Tag Archives: Cyber Security

VIF Cyber Review: April 2022


Cabinet approves upgradation of mobile sites in LWE-affected areas

On 27 April 2022, the Union Cabinet chaired by Prime Minister Narendra Modi, has approved a ‘Universal Service Obligation Fund (USOF)’ project for upgrading 2G mobile services to 4G at security sites in the Left-Wing Extremism (LWE) areas. The Cabinet also authorised Bharat Sanchar Nigam Limited (BSNL) payment of LWE Phase-I 2G site operations and maintenance costs for an additional five years beyond the contractual period of five years at a cost of ₹541.80 crore. The extension will last up to 12 months from the date of Cabinet approval or the commissioning of 4G sites, whichever comes first.

The upgrade will improve internet and data services in certain LWE locations. It satisfies the standards of the Ministry of Home Affairs (MHA) as well as the state governments. It will also meet the communication requirements of the security forces stationed in these regions. The suggestion is consistent with the goal of increasing rural mobile connectivity. Furthermore, delivery of various e-governance, banking, tele-medicine, tele-education, and other services via mobile broadband will be possible in these locations. [1]

CERT-In issued advisory on multiple vulnerabilities in Oracle products

On 22 April 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory on multiple vulnerabilities in Oracle products which could be exploited by an attacker to bypass security restrictions, execute arbitrary code, disclose sensitive information, and cause Denial of Service (DoS) attack on the targeted system. Such vulnerabilities are remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. [2] As a solution, CERT-In provided link to apply appropriate patches available at: Click here to read…

India Post issued warning against fraudulent URLs/Websites claiming to give prizes through certain surveys

On 23 April 2022, the India Post issued a warning against various URLs/Websites getting circulated in social media and communication platforms, such as WhatsApp, Telegram, Instagram, and through e-mail/SMS containing tiny URLs, claiming to provide government subsidies as prize money through certain surveys. “We wish to inform the citizens of the Country that India Post is not involved in any such activities like announcing Subsidies, Bonus or Prizes based on Surveys etc. Public receiving such notifications/messages /emails are requested not to believe or respond to such fake and spurious messages or share any personal details.

It is also requested not share any personally identifiable information such as date of birth, Account numbers, mobile numbers, place of Birth & OTP etc”, read the advisory issued by the India Post. The India Post and Fact Check Unit of Press Information Bureau (PIB) have declared these URLs/Websites as fake through social media. [3]

CERT-In issued advisory on Malware targeting ICS/SCADA systems

On 16 April 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory about the Advanced Persistent Threat (APT) actors targeting Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA) systems through custom made tools. The tools enabled cyber threat actors to scan for, compromise, and control affected systems after gaining access to the operational technology (OT) network.

The APTs are targeting ICS/SCADA and have capabilities to gain complete access control of certain ICS/SCADA devices including:

– Schneider Electric programmable logic controllers (PLCs).

– OMRON Sysmac NEX PLCs, and,

– Open platform communications Unified Architecture (OPC UA) Servers.
According to the advisory, the APT actors could also exploit a known-vulnerable ASRock-signed Motherboard driver— “AsrDrv103.sys”, exploiting CVE-2020-15368, to execute malicious code in the Windows kernel to move laterally within an IT or OT environment and disrupt critical devices or functions. [4]

Qualcomm and MeitY’s C-DAC partner to support Indian Semiconductor start-ups

For 2022, Qualcomm India announced a collaboration with the Centre for Development of Advanced Computing (C-DAC), an autonomous scientific society of the Ministry of Electronics and Information Technology (MeitY), to initiate and conduct Qualcomm® Semiconductor Mentorship Program (QSMP) 2022 for select start-ups from the semiconductor space in India, with further programme to provide and facilitate mentorship, technical training, and industry outreach. Under the collaboration, the C-DAC and Qualcomm India intend to work towards following broad objectives:

– Nurture technical advancements and intellectual-property-driven innovation and product development required for semiconductor design in the Indian ecosystem.

– Help reduce risks in innovation; accelerate the pace of business development; and develop soft skills and knowledge base of Indian start-ups engaged in semiconductor design.

– Facilitate access for the selected start-ups with domain experts, VCs, accelerators, incubators, industry associations and large companies that could help them scale up their business.

– Create platforms and forums that provide opportunities to work with high-growth-potential small businesses and start-ups who have potentially disruptive technologies that could develop or reshape semiconductor supply chains in the future.

Up to ten Indian semiconductor start-ups will be shortlisted for QSMP 2022 by Qualcomm India. Each nominated firm will be connected with a Qualcomm India executive for product development and planning mentoring. Through meetings, webinars, seminars, and tradeshows, C-DAC and Qualcomm India will help these entrepreneurs gain exposure to government stakeholders. [5]

CERT-In issued advisory for safe and trusted Internet

On 28 April 2022, The Indian Computer Emergency Response Team (CERT-In) issued directions related to the best information security practices, procedure, prevention, response, and reporting of cyber-crimes under the provisions of sub-Section (6) of the Section 70B of the Information Technology (IT) Act, 2000. The directions will become effective after 60 days.

The directives included aspects relating to synchronisation of Information and Communication Technology (ICT) system clocks; mandatory reporting of cyber incidents to CERT-In; maintenance of logs of ICT systems; subscriber/customer registrations details by Data centres, Virtual Private Server (VPS) providers, Virtual Private Network (VPN) Service providers, Cloud service providers; KYC norms and practices by virtual asset service providers, virtual asset exchange providers and custodian wallet providers. These directions shall enhance overall cyber security posture and ensure safe & trusted Internet in the country. [6] The directions are available at: Click here to read…


Eurojust and Europol cracked an online investment fraud scheme responsible for losses of at least Euro 20 million

On 21 April 2022, Authorities in Finland, the Netherlands, Lativa, France, Germany, and Ukraine, supported the operation during which more than 50 servers and services were seized in six countries. “At the request of the Estonian authorities, Eurojust and Europol assisted in taking down an online investment fraud scheme, which defrauded victim 21 April 2022.

As modus operandi, the perpetrator— belong to an international Organised Crime Group (OCG) contacted victims by telephone via Internet. They project themselves as brokers of online trading platforms, dealing with Cryptocurrencies, to convince victims to make investments. It is believed that more than 30,000 people from at least 71 countries, at least 522 victims are registered in Estonia alone. [7]

Japan proposed first domestic quantum computer use by March 2023

The Japanese government proposed its intentions to enter the global Quantum Computing campaign by placing its first indigenous quantum computer into service within current fiscal year ending March 2023. As per the new strategy, Japan plans to establish four quantum research centres across the country, which could be finalised this month, after the ruling party— Liberal Democratic Party proposed expanded investment in quantum computing and artificial intelligence (AI). [8] Also, the Japanese government expects 10 million users by the end of decade too.

As for the research centres, one of the two will be established at Tohoku University in Sendai, Miyagi Prefecture, on the north-eastern coast of Japan. The centres will train personnel and support research and development. The other new site, at Okinawa Institute of Science and Technology Graduate University, will serve as a hub for advancing joint research by global scientists,” read a report by Nikkei. [9]

Russian hacktivists launched DDoS attacks against Romania’s govt. websites

On 29 April 2022, the Romanian National Cyber Security and Incident Response Team— DNSC, issued a statement informing a series of Distributed Denial of Service (DDoS) attacks targeting several public websites management by the State authorities. The attacks had been claimed by pro-Russia hacktivist group— ‘Killnet’. According to the statement released by the DNSC, the hacktivist group targeted the following Romania-based servers:

– gov.ro (official website of Romania’s Government),

– mapn.ro (official website of Romania’s Ministry of Defense),

– politiadefrontiera.ro (official of Romanian Border Police),

– cfrcalatori.ro (official website of Romania’s National Railway Transport Company), and

– otpbank.ro (site of a commercial bank operating in Romanian).

According to the Romania’s primary domestic intelligence services— SRI (Serviciul Roman de Informatii), the DDoS attack began at 0400 hrs local time, and it originated from a compromised network equipment outside Romania, and that had been compromised by exploiting security vulnerabilities. [10]

China-backed hackers are targeting Russian State officials

Security researchers discovered a phishing campaign led by China-based threat actors, Mustang Panda aka HoneyMyte, and Bronze President) targeting Russian State officials. Earlier, the threat group— Mustang Panda, was spotted orchestrating intelligence gathering campaigns against the European targets, employing phishing lures inspired by the Russian invasion of Ukraine. Despite, two countries— Russia and China, maintains good geopolitical relationships, Russia has always remained in the Mustang Panda’s cross hair.

Although the files sent are Windows executables (.exe), they are made to appear as PDFs and are named after Blagoveshchensk— Russian city closer to the border with China. This suggests that the targets of this campaign are Russian personnel in the region, which further supports the theory that China may be shifting to new intelligence gathering objectives. Upon launching the executable, a host of additional files are fetched, including the previously mentioned decoy EU document, a malicious DLL loader, an encrypted PlugX variant, and a digitally signed .EXE file. [11]

Endnotes :

[1] Government of India. “Cabinet approves upgradation of 2G mobile sites to 4G at security sites in Left-Wing Extremism (LWE) areas”, Press Information Bureau, 27 April 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1820512
[2] Government of India. “Multiple Vulnerabilities in Oracle Products— CERT-In Advisory CIAD-2022-0011”, Indian Computer Emergency Response Team (CERT-In), 22 April 2022, Available from: https://www.cert-in.org.in/
[3] Government of India. “India Post warns public against fraudulent URLs/Websites claiming to provide subsidies/prizes through certain surveys”, Press Information Bureau, 23 April 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1819189
[4] Government of India. “Malware targeting ICS/SCADA systems— CIAD-2022-0010”, Indian Computer Emergency Response Team (CERT-In), 16 April 2022, Available from: https://www.cert-in.org.in/
[5] Government of India. “Qualcomm and MeitY’s Centre for Development of Advanced Computing (C-DAC) partner to support Indian semiconductor start-ups”, Press Information Bureau, 29 April 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1821268
[6] Government of India. “CERT-In issues directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet”, Press Information Bureau, 28 April 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1820904
[7] “Takedown of Infrastructures of call centre involved in online investment fraud responsible for losses of at least EURO 20 million”, European Union Agency for Criminal Justice Cooperation, 21 April 2022, Available from: https://www.eurojust.europa.eu/news/take-down-infrastructure-call-centres-involved-online-investment-fraud-responsible-losses
[8] “Tokyo sets Quantum Computing Deadline— Japan Times”, Asia Financial, 08 April 2022, Available from: https://www.asiafinancial.com/48334-2
[9] Kaur, Dashveenjit. “Japan’s first domestic quantum computer targets 10m users by 2030”, Techwire Asia, 18 April 2022, Available from: https://techwireasia.com/2022/04/japans-first-domestic-quantum-computer-targets-10m-users-by-2030/
[10] Toulas, Bill. “Russian hacktivists launch DDoS attacks on Romanian govt sites”, Bleeping Computer, 29 April 2022, Available from: https://www.bleepingcomputer.com/news/security/russian-hacktivists-launch-ddos-attacks-on-romanian-govt-sites/ ; Government of Romania. “Atacuriciberneticeasupra site-urilorunorinstituțiipubliceșifinanciar-bancare”, SRI, 29 April 2022, Available from: https://www.sri.ro/articole/atacuri-cibernetice-asupra-site-urilor-unor-institutii-publice-si-financiar-bancare.html
[11] Toulas, Bill. “Chinese state-backed hackers now target Russian state officers”, Bleeping Computer, 27 April 2022, Available from:https://www.bleepingcomputer.com/news/security/chinese-state-backed-hackers-now-target-russian-state-officers/

VIF Cyber Review: January 2022


MeitY invites applications under the Chips to Start-up (C2S) programme

In line with Prime Minister Modi’s vision of India being next Semiconductor hub, the Ministry of Electronics and Information Technology (MeitY) invited applications from 100 academia, Research & Development (R&D) organisations, Start-ups, and Micro, Small and Medium Enterprises (MSMEs) under its “Chips to Start-up” (C2S) programme. The C2S programme aims to train around 85,000 qualified engineers in the area of Very-Large Scale Integration (VLSI) and Embedded System Design (ESD) over a period of five years. The programme would be implemented at about 100 academic institutions, R&D organisations across India, including IITs, NITs, IIITs, government/private colleges. The Start-ups and MSMEs can also participate in the programme by submitting their proposals under “Academia- Industry Collaborative Project” (AICP). The project proposals should be submitted at C2S portal— www.c2s.gov.in. The institutions applying under the programme should meet the eligibility criteria defined at the portal and should be in line with the proposals’ guidelines. [1]

“No Siri, Alexa, smart devices in close-door meetings”: Intelligence agencies to Govt officials

The intelligence agencies issued a communication security advisory to government officials to control the leaks of classified information. According to news report, the advisory has asked all government officials not to use WhatsApp, Telegram, etcetera, to share confidential information as private tech companies control data storage servers—located outside the country. The advisory also covered instructions on Video Conferencing (VC) and for government officials opted Work from Home (WFH).

“Officials scan classified documents, store them in their mobile, send and share with others through private applications. New devices pose a big risk for national security and must be avoided while discussing important classified or secret issues by all ministries,” said an official on the basis of anonymity. Some of the guidelines in the advisory includes[2]:

i) During meetings where classified issues are to be discussed, officials keep their smartphones and smartwatches outside the meeting room.
ii) In offices—officers and staff shouldn’t keep various office assistant devices like Amazon Echo, Apple HomePod, Google Home, etc.
iii) Digital assistants like Siri and Alexa in smartphones and smartwatches must be switched off while entering a meeting where classified issues will be discussed.

CERT-In issued advisory on “Multiple Vulnerabilities in Apple Products”

On 27 January 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory addressing multiple vulnerabilities in Apple products. The vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code, disclose sensitive information, and bypass security restriction on the targeted system. The existence of these vulnerabilities based on improper implementation of input validation logic, path validation logic for symlinks, input sanitisation, memory handling and management, state management, bounds checking, restrictions, and checks. A remote attacker could exploit these vulnerabilities by persuading the victim to open a specially crafted file or an application.[3]

India may see rise in Cyber-Espionage in 2022: claimed Kaspersky

According to the Kaspersky’s Cyberthreats to Financial Organisations in 2022 report, India is among top five targets for cyber-attacks in the Asia-Pacific (APAC) region, especially the breaches which involves cyber-espionage. The kind of cyber-attacks that are expected to increase are Advanced Persistent Threats (APTs) attacks with malicious intent to gather significant geopolitical, business, and military intelligence.

“India’s economy and expected growth are among the key reasons for the elevated level of threat it faces. The only correct response is ‘prevention is better than cure’ – to invest in infrastructure and capabilities aimed at improving cyber-intelligence by improving prediction capabilities,” said Dipesh Kaura, General Manager at Kaspersky (South Asia).[4]

BitCoin Fraud: UP Police booked US-based crypto-exchange for fraud

Uttar Pradesh’s Cyber Crime police booked officials of the United States-based crypto-currency exchange firm—Poloniex, for allegedly cheating a Lucknow-based journalist of BitCoins worth ₹ 5.66 lakh. According to the First Information Report (FIR) registered, the victim—Deepak Gidwani bought BitCoins worth ₹ 50,000 in 2018, but never accessed his account due to little knowledge about the digital assets. After login to his BitCoin account on Poloniex’s platform, Deepak tried to withdraw the money which grew almost 10 times and turned out to be ₹ 5.66 lakh. When he tried to withdraw the amount, Deepak was informed that no transaction can be done as the account is frozen. Freezing is a procedure followed by most financial firms if the account is dormant.

“This clearly looks like a case of cheating by the international crypto-exchange firm. On the victim’s complaint, we have booked senior officials of the company along with the CEO. We are now in the process of writing to the company to furnish the account detail of the victim. We will demand logs of his logins and from where the transactions were made,” said Prof Triveni Singh, Superintendent of Police (SP) Cyber Crime, Uttar Pradesh.[5]

CERT-In issued advisory on “multiple vulnerabilities in Microsoft products”

On 12 January 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory on multiple vulnerabilities in Microsoft products, including Exchange Servers. These vulnerabilities could be exploited by an attacker to access sensitive information, bypass security restrictions, perform a Denial of Service (DoS) attack, escalating privileges, perform spoofing attacks or executing arbitrary codes on the targeted system.[6]


Cyber Security researchers uncovered new Iranian hacking campaign targeting Turkish users

In newly published report by Cisco Talos, researchers have discovered malware campaign undertaken by the Iranian “MuddyWater” Advanced Persistent Threat (APT) group targeting Turkey-based private organisations and government establishments, including the Scientific and Technological Research Council of Turkey (TUBITAK). The campaign utilised malicious PDFs, XLS files and Windows executables to deploy malicious PowerShell-based downloaders acting as initial footholds into the target’s enterprise. Earlier of this month, the US Cyber Command linked “MuddyWater” APT to the Iran’s Ministry of Intelligence and Security (MIS).

In modus operandi, the malicious documents (maldoc) pretend to be as legitimate documents from the Turkish Health and Interior Ministries, with the attacks starting by executing malicious macros embedded in them to propagate the infection chain and drop PowerShell scripts to the compromised system. The “MuddyWater” used ‘canary tokens’ in the macro code—a mechanism which is being used to track successful infection of targets, thwart analysis, and detect if the payload servers are being blocked at the other end. The canary tokens, also known as honeytokens, are identifiers embedded in objects like documents, web pages and emails, which, when opened, triggers an alert in the form of an HTTP request, alerting the operator that the object was accessed. [7]

Researchers experimented natural silk fibres to generate secure keys for strong authentication

A team of researchers at South Korea’s Gwangju Institute of Science and Technology (GIST) have utilised natural silk fibres from domesticated silkworms to build an environment-friendly digital security system that is believed to be ‘practically unbreachable’. “The first natural Physical Unclonable Function (PUF) takes advantage of the diffraction of light through natural micro-holes in native silk to create a secure and unique digital key for future security solutions,” said researchers.

The Physical Unclonable Functions or PUFs refer to devices that leverage inherent randomness and microscopic differences in electronics introduced during manufacturing to generate a unique identifier, such as cryptographic keys, for a given set of inputs and conditions. In other words, PUFs are non-algorithmic one-way functions derived from uncopiable elements to create unbreakable identifiers for strong authentication. Over the years, PUFs have been widely used in smartcards to provide silicon fingerprints as a means of uniquely identifying cardholders based on a Challenge-Response Authentication (CAR) scheme.[8]

DPRK’s hackers resurfaced with variant of KONNI RAT malware

A cyber-espionage group with strong ties to Democratic People’s Republic of Korea (DPRK), commonly known as North Korea, has re-emerged with a stealthier variant of its Remote Access trojan—KONNI RAT to attack political establishments located in Russian Federation and South Korea. Most recent intrusions are orchestrated by the group involved targeting Russia’s Ministry of Foreign Affairs (MID) with New Year lures to compromise Windows-based systems with malware. The infections, as with other attacks of this kind, starts with a malicious Microsoft Office document that, when opened, initiates a multi-stage process that involves several moving parts that help the attackers elevate privileges, evade detection, and ultimately deploy the KONNI RAT payload on compromised systems.[9]


[1] India. “MeitY invites applications under the Chips to Startup (C2S) Programme from academia, R&D organisations, startups and MSMEs”, Ministry of Electronics and IT, 16 January 2022, Available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1790350. Accessed on 31 January 2022.
[2] “No Siri, Alexa, smart devices in secret meetings: Intel note to Govt officials on tech threats”, Security Today, 27 January 2022, Available from:https://www.securitytoday.in/indian-news/no-siri-alexa-smart-devices-in-secret-meetings-intel-note-to-govt-officials-on-tech-threats/. Accessed on 31 January 2022.
[3]India. “CERT-In advisory CIAD-2022-0005: Multiple Vulnerabilities in Apple products”, Indian Computer Emergency Response Team- Ministry of Electronics and Information Technology, 27 January 2022, Available from: https://cert-in.org.in/
[4] “Kaspersky predicts rise in cyber espionage for India in 2022”, Business Standard, 14 January 2022, Available from: https://www.business-standard.com/article/economy-policy/kaspersky-predicts-rise-in-cyber-espionage-for-india-in-2022-122011401057_1.html . Accessed on 02 February 2022.
[5]Shekhar, Shashank. “Bitcoin Fraud: UP Police books US-based crypto exchange Poloniex for defrauding Lucknow journalist of ₹5.66 lakh”, 31 January 2022, Available from: https://www.the420.in/bitcoin-fraud-up-police-books-us-based-crypto-exchange-poloniex-for-defrauding-lucknow-journalist-of-rs-5-66-lakh/ . Accessed on 02 February 2022.
[6]India. “CERT-In advisory CIAD-2022-0001: Multiple Vulnerabilities in Microsoft products”, Indian Computer Emergency Response Team- Ministry of Electronics and Information Technology, 12 January 2022, Available from: https://cert-in.org.in/
[7]Lakshmanan, Ravie. “Researchers uncover new Iranian hacking campaign targeting Turkish users”, The Hacker News, 31 January 2022, Available from: https://thehackernews.com/2022/01/researchers-uncover-new-iranian-hacking.html . Accessed on 02 February 2022. ; Malhotra, Asheer and Vitor Ventura. “Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables”, CISCO Talos, 31 January 2022. Available from: https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html . Accessed on 02 February 2022.
[8] “Gwangju Institute of Science and Technology Researchers Develop Novel Silk-based Digital Security Device”, Gwangju Institute of Science and Technology (GIST), 24 January 2022, Available from: https://www.gist.ac.kr/_prog/bbs/?mode=V&site_dvs_cd=en&menu_dvs_cd=060208&code=060208&no=203961 . Accessed on 02 February 2022.
[9]Lakshmanan, Ravie. “North Korean hackers return with stealthier variant of KONNI RAT malware”, The Hacker News, 28 January 2022, Available from: https://thehackernews.com/2022/01/north-korean-hackers-return-with.html. Accessed on 03 February 2022.