the ongoing debate over privacy and data security underscores the need for stricter oversight. 

As Aadhaar continues to evolve, ensuring a balance between convenience and personal data protection will be crucial.
Read more »
User Security
14C Cyber Crime Digital Fraud Indian Government User Security

India Launches 'Report and Check Suspect' Feature to Combat Cybercrime

 

India’s National Cyber Crime Reporting Portal now features a ‘Report and Check Suspect’ tool, allowing users to verify UPI IDs, phone numbers, emails, and social media handles against a database of known cyber fraudsters.

Focusing on Digital Arrest Scams

The system targets scams where fraudsters impersonate officials to extort money under the pretense of “digital arrests.” Users can search the database at cybercrime.gov.in to identify potential threats.

Integrated Cybersecurity Measures

The tool complements other initiatives like blocking 669,000 fake SIM cards and implementing enhanced KYC protocols for digital lending. Major tech firms, including Google and Facebook, are collaborating with the Indian Cyber Crime Coordination Centre (I4C) to share threat intelligence and curb misuse of platforms like Google Firebase and Android banking malware.

The Ministry of Home Affairs has also established a Cyber Volunteer Framework, enabling citizens to report illegal online content and promote cyber hygiene. Additionally, the Citizen Financial Cyber Frauds Reporting and Management System (CFCFRMS) expedites action against financial frauds.

These initiatives align with India’s broader efforts to secure digital transactions, including mandating multi-factor authentication for government services by 2025.

Read more »
User Security
Cyber Fraud E-Challan Scams Financial Fraud Indian Government User Security

Here's How Users Can Safeguard Themselves From E-Challan Scams

 

In light of the growing prevalence of e-challan scams, the Indian Computer Emergency Response Team (CERT-In) has released some crucial advice to prevent individuals from becoming victims and suffering financial loss. 

Nearly 4400 devices have been infected with malware, resulting in approximately Rs 16 lakh worth of fraudulent transactions, according to a recent PTI report. Users are tricked into falling for these scams by Vietnamese hackers who employ Android malware. 

As part of the campaign, the victims receive a fraudulent e-challan message on WhatsApp containing a fake payment link. By clicking the link, hackers are able to access the device. 

Modus operandi 

Phishing messages: You receive a text message or email claiming to be from an authentic traffic authority. The notification states that you have an unpaid traffic penalty and imposes a significant charge. 

Fake links: The mail will include a link that will prompt you to click to check the e-challan details or complete the payment. 

Spoofed websites: Clicking the link may direct you to a fraudulent website that appears to be an actual traffic authority website. This website is designed to steal your personal information, such as credit card information, login credentials, or Aadhaar numbers. 

Prevention tips 

Visit official site: The government security agency recommends users to only make e-challan payments using official websites. It's vital to note that each state has its own e-challan website. Legitimate e-challan websites typically end with a ".gov.in" domain extension. So, before making a payment, make sure you're using the right website.

Don't click on suspicious links: As previously said, it's best to avoid clicking on random links. This might have harmful software on it that could harm your device.

Use antivirus software: Antivirus software is able to search for, identify, and prevent this kind of malware from infecting the device. Make sure the antivirus program is updated and has the latest available database. 

If you have been a victim of financial fraud, you can file a report with your local police station as well as the cybercrime portal.
Read more »
Indian Government
Backdoor Attacks China cyber threats Data Breach Data Leak Indian Government

China's Backdoor Data Infiltration: A Growing Concern For Indian Government

 

Indian security agencies are concerned about a potential huge data breach triggered by Chinese microchips and hardware detected in biometric attendance systems (BAS) deployed in central and state government buildings, including sensitive departments. 

During their investigations, intelligence agencies discovered that over a dozen Indian enterprises that sold these biometric attendance systems to government offices used devices with Chinese-origin parts. The firms are under the scanner for potential data leaks. 

Nearly 7,500 central and state government institutions, employing around 900,000 central and 1.7 million state employees, may have been using over 80,000 dubious biometric attendance systems. This includes key central and state government buildings, as well as military and defence offices. 

According to intelligence sources, these biometric attendance systems can be easily utilised by Chinese firms to gain access to data such as the number of officials in a specific organisation, their designations, and even their locations. 

These companies are bound by China's National Intelligence Law, 2017, to send all of their data to Chinese state intelligence agencies. The law, which went into force in June 2017, gives the Chinese government extensive power to manage and access data from companies that fall under its jurisdiction.

Given China's aggressive spying tactics, India's ministry of home affairs has established a dedicated wing of intelligence officials to monitor Chinese firms' activity in India as well as the Indian security system. Furthermore, the Indian government is working to eliminate the presence of Chinese-made equipment, particularly from the national security apparatus. 

Earlier, security officials expressed serious concerns about the potential threat of data leakage from surveillance cameras, particularly those of Chinese origin, installed at various military installations across the country.

According to a letter from the Integrated Defence Headquarters at the Ministry of Defence (MoD), one of the market leaders in surveillance cameras, which is 41% owned by the Chinese government, is operating in India through a collaboration with an Indian company. The modules for these camera systems are supplied by a Chinese company, although the items are advertised as 'Made in India', the MoD stated. 

Following the Chinese troops' incursion into Ladakh, the ministry of finance's department of expenditure issued GFR (general finance rule) 144 XI on July 23, 2020, to ensure that Chinese firms do not participate in procurements directly or through Indian/Chinese subsidiaries without first registering with the DPIIT (Department for Promotion of Industry and Internal Trade).
Read more »
Indian Government
Data Breach Data Leak Data Privacy Employee Data Indian Government

Hacker Claims Data Breach of India’s Blue-Collar Worker Database

 

A hacker claims to have accessed a large database linked with the Indian government's portal for blue-collar workers emigrating from the country. 

The eMigrate portal's database allegedly includes full names, contact numbers, email addresses, dates of birth, mailing addresses, and passport data of individuals who allegedly registered for the portal.

The Ministry of External Affairs launched eMigrate, which helps Indian workers in emigrating overseas. The portal also offers clearance tracking and insurance services to migrating workers. 

The database for sale on a recognised cybercrime forum looks to be genuine and it even includes the contact information for the Indian government's foreign ambassador. While it is unclear whether the data was stolen directly from the eMigrate portal or via a previous breach, the threat actors claim to have access to at least 200,000 internal and registered user accounts. 

India's Computer Emergency Response Team (CERT-In) is working with the relevant authorities to take appropriate action, while the Ministry of External Affairs is yet to respond on the matter. This is not the first time India's government portals have been accused of data leak. 

Earlier this year, an Indian state government website was found exposing sensitive documents and personal information of millions of residents. In May, scammers were found to have tricked government websites into displaying adverts that redirected users to online betting sites. 

The implications of such data breaches is difficult to estimate. However, data breaches can have serious consequences for individuals whose personal information is exposed. Personal information provided on hacker forums is frequently used by attackers to launch phishing attacks, steal identities, and compromise users' financial security. 

“Personal data is its own form of digital currency on the internet and breaches cost organizations a significant amount. The breaches impacting organizations and government entities are what the public sees front and center, but the impact on the end user isn’t as visible.” Satnam Narang, sr. staff research engineer, Tenable stated.
Read more »
Telecom Sector
Cyber Fraud cybercriminals DoT Fake Calls Fraud Calls Identity Fraud India Indian Government Spoofing Telecom Sector

Combatting International Spoofed Calls: India's New Measures to Protect Citizens

 

In recent times, fraudsters have increasingly used international spoofed calls displaying Indian mobile numbers to commit cybercrime and financial fraud. These calls, which appear to originate within India, are actually made by criminals abroad who manipulate the calling line identity (CLI). 

Such spoofed calls have been used in various scams, including fake digital arrests, FedEx frauds, narcotics in courier schemes, and impersonation of government and police officials. To combat this growing threat, the Department of Telecommunications (DoT) and Telecom Service Providers (TSPs) in India have developed a system to identify and block incoming international spoofed calls. 

This initiative aims to prevent such calls from reaching any Indian telecom subscriber. The Ministry of Communications announced that TSPs have been directed to block these calls and are already taking steps to prevent calls with spoofed Indian landline numbers. In addition to this, the DoT has launched the Sanchar Saathi portal, a citizen-centric platform designed to enhance user safety and security amid the rising threat of fraud and international call scams. This portal includes a feature called "Chakshu," which allows individuals to report suspicious calls and messages. 

Chakshu simplifies the process of flagging fraudulent communications, providing an extra layer of protection against cybercriminals. Chakshu serves as a backend repository for citizen-initiated requests on the Sanchar Saathi platform, facilitating real-time intelligence sharing among various stakeholders. The platform also provides information on cases where telecom resources have been misused, helping to coordinate actions among stakeholders. 

Union Minister Ashwini Vaishnaw has highlighted additional measures, including creating a grievance redressal platform for reporting unintended disconnections and a mechanism for returning money frozen due to fraud. These efforts aim to address the concerns of citizens who may have been inadvertently affected by the anti-fraud measures. Since its launch in May last year, the Sanchar Saathi portal has been instrumental in enhancing the security of telecom users. It has helped track or block over 700,000 lost mobile phones and detect more than 6.7 million suspicious communication attempts. 

These efforts underscore the government's commitment to safeguarding citizens from cyber threats and ensuring the integrity of telecom services. The DoT and TSPs' proactive measures, along with the Sanchar Saathi portal, represent significant steps towards protecting Indian citizens from international spoofed calls and other forms of cybercrime. By leveraging advanced technology and fostering collaboration among stakeholders, these initiatives aim to create a safer digital environment for all.
Read more »
Third-Party Risks
Biometric data biometric vulnerability Data Breach Data Leak Hackers attack Indian Government Indian Government hacked personal information exposure Third-Party Risks

Massive Data Breach Exposes Sensitive Information of Indian Law Enforcement Officials

 

Recently, a significant data breach compromised the personal information of thousands of law enforcement officials and police officer applicants in India. Discovered by security researcher Jeremiah Fowler, the breach exposed sensitive details such as fingerprints, facial scans, signatures, and descriptions of tattoos and scars. Alarmingly, around the same time, cybercriminals advertised the sale of similar biometric data on Telegram. 

The breach was traced to an exposed web server linked to ThoughtGreen Technologies, an IT firm with offices in India, Australia, and the United States. Fowler found nearly 500 gigabytes of data, encompassing 1.6 million documents dating from 2021 to early April. This data included personal information about various professionals, including teachers, railway workers, and law enforcement officials. Among the documents were birth certificates, diplomas, and job applications. 

Although the server has been secured, the incident highlights the risks of collecting and storing biometric data and the potential misuse if leaked. “You can change your name, you can change your bank information, but you can't change your actual biometrics,” Fowler noted. This data, if accessed by cybercriminals, poses a long-term risk, especially for individuals in sensitive law enforcement roles. Prateek Waghre, executive director of the Internet Freedom Foundation, emphasized the extensive biometric data collection in India and the heightened security risks for law enforcement personnel. 

If compromised, such data can be misused to gain unauthorized access to sensitive information. Fowler also found a Telegram channel advertising the sale of Indian police data, including specific individuals’ information, shortly after the database was secured. The structure and screenshots of the data matched what Fowler had seen. For ethical reasons, he did not purchase the data, so he could not fully verify its authenticity. In response, ThoughtGreen Technologies stated, “We take data security very seriously and have taken immediate steps to secure the exposed data.” 

They assured a thorough investigation to prevent future incidents but did not provide specific details. The company also reported the breach to Indian law enforcement but did not specify which organization was contacted. When shown a screenshot of the Telegram post, the company claimed it was “not our data.” Telegram did not respond to requests for comment. 

Shivangi Narayan, an independent researcher, stressed the need for more robust data protection laws and better data handling practices by companies. Data breaches are so frequent that they no longer shock people, as evidenced by a recent face-recognition data breach involving an Indian police force.

Globally, as governments and organizations increasingly use biometric data for identity verification and surveillance, the risk of data leaks and abuse rises. For example, a recent face recognition leak in Australia affected up to a million people and led to a blackmail charge. It also has to be noted that many countries are looking at biometric verification for identities, and all of that information has to be stored somewhere. If they decide to farm it out to a third-party company, they lose control of that data.
Read more »
Telecom Firm
Cyber Crime DoT Indian Government Mobile Connection Telecom Firm

Indian Govt Targets Cyber Criminals: DoT To Deactivate 1.8 Million SIMs

 

According to a recent media report citing 'officials' as sources, telecom operators are planning to disconnect approximately 1.8 million mobile connections at once as part of the government's first all-India operation to combat cybercrime and online fraud. 

This development comes after a thorough investigation conducted by multiple law enforcement authorities to trace the usage of mobile networks for cybercrime and financial theft.

"During investigations, it was detected that in many instances, a single handset was used with thousands of mobile connections," an official privy to the details told the local media outlet. 

On May 9, the Department of Transportation directed telcos to deactivate 28,220 mobile devices and re-verify nearly two million mobile connections that had been misused with these handsets. 

Officials stated that in such cases, just 10% of the connections are verified, with the remainder being disconnected and failing re-verification. They also stated that the disconnection will take place once the telecoms completed the re-verification in 15 days. The action comes amid a consistent increase in the number of mobile phone-related cybercrimes in the country. 

The National Cybercrime Reporting Portal (NCRP) said that digital financial theft victims lost Rs 10,319 crore in 2023. The Parliamentary Standing Committee on Finance said that over 694,000 complaints were received in 2023. 

Officials stated that fraudsters generally employ SIM cards from other telecom circles and frequently change the combination of SIM and handset to avoid detection by law enforcement and carriers.

"For instance, an Odisha or Assam circle SIM could be used in Delhi NCR," a second official noted. "To avoid the radar, fraudsters make only a few outgoing calls and then change the SIM as too many out. going calls from the same number would get detected by telco systems.”

According to an earlier investigation, telcos disconnected almost two lakh SIM cards last year for alleged involvement in cybercrimes. In another case, the authorities investigated places such as Mewat in Haryana, and more than 37,000 SIM cards were disconnected. 

Coordinated Action: To combat cybercrime, the government believes that telecoms should improve their detection of SIM usage patterns, particularly those purchased outside of home circles."As part of their roaming detection system, telcos can instantly capture when a person moves out to a different circle," added the second official.
Read more »
Indian Government
Chinese Hacker Data Breach Data Leak Data Safety Indian Government

Indian Authorities Probes Data Breach Concerns Involving PMO and EPFO

 

The Open-Source Intelligence (OSINT) team at India Today reviewed leaked data that claimed a Chinese state-affiliated hacker group had targeted major Indian government offices, such as the "PMO" (likely the Prime Minister's Office), as well as businesses like Reliance Industries Limited and Air India. 

Over the weekend, thousands of files, images, and chat messages related to I-Soon—a claimed cybersecurity contractor for China's Ministry of Public Security (MPS)—were secretly shared on GitHub.

The leak reveals a complex network of covert attacks, spyware operations, and sophisticated surveillance by Chinese government-linked cyber criminals. 

A machine-translated version of the leaked internal documents, originally written in Mandarin, shows hackers documenting their techniques, targets, and exploits. Targets included the North Atlantic Treaty Organisation (NATO), an intergovernmental military alliance, European governments, and organisations, as well as Beijing's friends such as Pakistan. 

Indian targets 

The data stolen names Indian targets such as the Ministry of Finance, the Ministry of External Affairs, and the "Presidential Ministry of the Interior," which is likely a reference to the Ministry of Home Affairs. 

During the peak of India-China border tensions, advanced persistent threat (APT) or hacker groups stole 5.49GB of data from various offices of the "Presidential Ministry of the Interior" between May 2021 and October 2021. 

"In India, the primary work goals are the ministries of foreign affairs, finance, and other key departments. We continue to monitor this sector closely and want to capitalise on its potential in the long run," reads the translated India section of what appears to be an internal report prepared by iSoon. 

User data for the state-run pension fund management, the Employees' Provident Fund Organisation (EPFO), the state telecom provider Bharat Sanchar Nigam Limited (BSNL), and the private healthcare chain Apollo Hospitals were also allegedly compromised. 

The leaked documents also mentioned about 95GB of India's immigration statistics from 2020, referred to as "entry and exit points data". Notably, following the conflict in Galwan Valley in 2020, India-China relations deteriorated further.

"India has always been a major emphasis for the Chinese APT side of things. The stolen data inevitably covers quite a few Indian organisations, including Apollo Hospital, persons coming in and out of the nation in 2020, the Prime Minister's Office, and population figures," said Taiwanese researcher Azaka, who initially uncovered the GitHub hack. 

This is not the first time China has been blamed for cyberattacks on India. Seven Indian power hubs were reportedly targeted by hackers linked to China in 2022. Threat actors attempted to breach India's power system in 2021 as well.
Read more »
Indian Government
CyberCrime Cybersecurity Data Breach Financial Exploit Indian Government

Dawnofdevil Hackers on the Rise Again

 



In the ongoing battle to secure the cyber realm, the emergence of new hackers continues unabated, constantly innovating methods to breach the digital boundaries that safeguard your online world. A new hacking collective known as "dawnofdevil" has emerged as a potent threat to various Indian entities, with a particular focus on government organisations. This group, operating discreetly within the confines of BreachForums, has boldly asserted its successful infiltration into the security apparatus of the Income Tax Department of India. The potential compromise of sensitive information within this governmental body raises significant concerns about data confidentiality and the potential for unauthorised access to various affiliated websites.

Operating under the pseudonym "dawnofdevil," an unidentified individual has boldly claimed to breach the robust security infrastructure of the Income Tax Department. The purported breach involves gaining unauthorised access to an email account hosted on the incometax.gov.in domain, a development that could potentially open avenues for unauthorised registrations on a range of government-affiliated websites. Adding to the gravity of the situation, the hacker is actively seeking buyers for this compromised email access, attaching a price tag of US$500 to the illicit offering.

Expanding their cyber activities, dawnofdevil has recently made waves by claiming a successful breach of Hathway, a prominent broadband and cable TV service provider in India. The hacker boasts of obtaining personal data from a staggering 41.5 million customers, comprising names, addresses, phone numbers, and even password hashes. This extensive dataset is being offered for sale at a substantial price of US$10,000. Furthermore, the hacker asserts control over access to MySQL and Oracle databases, totaling over 400 GB of data spread across more than 800 tables with production data. Additionally, the claim includes possession of 4 million+ KYC documents, containing sensitive details like full names, Aadhar numbers, PAN cards, and other national ID information.

To underscore the magnitude of the breach, dawnofdevil has shared samples of the compromised data, revealing the depth and variety of information at risk. In a move to facilitate the sale of this illicit information and enable targeted searches, the hacker has established a Tor site. This dark web portal allows individuals to search for specific data entries using mobile numbers and email addresses.

The implications of these security breaches are profound, necessitating a comprehensive understanding of the potential risks involved. As investigations unfold, there is an urgent need to employ the importance of robust cybersecurity measures. The broader community, both organisations and individuals alike, should remain vigilant in the face of these evolving cyber threats, taking proactive steps to safeguard sensitive data and mitigate the risks associated with unauthorised access. Stay tuned for ongoing updates as the alleged organisations look closely into the investigation, and the cybersecurity world continues to make developments. 


Read more »
User Privacy
Criminal Law Data Privacy Laws Data Protection Bill Fine Indian Government Privacy Sensitive Data Leak User Privacy

Govt Proposes Rs 250 Cr Fine for Consumer Data Leaks

The Indian government has proposed a fine of up to Rs 250 crore on enterprises found guilty of disclosing customer data, which is a significant step toward bolstering data protection procedures. This action is a component of the Data Protection Bill, which seeks to protect sensitive personal data about individuals and improve corporate accountability for handling such data. The bill's recent introduction into Parliament represents a turning point in India's effort to strengthen data security.

As per the bill, businesses and entities handling consumer data will be held liable for severe penalties if they fail to maintain the necessary safeguards to protect this information. The proposed fines are among the most substantial globally, reflecting the government's commitment to ensuring the privacy and security of its citizens' data.

According to the Minister of Electronics and Information Technology, this step is crucial to "create a robust mechanism to protect the data rights and privacy of individuals." The increasing digitization of services and the rise in cybercrimes have underscored the urgency of enacting comprehensive data protection legislation.

Industry analysts predict that the proposed sanctions would motivate companies to prioritize data security and make significant investments in cybersecurity. They think that the potential financial repercussions will encourage businesses to embrace cutting-edge frameworks and technologies to stop data breaches.

The Data Protection Bill is the result of intensive talks with several stakeholders, including business representatives, academics, and civil society organizations. In addition to focusing on sanctions, it also seeks to create a Data Privacy Authority (DPA) tasked with monitoring and upholding data privacy laws. The DPA will be crucial in assuring compliance and enforcing any infractions.

Both supporters and opponents of the bill have drawn attention as it moves through Parliament. While supporters applaud the government's efforts to protect personal information, some detractors contend that small firms may be disproportionately affected by the sanctions. Legislators continue to struggle with finding a balance between the protection of personal information and corporate convenience.

Data security has grown to be of utmost importance in a world where it is frequently referred to as the new oil. The government of India has made it clear that it intends to develop a solid framework for data protection, aligning the country with international trends in protecting digital privacy, through the planned fines. As the bill advances, its effects on both consumers and corporations will likely change how data management and privacy are viewed in India.



Read more »
Threat Landscape
Aadhar Security Deepfake Digital Identity Generative AI Indian Government Technology Threat Landscape

Generative AI Threatens Digital Identity Verification, Says Former CTO of Aadhar

 

Srikanth Nadhamuni, who formerly held the position of chief technology officer (CTO) of Aadhar between 2009 and 2012, believes that the tremendous improvement we are seeing in the field of artificial intelligence, particularly generative AI, poses a clear and present danger to digital identity verification. He and Vinod Khosla co-founded Bangalore-based incubator Khosla Labs, where he serves as CEO. 

The trust mechanisms that have been meticulously built into identification systems throughout time are seriously threatened by deep fakes, synthetic media that effectively mimic actual human speech, behaviour, and appearance. The need for a "proof-of-personhood" verification capability, probably using a person's biometrics, becomes paramount in this increasingly likely future scenario where AI-generated impersonations cause chaos and erode trust in the system, the tech expert wrote in a LinkedIn post titled "The Future of Digital Identity Verification: In the era of AI Deep Fakes." 

Disinformation is now taking on a whole new dimension thanks to generative AI. Text-to-image AI models like DALL-E2, Midjourney, and Stable Diffusion can produce incredibly realistic visuals that are simple to mistake for the real thing. The ability to create misleading visual information has been made possible by this technology, further obscuring the distinction between truth and fiction.

Even though the Indian government has stated that it will not regulate artificial intelligence (AI), it has revealed that the impending Digital India Act (DIA) will include provisions to address disinformation produced by AI.

“We are not going to regulate AI but we will create guardrails. There will be no separate legislation but a part of DIA will address threats related to high-risk AI,” Union Minister Rajeev Chandrasekhar said. 

The draft hasn't been released yet, so it's unclear how it will address the challenge that generative AI poses to digital identity verification. 

How to identify deep fake images

According to Sandy Fliderman, president, CTO, and creator of industry fintech, it was simpler to spot fakes in old recordings because of changes in skin tone, odd blinking patterns, or jerky motions. But since technology has advanced so much, many of the traditional "tells'' are no longer valid. Today, red flags could show up as irregularities in lighting and shading, which deepfake technology is still working to perfect.

Humans can seek for a number of indicators to distinguish between authentic and fraudulent photographs, such as the following: 

  • Body components and the skin have irregularities.
  • Eyes have a shadowy area. 
  • Unorthodox blinking patterns.
  • Spectacles with an unusual glare. 
  • Mouth gestures that are not realistic. 
  • Lip colour is unnaturally different from the face. 
Read more »
User Privacy
Cyber Attacks Indian Government Information Technology Tata Motors Scam User Privacy

Hacktivist's Target Tata Power Company

On October 14, Tata Power acknowledged a cyberattack on its information technology (IT) infrastructure. The company declared that it has taken steps to recover and restore the systems and that all essential operating systems were functioning properly. The company noted that for staff and customer-facing portals and user experience, it has also implemented restricted access and preventative checks. 

Tata Power did not provide any additional information on the subject. The Social media manager declined to comment when questioned about the nature of the attack and how it affected the company. Additionally, they opted not to comment on whether any data had been stolen. As mentioned in the Statement, the firm has taken action to recover and restore the systems. 

The corporation creates, transmits, and sells electricity in South Asian countries. It aspires to increase the proportion of clean energy in its portfolio from around a third to 60% in five years and to achieve net zero by 2045. It claims to have the highest installed and managed energy-producing capacity in the nation, with 13,974 MW. 

The expansion of Tata Power's business via rooftop solar, microgrids, storage options, solar pumps, EV charging infrastructure, and home automation has recently caught their attention. Through its distribution firms, the company provides service to over 12 million consumers.

In its official statements, the Indian government has cited the nationwide energy network's cybersecurity as a challenge. Chinese state-sponsored hackers allegedly targeted the Indian electricity sector as part of a long-term scheme, according to a report released in April by the American cybersecurity firm Recorded Future. In response to the news, the spokesperson for India's Ministry of External Affairs, Arindam Bagchi, stated that the nation has not brought up this matter with China. 

Read more »
User Privacy
Corporate Hacking Indian Government Privacy User Privacy

Flaws in Policybazaar Insurance Firm

A small cybersecurity company informed Policybazaar last month that it had found severe security flaws in the organization's internet-facing network that could expose the private financial and personal information of at least 11 million customers to malicious hackers.

The unnamed firm used the typical ethical hacker strategy, which gave Policybazaar, the insurance aggregator, time to fix the bugs and notify the authorities. It said that it felt legal, in part because it had workers who were clients, but it did not get permission in advance to test Policybazaar's technology.

On July 24, a publicly held entity Policybazaar — which counts Tencent among its investors — notified India's stock markets that it had suffered an unauthorized breach, but "no substantial customer data was compromised."

Flaw analysis

CyberX9's director Himanshu Pathak said that anyone with decent computer/IT expertise could have easily found, used, and leaked all of this material.

CyberX9, a startup, is not passive. The company's managing director wants Indians to be aware that since many extremely significant flaws were so simple to find, it appeared as though Policybazaar had purposefully left itself vulnerable to hacking by criminals.

The data also contains copies of the identification, health, and financial documents that people must present in order to obtain insurance, such as tax returns, pay stubs, bank statements, driver's licenses, and birth certificates.  90% of India's internet insurance aggregator market is claimed by Policybazaar, a broker for various carriers and types of policies that collects data through user uploads and self-generated records.

The Associated Press contacted three of the people listed in the sample material, which included copies of private data from CyberX9, one of whom was a soldier stationed in Ladakh, a region that is disputed by Pakistan and China. All three of them acknowledged that they were Policybazaar users. All of them claimed they were unaware of any security incident.

56 million users were enrolled on Policybazaar at the end of December, with 11 million of them as 'transacting clients' who bought 25 million insurance policies, according to documentation on the website of Policybazaar's parent firm, PB Fintech Ltd.

Other than to declare that it had corrected the discovered vulnerabilities and had forwarded the incident to outside consultants for a forensic audit, Policybazaar refused to answer the queries from the AP.

After learning about the volume of private and sensitive data that Policybazaar was in charge of maintaining during its November IPO, CyberX9 claimed it made the decision to check Policybazaar's network for vulnerabilities.

There were no limitations on the number of times an unauthorized user could perform such a retrieval, per the report, which detected five vulnerabilities and was able to collect user data without requesting permission.

Data privacy in India

The founder of SecureLayer7, Sandeep Kamble, said that the handling of these cases by the legal system is immature since most judges lack the necessary technological knowledge. 

Despite the nation's top court deemed privacy to be a fundamental right in 2017 and ordered the government to draft legislation, India, which has 800 million internet users, also lacks a data protection law. Criticism of some of the bill's provisions, such as one that allowed the government access to personal data in the interest of 'sovereignty,' caused a delay in its consideration in Parliament.

A data protection law is deemed required in India, where financial fraud and data leaks are common, as per digital experts. Due to previous events in which both private companies and the government leaked people's data, its absence has raised privacy issues in the nation.









Read more »
Subscribe to: Posts (Atom)