Cyber update

Silk Typhoon hackers now target IT supply chains to breach networks

Microsoft cautions that the Chinese cyber-espionage threat organization “Silk Typhoon” has changed its strategy and is now attacking cloud services and remote management tools in supply chain attacks that allow it to reach downstream clients. The tech giant has verified breaches in some sectors, including energy, government, IT services, healthcare, defence, education, and non-governmental organizations. “They [Silk Typhoon] exploit unpatched applications that allow them to elevate their access in targeted organizations and conduct further malicious activities,” says the study from Microsoft. “After successfully compromising a victim, Silk Typhoon uses the stolen keys and credentials to infiltrate customer networks where they can then abuse a variety of deployed applications, including Microsoft services and others, to achieve their espionage objectives.” Silk Typhoon storms IT supply chains In early December 2024, a Chinese state-sponsored espionage outfit called Silk Typhoon gained notoriety for breaking into the U.S. Office of Foreign Assets Control (OFAC) and collecting information from the Committee on Foreign Investment in the United States (CFIUS). Around that time, according to Microsoft, Silk Typhoon changed its strategy and began misusing credentials for identity management, privileged access management, IT providers, and RMM solutions that were stolen and compromised. These credentials were then used to get access to downstream client networks and data. According to Microsoft, the hackers look through GitHub repositories and other open sources to find credentials or authentication keys that have been released, then exploit them to compromise systems. Password spray attacks are another well-known tactic used by threat actors to obtain legitimate credentials. In the past, threat actors mostly used n-day and zero-day vulnerabilities in edge devices that were visible to the public to obtain initial access, plant web shells, and then migrate laterally via compromised RDPs and VPNs. The attackers can roam around cloud environments, steal Active Directory sync credentials (AADConnect), and abuse OAuth applications for a far more covert attack when they shift from organization-level intrusions to MSP-level compromises. Threat actors no longer use web shells and malware; instead, Silk Typhoon uses cloud apps to take data and then delete records, leaving very little evidence behind. Microsoft has noted that Silk Typhoon still uses vulnerabilities, commonly known as zero days, to gain early access in addition to its new strategies. As a zero-day penetration of corporate networks, the threat organization was most recently seen taking use of a major Ivanti Pulse Connect VPN privilege escalation issue (CVE-2025-0282). Earlier in 2024, Silk Typhoon took advantage of CVE-2023-3519, a remote code execution vulnerability in Citrix NetScaler ADC and NetScaler Gateway, and CVE-2024-3400, a command injection vulnerability in Palo Alto Networks GlobalProtect. Microsoft claims that to conduct attacks and hide malicious activity, the threat actors have established a “CovertNetwork” made up of compromised Cyberoam appliances, Zyxel routers, and QNAP devices. At the bottom of its report, Microsoft has included updated indications of compromise and detection criteria that take into account Silk Typhoon’s most recent change in strategy. Defenders are advised to incorporate the information into their security tools to promptly identify and stop any attacks.

Gurugram: 7 people held for duping people over ₹87 crore in cyber frauds

Seven Cybercriminals Arrested in Gurugram for Defrauding Over ₹87 Crores in Nationwide Scam The accused were implicated in some cybercrimes, according to the police, including impersonation, cyberbullying, stalking, and fraudulent investment schemes. According to officials on 05 March 2025, seven cybercriminals who were apprehended by the Gurugram cyber police in the past two months allegedly defrauded hundreds of individuals nationwide out of over ₹87 crores. Police said they found three SIM cards, seven mobile phones, and ₹7.60 lakh in cash in their possession. The accused were implicated in some cybercrimes, according to the police, including impersonation, cyberbullying, stalking, and fraudulent investment schemes. According to Assistant Commissioner of Police (Cyber) Priyanshu Dewan, 399 cases and 10,956 complaints have been filed against the accused nationwide. Six of these instances are in Gurugram, out of the 22 cases reported in Haryana. In the past two months, all of the defendants have been taken into custody. Sonu Kumar, Ishwar, Sunil Kumar, Pawan Kumar Sharma, Neeraj, Salim, and Priya Mishra were their names, he said. Police examined data from the Indian Cyber Crime Coordination Center (I4C) and discovered that the seven cybercriminals had scammed victims nationwide out of ₹87.06 crores. The ACP stated that more research is being done on the subject.

Department of Telecommunications Issues Strong Warning Against Telecom Fraud, Enforces Harsh Penalties Under 2023 Act

The Department of Telecommunications (DoT) has issued a warning against the misuse of telecom resources, stressing penalties under the Telecommunications Act of 2023. The Act targets fraud, including SIM card tampering and identifier spoofing, with severe legal consequences. The misuse of telecom resources, such as altering or spoofing IP addresses, IMEI numbers, SMS headers, and mobile numbers, has been strongly warned against by the Department of Telecommunications (DoT). The Telecommunications Act of 2023, which stipulates severe penalties for violators, is violated by such actions, the DoT stressed. Growing Threat of Department of Telecommunications Fraud Telecom resources are increasingly being used by scammers for financial fraud and cybercrime. Illicitly obtained Subscriber Identity Module (SIM) cards and SMS headers have been used by criminals to transmit large quantities of bogus texts. To help hackers, some people also purchase SIM cards in their names and provide them to others, frequently without realizing it. SIM cards obtained through fraud, impersonation, or forged documents have also been reported. In certain cases, Points of Sale (PoS), which are in charge of issuing SIM cards, have allowed these unlawful purchases, thereby aiding and abetting the crime. Tampering with Telecom Identifiers: A Serious Crime Cybercriminals have also been seen changing telecommunication identifiers, such as the Calling Line Identity (CLI), sometimes referred to as a phone number, using mobile apps and other tools. Other crucial telecom identifiers, like IP addresses, IMEI numbers, and SMS headers, have also been changed to deliver fake messages and evade detection. Department of Telecommunications Act of 2023: Strict Legal Provisions The Telecommunications Act of 2023 imposes harsh penalties for offences related to telecommunications: Tampering with telecommunication identifiers is prohibited by Section 42(3)(c). Section 42(3)(e): Makes it illegal to obtain SIM cards or other telecom identifiers by deception, fraud, or impersonation. Section 42(7) overrides the 1973 Code of Criminal Procedure by declaring certain offences to be cognizable and non-bailable. Penalties: Violators may be fined up to Rs 50 lakh, imprisoned for up to three years, or both. Section 42(6): Those who aid or abet such offences face similar punishments. DoT’s Commitment to a Secure Telecom Ecosystem The Department of Telecommunications ( DoT ) reiterated its dedication to stopping telecom fraud through the use of cutting-edge security measures and guidelines. The department warned of harsh penalties for violators under the Department of Telecommunications Act of 2023 and asked citizens to be on guard. A safe and secure telecom ecosystem for all users is the goal of the strict legal framework, which also attempts to discourage fraudulent operations.

During the rise of DeepSeek, Elon Musk lost $90 billion; see what Bezos and Zuckerberg lost instead.

Tech billionaires lost $94 billion as a result of the Chinese AI business DeepSeek. Larry Ellison, the billionaire and chief technology officer of Oracle, lost almost $9 billion. Elon Musk, the CEO of Tesla, is among the IT giants who have lost billions of dollars as a result of China’s DeepSeek’s breakthrough achievement this year. Fortune reports that the world’s richest person lost $90 billion. According to reports, Nvidia CEO Jensen Huang and Meta CEO Mark Zuckerberg lost $20 billion and $11 billion, respectively. Nvidia was the most severely impacted by the billion-dollar AI startup’s ascent to prominence, which led to a sell-off in the AI chip manufacturer and a $600 billion decline in its market value—one of the worst decrease in US stock prices in the history of the market, according to Bloomberg. Moreover, at the beginning of February, Bloomberg assessed Musk’s net worth to be around $433 billion, but on February 28, it decreased to $349 billion. Within the same period, Zuckerberg’s net worth plummeted from $243 billion to $232 billion. Larry Ellison, the billionaire and chief technology officer of Oracle, lost almost $9 billion. According to Fortune, DeepSeek collectively wiped off $94 billion from tech billionaires’ wallets. Despite the sharp decline in his and his company’s wealth brought on by DeepSeek, Huang lauded the Chinese firm on Nvidia’s most recent earnings call, claiming it had “ignited global enthusiasm.” “It’s a great invention, but more significantly, it has made a top-notch AI reasoning model publicly available,” he stated. For a tenth of the price, DeepSeek had unveiled a sizable language model that could compete with those of competitors like OpenAI. According to CNBC, Nvidia’s biggest clients, Meta, Amazon, Google, and Microsoft, appear unfazed and plan to spend over $320 billion on AI and data centre expansion.

Massive Data Leak: AI Training Data Contains 12,000 API Keys and Passwords

Massive Data Leak : Researchers Discover Over 12,000 Exposed Credentials in Common Crawl, Highlighting Major Security Vulnerabilities for AI Models Massive Data Leak : Researchers at Truffle Security have identified approximately 12,000 valid API keys and passwords in the Common Crawl dataset, a large open-source online archive utilized for training artificial intelligence models. The dataset, which comprises petabytes of online data collected since 2008, is widely used by OpenAI, Google, Meta, Anthropic, Stability AI, and other organizations. Findings: Slack Webhooks, MailChimp API Keys, and AWS Root Keys were made public. In the December 2024 Common Crawl archive, Truffle Security examined 400 terabytes of Massive Data Leak from 2.67 billion web pages and discovered 11,908 legitimate login credentials that developers had hardcoded onto open websites. The following were among the revealed secrets: Root keys for Amazon Web Services (AWS) Almost 1,500 MailChimp API keys were leaked in JavaScript and front-end HTML. One of the WalkScore API keys was used 57,029 times in 1,871 subdomains. Slack webhooks: 17 distinct live webhook URLs are displayed on a single page. The disclosure presents a significant security concern because hackers may use these credentials to perpetrate phishing scams, impersonate brands, and illegally access private information. How Did the Secrets Get Exposed? Developers chose to hardcode API keys and credentials into JavaScript and front-end HTML rather than utilizing server-side environment variables, which led to the leak. These secrets were exposed Massive Data Leak to the public through such coding techniques, leaving them open to abuse. Sensitive information may still be incorporated into LLMs, thereby affecting their behaviour, despite efforts to filter and clean AI training datasets. Security Implications for AI and the Web Truffle Security’s observation that 63% of the secrets found were reused on several websites raised concerns over pervasive unsafe coding techniques. The researchers cautioned that AI models educated on such data may unintentionally include security flaws, posing unanticipated threats. To minimize possible harm, Truffle Security responded by contacting the impacted vendors and assisting them in rescinding or rotating thousands of compromised API keys. Call for Better Security Practices The results are a wake-up call for AI researchers and developers to implement more stringent security protocols. Important actions to prevent similar situations include avoiding hardcoded credentials, implementing environment variables, and performing frequent security audits. As AI models develop, the cybersecurity sector continues to face a significant hurdle: ensuring that training datasets are free of sensitive data.

Hackers Target Lucknow Family with Identity Theft and Threatening Messages; Police Launch Investigation

In Lucknow, Hackers Target Family with Identity Theft and Threatening Messages; Police Launch Investigation into Phone Compromise and Personal Data Theft. In Lucknow, a man and his family fell prey to digital fraud in a startling cybercrime case. Threats were made, personal information was stolen, and their phones were compromised. A formal report (FIR) has been made by the police under Section 66C of the Information Technology (Amendment) Act, 2008, alleging identity theft and unauthorized access to electronic devices. Hackers target a man named Vikram Chopra and his family in a high-profile cybercrime case that was publicized in Hussainganj, Lucknow. The FIR, filed on February 28, 2025, claims that numerous of Vikram’s and his family members’ mobile phones were compromised by unidentified cybercriminals on January 17, 2025. How the Cybercrime Unfolded Vikram Chopra, a resident of Lucknow’s Sarvapalli Mall Avenue, claimed that his family and he had been the victims of strange activity on their mobile devices. The criminals tried to abuse their gallery files and personal information in addition to gaining illegal access to their phones. Vikram’s complaint claims for Hackers target that his family members received threatening texts that hinted at more blackmail and internet abuse. On January 20, 2025, Vikram reported the incident right away to the Cyber Cell because he was worried about his privacy and safety. He then took it to the Chief Minister’s complaints page. Police Experiment and Legal Action Section 66C of the Information Technology Act, 2008, which addresses identity theft and illicit digital access, was used by the Hussainganj police to file a formal case after receiving the complaint. Inspector Shamsher Bahadur Singh has been assigned as the case’s investigating officer and will be in charge of the investigation into the identity and methods of the hackers. The case has been formally logged, and a comprehensive investigation is in progress, according to the FIR. Prof. Triveni Singh, Ex-IPS and Cybercrime Expert, stated: Such incursions can be made possible by sophisticated malware, such as OS-specific spyware and APK files. SMS, WhatsApp messaging, email attachments, and even physical infiltration can all be used to infect devices. It takes thorough malware forensics to find the culprits or the infection’s origin. To effectively tackle such cyber threats, law enforcement must recruit the assistance of private virus analysis specialists because police skills are currently restricted. The Increasing Risk of Cybercrime India’s increasing cyber threats for Hackers target are further highlighted by this occurrence. Authorities are warning people to adopt the following essential cyber hygiene precautions because it is becoming common for digital technology to be misused to compromise personal security: Avoiding unknown links and suspicious emails Regularly changing passwords to secure Hackers target Enabling two-factor authentication Reporting cyber frauds immediately to law enforcement agencies Stronger digital security measures and rigorous law enforcement are more important than ever since fraudsters become more savvy.

Doctor Loses Rs 6 Lakh to Cybercriminals Through Malicious APK File and 30 OTPs

Doctor Loses Rs 6 Lakh in Cyber Scam After Downloading Malicious APK File Posing as Bank KYC Update Raipur: A doctor loses more than Rs 6 lakh from his savings account and fixed deposits after falling victim to a sophisticated cyber scam. The scammers lured him into downloading a malicious APK file that posed as an IndusInd Bank KYC update. The event took place at the Sarasvati Nagar police station. Fraud via APK File Doctor Satish Rajput, who works at a private hospital in Samta Colony, complained that he received a message on his phone between February 23 and February 26 with a link titled “IndusInd KYC APK.” Unaware that the file was downloaded to his phone, he accidentally tapped on the link, thinking it was a genuine KYC update request from the bank. He had no idea that the APK file was a malicious program that gave hackers access to his mobile device. Suddenly, on February 27, he began receiving many OTP messages on his phone while he was at a mall seeing a movie. Approximately thirty OTPs were generated in a brief amount of time, and funds started to drain from his account. Hackers stole his money even though he didn’t give anyone the OTPs. Massive Financial Loss Dr Rajput claims that a total of Rs 6 lakh was taken out of his bank accounts, which included several fixed deposits and his savings account. The following is a breakdown of the amount stolen: Rs 1,92,000 from his savings account Rs 2,00,000 from one fixed deposit Rs 1,80,000 from another fixed deposit Rs 28,000 from a third fixed deposit On March 1, as soon as he realized he had been deceived, he notified the police. The Saraswati Nagar police have begun investigating the scammers and are working to locate them. Rising Cybercrime Tactics Doctor loses a significant sum in this instance, which demonstrates the rising practice of fraudsters accessing bank accounts without authorization using APK file scams. In such cases, doctor loses hard-earned savings as cybercriminals constantly devise new ways to defraud gullible people. Authorities have also recently issued warnings against call-merging scams, in which con artists pretend to be friends and combine calls to intercept OTPs and cause financial losses—yet another method through which a doctor loses money and peace of mind. Police Advisory The public is advised by authorities to refrain from downloading unfamiliar APK downloads, confirm any correspondence about their banks directly with their banks, and promptly report any strange calls or messages to the cybercrime helpline 1930.

Protect Yourself Online Matrimonial frauds – Information Security Awareness

Online matrimonial frauds is on the rise these days, posing a huge threat to individuals looking for a partner through online platforms. Fraudsters take benefit of the vulnerabilities of unknowing people, causing them financial loss, emotional distress, and potential harm. Over two decades, online matrimonial sites have gained popularity in India where most marriages are still arranged by parents. The whole traditional matchmaking process changed and was set aside when the wave of online matrimonies came into existence. For Indian bachelors looking to explore and find a lifelong partner, online matrimonial sites offer the right fusion of modern technology and traditional Indian traditions. This increased demand for online services that run searchable databases of marriage-related content, such as Shaadi.com, Jeevansathi.com, and Matrimony.com Ltd. But, matrimonial sites are not completely safe. There is a possibility that you will regret not taking certain precautions. The number of people falling for marriage website scams has gone up. Dangers Financial Loss Emotional Manipulation: Identity Theft: Blackmail and Extortion: Vulnerable Groups: People Looking for Companionship: People who are searching for a relationship or who are emotionally fragile may be more prone to falling for fraudulent schemes and scams. Elderly People: Due to their possible substantial financial holdings and low understanding of contemporary technology, the elderly are frequently targeted since they may be more trusting and less accustomed to internet platforms. The present scenario Online matrimonial frauds Matrimonial sites come under ‘intermediaries’ within the IT Act 2000. They are responsible for the frauds that are perpetrated through their sites. Matrimonial sites. However these websites do not have any stringent KYC (Know Your Customer) procedures in place and hence readily accept documents/facts provided by fake profiles, which results in fraud being committed. With the increase in frauds through matrimonial sites, Cyber Law Due Diligence becomes a very important way to put an end to the use of matrimonial and dating sites as means of deception and fraud. The Information Technology Act, of 2000 is the Cyber Law of India that mandates observance of Cyber Law Due Diligence and Internet Intermediary Obligations in India. Cyber Law Due Diligence means taking proper and Reasonable Care and Caution while dealing with Online/Technological Transactions and Activities. Modus operandi With the minimal KYC/verification procedures in place to register on online matrimonial websites, the fraudster usually follows the following modus operandi: The fraudster initially creates a fake profile with attractive descriptions. In most cases, the person seems to be settled or working abroad, thus making actual meetings difficult. Later they look for gullible profiles to fall into their trick. In most cases, the targets are widows or divorced while some are elderly women looking for life partners. Also, they look for targets who are economically sound. Later, phone numbers, and email addresses are shared to increase personal communication and gain trust. Once the communication is established the fraudsters delete the profiles on the online matrimonial website and only communicate through phones, emails, or phone messengers. After gaining trust, money is demanded on various pretexts like customs clearance of costly gifts or as conversion charges for foreign currency, government clearance for diamonds, gold, or inherited wealth. All this money is asked as an online transfer and the person never meets the victim. Once they receive the money they never respond to the victim which makes it difficult to trace. Warning Signs Be alert to the red flags that can help you identify online matrimonial fraudsters: Are not willing to show their face and avoid face-to-face meetings, they are also reluctant to come on video chat, profile photo may not be theirs. Ask for a money transfer, citing some emergency, initially a small sum and later a large amount May not have a social profile or have few friends on social media Hesitate to share family/ workplace details Express “love” too quickly even before fully understanding each other The profile looks too good to be true for that person to express interest to you They call from multiple numbers. They usually don’t give a number to call back. Even if they give you a number, they don’t pick up when you call. Later, they call you back from a new number It sounds inconsistent or confusing when you ask for personal details, and their information is marked with inconsistencies. Are you in a mad rush for early marriage, without a valid reason Request for deletion of your profile immediately after getting in touch with you Ask for email username/ password or credit card/ bank account details Come up with false stories to gain sympathy How to save yourself Explore the various available online matrimonial websites Do a good Google search about the available Online matrimonial frauds platforms. Check for reviews from registered users and find a suitable one. Also, most matrimonial websites add a verified batch of profiles that are checked by their team. If you see a verified batch, you can go forward with the person without thinking much. Check out how genuine the website is before you register. Make sure the site has good reviews from registered members. Do a profile check. While you rely on online ways to find your life partner you must take this responsibility and do a thorough profile check. Check every detail carefully. Do a proper check on current and permanent address, education workplace etc. At any point you think there is a mismatch, feel free to question the other person. Once you decide to go ahead, find out whether details given about the individual’s qualification, job, family background and such details are indeed true to avoid regrets at a later stage. Verify the details mentioned in the profile you are interested in, and do a profile check on social media platforms for further information about the person. If you do not find details on any social media, it is a red flag Slow and steady wins the race Marriage is a lifetime decision and you cannot take a chance here. Life is not a race, ensure

CloudSEK Report: India estimated to lose Rs 20,000 crore to cybercrimes in 2025

India to Lose Rs 20,000 Crore to Cybercrimes in 2025, with Brand Abuse Accounting for Over Rs 9,000 Crore, Warns CloudSEK Report India is estimated to lose about Rs 20,000 crore to cybercrimes in 2025, as stated by a recent report by cybersecurity firm CloudSEK Report. The survey predicts that phishing scams, brand abuse, and phoney domains will be the general tactics used by cybercriminals this year. It is anticipated that when artificial intelligence (AI) develops further, hackers will employ sophisticated social engineering strategies to conduct fraudulent activities. Notably, it is estimated that brand name abuse alone will have a financial impact of more than Rs 9,000 crore. Our analysis has shown that cybercrime has caused financial damages of over Rs 20,000 crore, of which Rs 9,000 are attributable to brand name abuse alone. This is the greatest finding. The fact that brand abuse is linked to an astounding 70% of high-value scams and roughly one-third of all cybercrime events should serve as a wake-up call for India, according to Pavan Karthick M, Threat Intelligence Researcher at CloudSEK Report . The growing economic impact of cyber crimes in India is highlighted in CloudSEK Report white paper, which was published on Friday. It emphasizes how illegal use of trusted brand names for fraudulent purposes has grown to be a significant avenue for exploitation. Cybercriminals use phoney website names and fraudulent mobile applications in addition to brand impersonation to trick people. The financial industry is predicted to face the highest portion of these losses, accounting for Rs 8,200 crore, or 41% of the total, according to a sector-by-sector analysis in the research. Government services may sustain financial losses of Rs 3,400 crore, or 17% of the total impact, while the retail and e-commerce industries are expected to sustain a combined 29% of losses. The conclusions are based on information gathered from 200 firms, which includes 16,000 cyber threat occurrences involving brands and more than 5,000 domain takedowns. The Indian Cyber Crime Coordination Centre (I4C), which reported financial losses of almost Rs 11,333 crore in the first nine months of 2024 with a sharp increase predicted in 2025, is another source of official data cited in the article. CloudSEK Report in Businesses will experience reputational harm in addition to financial repercussions when their names are utilized fraudulently. According to the research, businesses may have to pay Rs 6,000 crore for legal actions, customer compensation, remediation activities, and improvements to security infrastructure. Individuals are anticipated to be most affected by these losses, though, with personal financial damages likely to approach Rs 14,000 crore by 2025.

Maharashtra sets up Cyber Corporation to tackle digital frauds, launches 1945 helpline

Chief Minister Devendra Fadnavis stated on February 28, 2025, that Maharashtra had established a “cyber corporation” to combat digital fraud and that two other states had also provided a comparable service. The Navi Mumbai facility will serve as the state’s cybercrime headquarters. “I envision a time when cybercrime would account for 70% of all crimes and street crime will make up for 20% to 30% of all crimes. He stated during the Mumbai Tech Week 2025 event that Cyber Corporation is the greatest platform in India for integrating social media handles, banks, and non-banking financial organizations (to track crimes). “We have all the necessary licenses and the best tools in the world.” A single (helpline) number, 1945, has been acquired. Fadnavis did list the states that reached out to Maharashtra to establish a comparable facility. Digital fraud and other cybercrimes have surged across the nation. In the Financial Year 2023-24 (FY24), there were 36,075 frauds in the banking industry, more than four times the number in the previous five years. According to the Reserve Bank of India’s annual report, frauds involving digital payments (card or internet) rose from 2,677 in FY20 to 29,082 in FY24. Startups leaving Maharashtra Fadnavis said the state did not create sufficient infrastructure Maharashtra in Mumbai between 2009 and 2014, leading to a high cost of living and start-ups moving to cities like Bengaluru and Hyderabad. “The IT-enabled industry could no longer afford to remain in Mumbai.” Our ineffective work caused the IT (information technology) revolution to spread to several cities. However, we began addressing that after 2014. The state would build a start-up incubator dubbed M-Hub, according to Fadnavis, who was first appointed chief minister in 2014 and is currently serving his second term after a hiatus. In Navi Mumbai, we intend to develop a large amount of plug-and-play space. It will be similar to Hyderabad and Bengaluru.