#FactCheck - "Deep fake video falsely circulated as of a Syrian prisoner who saw sunlight for the first time in 13 years”

Introduction

The unprecedented cyber espionage attempt on the Indian Air Force has shocked the military fraternity in the age of the internet where innovation is vital to national security. The attackers have shown a high degree of expertise in their techniques, using a variant of the infamous Go Stealer and current military acquisition pronouncements as a cover to obtain sensitive information belonging to the Indian Air Force. In this recent cyber espionage revelation, the Indian Air Force faces a sophisticated attack leveraging the infamous Go Stealer malware. The timing, coinciding with the Su-30 MKI fighter jets' procurement announcement, raises serious questions about possible national security espionage actions.

A sophisticated attack using the Go Stealer malware exploits defense procurement details, notably the approval of 12 Su-30 MKI fighter jets. Attackers employ a cunningly named ZIP file, "SU-30_Aircraft_Procurement," distributed through an anonymous platform, Oshi, taking advantage of heightened tension surrounding defense procurement.

Advanced Go Stealer Variant:

The malware, coded in Go language, introduces enhancements, including expanded browser targeting and a unique data exfiltration method using Slack, showcasing a higher level of sophistication.

Strategic Targeting of Indian Air Force Professionals:

The attack strategically focuses on extracting login credentials and cookies from specific browsers, revealing the threat actor's intent to gather precise and sensitive information.

Timing Raises Espionage Concerns:

The cyber attack coincides with the Indian Government's Su-30 MKI fighter jets procurement announcement, raising suspicions of targeted attacks or espionage activities.

The Deceitful ZIP ArchiveSU-30 Aircraft Acquisition

The cyberattack materialised as a sequence of painstakingly planned actions. Using the cleverly disguised ZIP file "SU-30_Aircraft_Procurement," the perpetrators took benefit of the authorisation of 12 Su-30 MKI fighter jets by the Indian Defense Ministry in September 2023. Distributed via the anonymous file storage network Oshi, the fraudulent file most certainly made its way around via spam emails or other forms of correspondence.

The Spread of Infection and Go Stealer Payload:

The infiltration procedure progressed through a ZIP file to an ISO file, then to a.lnk file, which finally resulted in the Go Stealer payload being released. This Go Stealer version, written in the programming language Go, adds sophisticated capabilities, such as a wider range of browsing focussed on and a cutting-edge technique for collecting information using the popular chat app Slack.

Superior Characteristics of the Go Stealer Version

Different from its GitHub equivalent, this Go Stealer version exhibits a higher degree of complexity. It creates a log file in the machine owned by the victim when it is executed and makes use of GoLang utilities like GoReSym for in-depth investigation. The malware focuses on cookies and usernames and passwords from web browsers, with a particular emphasis on Edge, Brave, and Google Chrome.

This kind is unique in that it is more sophisticated. Its deployment's cyber enemies have honed its strengths, increasing its potency and detection resistance. Using GoLang tools like GoReSym for comprehensive evaluation demonstrates the threat actors' careful planning and calculated technique.

Go Stealer: Evolution of Threat

The Go Stealer first appeared as a free software project on GitHub and quickly became well-known for its capacity to stealthily obtain private data from consumers who aren't paying attention. Its effectiveness and stealthy design rapidly attracted the attention of cyber attackers looking for a sophisticated tool for clandestine data exfiltration. It was written in the Go programming language.

Several cutting-edge characteristics distinguish the Go Stealer from other conventional data thieves. From the beginning, it showed a strong emphasis on browser focusing on, seeking to obtain passwords and login information from particular websites including Edge, Brave, and Google Chrome.The malware's initial iteration was nurtured on the GitHub database, which has the Go Stealer initial edition. Threat actors have improved and altered the code to serve their evil goals, even if the basic structure is freely accessible.

The Go Stealer version that has been discovered as the cause of the current internet spying by the Indian Air Force is not limited to its GitHub roots. It adds features that make it more dangerous, like a wider range of browsers that may be targeted and a brand-new way to exfiltrate data via Slack, a popular messaging app.

Secret Communications and Information Expulsion

This variation is distinguished by its deliberate usage of the Slack API for secret chats. Slack was chosen because it is widely used in company networks and allows harmful activity to blend in with normal business traffic. The purpose of the function "main_Vulpx" is specifically to upload compromised information to the attacker's Slack route, allowing for covert data theft and communication.

The Time and Strategic Objective

There are worries about targeted assaults or espionage activities due to the precise moment of the cyberattack, which coincides with the Indian government's declaration of its acquisition of Su-30 MKI fighter fighters. The deliberate emphasis on gathering cookies and login passwords from web browsers highlights the threat actor's goal of obtaining accurate and private data from Indian Air Force personnel.

Using Caution: Preventing Possible Cyber Espionage

• Alertness Against Misleading Techniques: Current events highlight the necessity of being on the lookout for files that appear harmless but actually have dangerous intent. The Su-30 Acquisition ZIP file is a stark illustration of how these kinds of data might be included in larger-scale cyberespionage campaigns.
• Potentially Wider Impact: Cybercriminals frequently plan coordinated operations to target not just individuals but potentially many users and government officials. Compromised files increase the likelihood of a serious cyber-attack by opening the door for larger attack vectors.
• Important Position in National Security: Recognize the crucial role people play in the backdrop of national security in the age of digitalisation. Organised assaults carry the risk of jeopardising vital systems and compromising private data.
• Establish Strict Download Guidelines: Implement a strict rule requiring file downloads to only come from reputable and confirmed providers. Be sceptical, particularly when you come across unusual files, and make sure the sender is legitimate before downloading any attachments.
• Literacy among Government Employees: Acknowledge that government employees are prime targets as they have possession of private data. Enable people by providing them with extensive cybersecurity training and awareness that will increase their cognition and fortitude.

Conclusion

Indian Air Force cyber surveillance attack highlights how sophisticated online dangers have become in the digital era. Threat actors' deliberate and focused approach is demonstrated by the deceptive usage of a ZIP archive that is camouflaged and paired with a sophisticated instance of the Go Stealer virus. An additional level of complication is introduced by integrating Slack for covert communication. Increased awareness, strict installation guidelines, and thorough cybersecurity education for government employees are necessary to reduce these threats. In the digital age, protecting national security necessitates ongoing adaptation as well as safeguards toward ever-more potent and cunning cyber threats.

References

• ‍https://www.overtoperator.com/p/indianairforcemalwaretargetpotential
• ‍https://cyberunfolded.in/blog/indian-air-force-targeted-in-sophisticated-cyber-attack-with-su-30-procurement-zip-file#go-stealer-a-closer-look-at-its-malicious-history
• ‍https://thecyberexpress.com/cyberattack-on-the-indian-air-force/https://therecord.media/indian-air-force-infostealing-malware

‍

Executive Summary:

In the age of virtuality, misinformation and misleading techniques shape the macula of the internet, and these threaten human safety and well-being. Recently, an alarming fake information has surfaced, intended to provide a fake Government subsidy scheme with the name of Indian Post. This serves criminals, who attack people's weaknesses, laying them off with proposals of receiving help in exchange for info. In this informative blog, we take a deep dive into one of the common schemes of fraud during this time. We will go through the stages involved which illustrates how one is deceived and offer practical tips to avoid the fall.

Introduction:

Digital communication reaches individuals faster, and as a result, misinformation and mails have accelerated their spread globally. People, therefore, are susceptible to online scams as they add credibility to phenomena. In India, the recently increased fake news draws its target with the deceptive claims of being a subsidy from the Government mainly through the Indian post. These fraudulent schemes frequently are spread via social networks and messaging platforms, influence trust of the individual’s in respectable establishments to establish fraud and collect private data. 

Understanding the Claim:

There is a claim circulating on the behalf of the Government at the national level of a great subsidy of $1066 for deserving residents. The individual will be benefited with the subsidy when they complete the questionnaire they have received through social media. The questionnaire may have been designed to steal the individual’s confidential information by way of taking advantage of naivety and carelessness.

The Deceptive Journey Unveiled:

Bogus Offer Presentation: The scheme often appeals to people, by providing a misleading message or a commercial purposely targeted at convincing them to act immediately by instilling the sense of an urgent need. Such messages usually combine the mood of persuasion and highly evaluative material to create an illusion of being authentic.

Questionnaire Requirement: After the visitors land on attractive content material they are directed to fill in the questionnaire which is supposedly required for processing the economic assistance. This questionnaire requests for non private information in their nature.

False Sense of Urgency: Simultaneously, in addition to the stress-causing factor of it being a fake news, even the false deadline may be brought out to push in the technique of compliance. This data collection is intended to put people under pressure and influence them to make the information transfer that immediate without thorough examination.

Data Harvesting Tactics: Despite the financial help actually serving, you might be unaware but lies beneath it is a vile motive, data harvesting. The collection of facts through questionnaires may become something priceless for scammers that they can use for a good while to profit from identity theft, financial crimes and other malicious means.

Analysis Highlights:

• It is important to note that at this particular point, there has not been any official declaration or a proper confirmation of an offer made by the India Post or from the Government. So, people must be very careful when encountering such messages because they are often employed as lures in phishing attacks or misinformation campaigns. Before engaging or transmitting such claims, it is always advisable to authenticate the information from trustworthy sources in order to protect oneself online and prevent the spread of wrongful information
• The campaign is hosted on a third party domain instead of any official Government Website, this raised suspicion. Also the domain has been registered in very recent times.

• Domain Name: ccn-web[.]buzz
• Registry Domain ID: D6073D14AF8D9418BBB6ADE18009D6866-GDREG
• Registrar WHOIS Server: whois[.]namesilo[.]com
• Registrar URL: www[.]namesilo[.]com
• Updated Date: 2024-02-27T06:17:21Z
• Creation Date: 2024-02-11T03:23:08Z
• Registry Expiry Date: 2025-02-11T03:23:08Z
• Registrar: NameSilo, LLC
• Name Server: tegan[.]ns[.]cloudflare[.]com
• Name Server: nikon[.]ns[.]cloudflare[.]com

Note: Cybercriminal used Cloudflare technology to mask the actual IP address of the fraudulent website. 

CyberPeace Advisory:

Verification and Vigilance: It makes complete sense in this case that you should be cautious and skeptical. Do not fall prey to this criminal act. Examine the arguments made and the facts provided by either party and consult credible sources before disclosures are made.

Official Channels: Governments usually invoke the use of reliable channels which can as well be by disseminating subsidies and assistance programs through official websites and the legal channels. Take caution for schemes that are not following the protocols previously established.

Educational Awareness: Providing awareness through education and consciousness about on-line scams and the approaches which are fraudulent has to be considered a primary requirement. Through empowering individuals with capabilities and targets we, as a collective, can be armed with information that will prevent erroneous scheme spreading.

Reporting and Action: In a case of mission suspicious and fraudulent images, let them understand immediately by making the authorities and necessary organizations alert. Your swift actions do not only protect yourself but also help others avoid the costs of related security compromises.

Conclusion:

The rise of the ‘Indian Post Countrywide - government subsidy fake news’ poses a stern warning of the present time that the dangers within the virtual ecosystem are. The art of being wise and sharp in terms of scams always reminds us to show a quick reaction to the hacks and try to do the things that we should identify as per the CyberPeace advisories; thereby, we will contribute to a safer Cyberspace for everyone. Likewise, the ability to critically judge, and remain alert, is important to help defeat the variety of tricks offenders use to mislead you online.

‍

Introduction

Mr Rajeev Chanderashekhar, MoS, Ministry of Electronics and Information Technology, on 09 March 2023, held a stakeholder consultation on the Digital India Bill. This bill will be the successor to the Information technology Act 2000 and provide a set of regulations and laws which will govern cyberspace in times to come. The consultation was held in Bangalore and was the first of many such consultations where the Digital India bill is to be discussed. These public stakeholder consultations will provide direct public feedback to the ministry, and this will help create a safe and secure ecosystem of Indian Cyber Laws.

What is the Digital India Act?

Cyberspace has evolved the fastest as compared to any other industry, and the evolution of the growth cannot be presumed to be stagnant or stuck as we see new technologies and gadgets being invented all across the globe. The ease created by using technology has changed how we live and function. However, bad actors often use these advantages or fruits of technology to wreak havoc upon the nation’s cyberspace. The use of technology is always governed by the application of usage and safeguard policies and laws. As technology is growing exponentially, it is pertinent that we have laws which are in congruence with today’s time and technology. This is keenly addressed by the Digital India Act, which will be the legislation governing Indian Cyberspace in times to come. This was the need of the hour in order to have the judiciary, legislature and law enforcement agencies ahead of the curve when it comes to cyber crimes and laws.

What is the Digital India Bill’s primary goal?

The Digital India Bill’s goal is to guarantee an institutional structure for accountability and that the internet in India is accessible, unhindered by user harm or criminal activity. The law will apply to new technologies, algorithmic social media platforms, artificial intelligence, user risks, the diversity of the internet, and the regulation of intermediaries. The diversity of the internet, user hazards, artificial intelligence, social media platforms, and intermediary regulation are all discussed.

Why is the Digital India Bill necessary?

The number of internet users in the country currently exceeds 760 million; in the upcoming years, this number will reach 1.2 billion. Despite the fact that the internet is useful and promotes connectivity, there are a number of user damages nearby. Thus, it is crucial to enact legislation to set forth new guidelines for individuals’ rights and responsibilities and mention the requirement to gather data.

Major Elements of the Digital India Act

Major Elements of the Digital India Bill, which will eventually become an Act, which will contribute massively towards a safe cyber-ecosystem, some of these elements aim towards the following-

• The legislation attempts to establish an internet regulator.
• Women and Child safety.
• Safe harbour for intermediaries.
• The right of the individual to secure his information and the requirement to utilise personal data for legal purposes provide the main obstacles to data protection or regulation. The law tries to deal with this difficulty.
• A limit will be placed on how far a person’s personal information can be accessed for legal reasons.
• The majority of the bill’s characteristics are contrasted with the EU’s General Data Protection Regulation.

The Way Ahead

As we ride the wave of developments in cyberspace regarding emerging technologies and automated gadgets, it becomes pertinent that the state takes due note of such technologies and the courts take cognisance of offences committed by using technology. Law enforcement agencies must also train police personnel who can effectively and efficiently investigate cybercrime cases. The ministry also released a few bills last year, such as – the Telecommunication Bill, 2022, Intermediary Rules and the Digital Personal Data Protection Bill, 2022, to better address the shortcomings and the issues in cyberspace and how to safeguard the netizens. The Digital India Act will essentially create a synergy between the current bills and the new ones to come in order to create a wholesome, safe and secure Indian cyber ecosystem.

Conclusion

Digital India Bill is necessary to address the challenges of cyberspace, like personal data and privacy, and policies related to online child and women safety to create a and create a modern and comprehensive legal framework that aligns with global standards of cyber laws. The draft of the bill is expected to come out by July. The ministry looks forward to maximising the impact of the bill through such continuous and effective public consultation to understand and fulfil the expectations and requirements of the Indian netizen, thus empowering him/her equivalent to the netizen of a developed country.