VIF Cyber Review: April 2022


Cabinet approves upgradation of mobile sites in LWE-affected areas

On 27 April 2022, the Union Cabinet chaired by Prime Minister Narendra Modi, has approved a ‘Universal Service Obligation Fund (USOF)’ project for upgrading 2G mobile services to 4G at security sites in the Left-Wing Extremism (LWE) areas. The Cabinet also authorised Bharat Sanchar Nigam Limited (BSNL) payment of LWE Phase-I 2G site operations and maintenance costs for an additional five years beyond the contractual period of five years at a cost of ₹541.80 crore. The extension will last up to 12 months from the date of Cabinet approval or the commissioning of 4G sites, whichever comes first.

The upgrade will improve internet and data services in certain LWE locations. It satisfies the standards of the Ministry of Home Affairs (MHA) as well as the state governments. It will also meet the communication requirements of the security forces stationed in these regions. The suggestion is consistent with the goal of increasing rural mobile connectivity. Furthermore, delivery of various e-governance, banking, tele-medicine, tele-education, and other services via mobile broadband will be possible in these locations. [1]

CERT-In issued advisory on multiple vulnerabilities in Oracle products

On 22 April 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory on multiple vulnerabilities in Oracle products which could be exploited by an attacker to bypass security restrictions, execute arbitrary code, disclose sensitive information, and cause Denial of Service (DoS) attack on the targeted system. Such vulnerabilities are remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. [2] As a solution, CERT-In provided link to apply appropriate patches available at: Click here to read…

India Post issued warning against fraudulent URLs/Websites claiming to give prizes through certain surveys

On 23 April 2022, the India Post issued a warning against various URLs/Websites getting circulated in social media and communication platforms, such as WhatsApp, Telegram, Instagram, and through e-mail/SMS containing tiny URLs, claiming to provide government subsidies as prize money through certain surveys. “We wish to inform the citizens of the Country that India Post is not involved in any such activities like announcing Subsidies, Bonus or Prizes based on Surveys etc. Public receiving such notifications/messages /emails are requested not to believe or respond to such fake and spurious messages or share any personal details.

It is also requested not share any personally identifiable information such as date of birth, Account numbers, mobile numbers, place of Birth & OTP etc”, read the advisory issued by the India Post. The India Post and Fact Check Unit of Press Information Bureau (PIB) have declared these URLs/Websites as fake through social media. [3]

CERT-In issued advisory on Malware targeting ICS/SCADA systems

On 16 April 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory about the Advanced Persistent Threat (APT) actors targeting Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA) systems through custom made tools. The tools enabled cyber threat actors to scan for, compromise, and control affected systems after gaining access to the operational technology (OT) network.

The APTs are targeting ICS/SCADA and have capabilities to gain complete access control of certain ICS/SCADA devices including:

– Schneider Electric programmable logic controllers (PLCs).

– OMRON Sysmac NEX PLCs, and,

– Open platform communications Unified Architecture (OPC UA) Servers.
According to the advisory, the APT actors could also exploit a known-vulnerable ASRock-signed Motherboard driver— “AsrDrv103.sys”, exploiting CVE-2020-15368, to execute malicious code in the Windows kernel to move laterally within an IT or OT environment and disrupt critical devices or functions. [4]

Qualcomm and MeitY’s C-DAC partner to support Indian Semiconductor start-ups

For 2022, Qualcomm India announced a collaboration with the Centre for Development of Advanced Computing (C-DAC), an autonomous scientific society of the Ministry of Electronics and Information Technology (MeitY), to initiate and conduct Qualcomm® Semiconductor Mentorship Program (QSMP) 2022 for select start-ups from the semiconductor space in India, with further programme to provide and facilitate mentorship, technical training, and industry outreach. Under the collaboration, the C-DAC and Qualcomm India intend to work towards following broad objectives:

– Nurture technical advancements and intellectual-property-driven innovation and product development required for semiconductor design in the Indian ecosystem.

– Help reduce risks in innovation; accelerate the pace of business development; and develop soft skills and knowledge base of Indian start-ups engaged in semiconductor design.

– Facilitate access for the selected start-ups with domain experts, VCs, accelerators, incubators, industry associations and large companies that could help them scale up their business.

– Create platforms and forums that provide opportunities to work with high-growth-potential small businesses and start-ups who have potentially disruptive technologies that could develop or reshape semiconductor supply chains in the future.

Up to ten Indian semiconductor start-ups will be shortlisted for QSMP 2022 by Qualcomm India. Each nominated firm will be connected with a Qualcomm India executive for product development and planning mentoring. Through meetings, webinars, seminars, and tradeshows, C-DAC and Qualcomm India will help these entrepreneurs gain exposure to government stakeholders. [5]

CERT-In issued advisory for safe and trusted Internet

On 28 April 2022, The Indian Computer Emergency Response Team (CERT-In) issued directions related to the best information security practices, procedure, prevention, response, and reporting of cyber-crimes under the provisions of sub-Section (6) of the Section 70B of the Information Technology (IT) Act, 2000. The directions will become effective after 60 days.

The directives included aspects relating to synchronisation of Information and Communication Technology (ICT) system clocks; mandatory reporting of cyber incidents to CERT-In; maintenance of logs of ICT systems; subscriber/customer registrations details by Data centres, Virtual Private Server (VPS) providers, Virtual Private Network (VPN) Service providers, Cloud service providers; KYC norms and practices by virtual asset service providers, virtual asset exchange providers and custodian wallet providers. These directions shall enhance overall cyber security posture and ensure safe & trusted Internet in the country. [6] The directions are available at: Click here to read…


Eurojust and Europol cracked an online investment fraud scheme responsible for losses of at least Euro 20 million

On 21 April 2022, Authorities in Finland, the Netherlands, Lativa, France, Germany, and Ukraine, supported the operation during which more than 50 servers and services were seized in six countries. “At the request of the Estonian authorities, Eurojust and Europol assisted in taking down an online investment fraud scheme, which defrauded victim 21 April 2022.

As modus operandi, the perpetrator— belong to an international Organised Crime Group (OCG) contacted victims by telephone via Internet. They project themselves as brokers of online trading platforms, dealing with Cryptocurrencies, to convince victims to make investments. It is believed that more than 30,000 people from at least 71 countries, at least 522 victims are registered in Estonia alone. [7]

Japan proposed first domestic quantum computer use by March 2023

The Japanese government proposed its intentions to enter the global Quantum Computing campaign by placing its first indigenous quantum computer into service within current fiscal year ending March 2023. As per the new strategy, Japan plans to establish four quantum research centres across the country, which could be finalised this month, after the ruling party— Liberal Democratic Party proposed expanded investment in quantum computing and artificial intelligence (AI). [8] Also, the Japanese government expects 10 million users by the end of decade too.

As for the research centres, one of the two will be established at Tohoku University in Sendai, Miyagi Prefecture, on the north-eastern coast of Japan. The centres will train personnel and support research and development. The other new site, at Okinawa Institute of Science and Technology Graduate University, will serve as a hub for advancing joint research by global scientists,” read a report by Nikkei. [9]

Russian hacktivists launched DDoS attacks against Romania’s govt. websites

On 29 April 2022, the Romanian National Cyber Security and Incident Response Team— DNSC, issued a statement informing a series of Distributed Denial of Service (DDoS) attacks targeting several public websites management by the State authorities. The attacks had been claimed by pro-Russia hacktivist group— ‘Killnet’. According to the statement released by the DNSC, the hacktivist group targeted the following Romania-based servers:

– (official website of Romania’s Government),

– (official website of Romania’s Ministry of Defense),

– (official of Romanian Border Police),

– (official website of Romania’s National Railway Transport Company), and

– (site of a commercial bank operating in Romanian).

According to the Romania’s primary domestic intelligence services— SRI (Serviciul Roman de Informatii), the DDoS attack began at 0400 hrs local time, and it originated from a compromised network equipment outside Romania, and that had been compromised by exploiting security vulnerabilities. [10]

China-backed hackers are targeting Russian State officials

Security researchers discovered a phishing campaign led by China-based threat actors, Mustang Panda aka HoneyMyte, and Bronze President) targeting Russian State officials. Earlier, the threat group— Mustang Panda, was spotted orchestrating intelligence gathering campaigns against the European targets, employing phishing lures inspired by the Russian invasion of Ukraine. Despite, two countries— Russia and China, maintains good geopolitical relationships, Russia has always remained in the Mustang Panda’s cross hair.

Although the files sent are Windows executables (.exe), they are made to appear as PDFs and are named after Blagoveshchensk— Russian city closer to the border with China. This suggests that the targets of this campaign are Russian personnel in the region, which further supports the theory that China may be shifting to new intelligence gathering objectives. Upon launching the executable, a host of additional files are fetched, including the previously mentioned decoy EU document, a malicious DLL loader, an encrypted PlugX variant, and a digitally signed .EXE file. [11]

Endnotes :

[1] Government of India. “Cabinet approves upgradation of 2G mobile sites to 4G at security sites in Left-Wing Extremism (LWE) areas”, Press Information Bureau, 27 April 2022, Available from:
[2] Government of India. “Multiple Vulnerabilities in Oracle Products— CERT-In Advisory CIAD-2022-0011”, Indian Computer Emergency Response Team (CERT-In), 22 April 2022, Available from:
[3] Government of India. “India Post warns public against fraudulent URLs/Websites claiming to provide subsidies/prizes through certain surveys”, Press Information Bureau, 23 April 2022, Available from:
[4] Government of India. “Malware targeting ICS/SCADA systems— CIAD-2022-0010”, Indian Computer Emergency Response Team (CERT-In), 16 April 2022, Available from:
[5] Government of India. “Qualcomm and MeitY’s Centre for Development of Advanced Computing (C-DAC) partner to support Indian semiconductor start-ups”, Press Information Bureau, 29 April 2022, Available from:
[6] Government of India. “CERT-In issues directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet”, Press Information Bureau, 28 April 2022, Available from:
[7] “Takedown of Infrastructures of call centre involved in online investment fraud responsible for losses of at least EURO 20 million”, European Union Agency for Criminal Justice Cooperation, 21 April 2022, Available from:
[8] “Tokyo sets Quantum Computing Deadline— Japan Times”, Asia Financial, 08 April 2022, Available from:
[9] Kaur, Dashveenjit. “Japan’s first domestic quantum computer targets 10m users by 2030”, Techwire Asia, 18 April 2022, Available from:
[10] Toulas, Bill. “Russian hacktivists launch DDoS attacks on Romanian govt sites”, Bleeping Computer, 29 April 2022, Available from: ; Government of Romania. “Atacuriciberneticeasupra site-urilorunorinstituțiipubliceșifinanciar-bancare”, SRI, 29 April 2022, Available from:
[11] Toulas, Bill. “Chinese state-backed hackers now target Russian state officers”, Bleeping Computer, 27 April 2022, Available from: