#FactCheck - "Deep fake video falsely circulated as of a Syrian prisoner who saw sunlight for the first time in 13 years”

Introduction

‍

Artificial Intelligence (AI) is fast transforming our future in the digital world, transforming healthcare, finance, education, and cybersecurity. But alongside this technology, bad actors are also weaponising it. More and more, state-sponsored cyber actors are misusing AI tools such as ChatGPT and other generative models to automate disinformation, enable cyberattacks, and speed up social engineering operations. This write-up explores why and how AI, in the form of large language models (LLMs), is being exploited in cyber operations associated with adversarial states, and the necessity for international vigilance, regulation, and AI safety guidelines.

‍

The Shift: AI as a Cyber Weapon

‍

State-sponsored threat actors are misusing tools such as ChatGPT to turbocharge their cyber arsenal.

• Phishing Campaigns using AI- Generative AI allows for highly convincing and grammatically correct phishing emails. Unlike the shoddily written scams of yesteryears, these AI-based messages are tailored according to the victim's location, language, and professional background, increasing the attack success rate considerably. Example: It has recently been reported by OpenAI and Microsoft that Russian and North Korean APTs have employed LLMs to create customised phishing baits and malware obfuscation notes.
  
  
• Malware Obfuscation and Script Generation- Big Language Models (LLMs) such as ChatGPT may be used by cyber attackers to help write, debug, and camouflage malicious scripts. While the majority of AI instruments contain safety mechanisms to guard against abuse, threat actors often exploit "jailbreaking" to evade these protections. Once such constraints are lifted, the model can be utilised to develop polymorphic malware that alters its code composition to avoid detection. It can also be used to obfuscate PowerShell or Python scripts to render them difficult for conventional antivirus software to identify. Also, LLMs have been employed to propose techniques for backdoor installation, additional facilitating stealthy access to hijacked systems.
  
  
• Disinformation and Narrative Manipulation
  State-sponsored cyber actors are increasingly employing AI to scale up and automate disinformation operations, especially on election, protest, and geopolitical dispute days. With LLMs' assistance, these actors can create massive amounts of ersatz news stories, deepfake interview transcripts, imitation social media posts, and bogus public remarks on online forums and petitions. The localisation of content makes this strategy especially perilous, as messages are written with cultural and linguistic specificity, making them credible and more difficult to detect. The ultimate aim is to seed societal unrest, manipulate public sentiments, and erode faith in democratic institutions.

‍

Disrupting Malicious Uses of AI – OpenAI Report (June 2025) 

‍

OpenAI released a comprehensive threat intelligence report called "Disrupting Malicious Uses of AI" and the “Staying ahead of threat actors in the age of AI”, which outlined how state-affiliated actors had been testing and misusing its language models for malicious intent. The report named few advanced persistent threat (APT) groups, each attributed to particular nation-states. OpenAI highlighted that the threat actors used the models mostly for enhancing linguistic quality, generating social engineering content, and expanding operations. Significantly, the report mentioned that the tools were not utilized to produce malware, but rather to support preparatory and communicative phases of larger cyber operations.

‍

AI Jailbreaking: Dodging Safety Measures

‍

One of the largest worries is how malicious users can "jailbreak" AI models, misleading them into generating banned content using adversarial input. Some methods employed are:

• Roleplay: Simulating the AI being a professional criminal advisor
• Obfuscation: Concealing requests with code or jargon
• Language Switching: Proposing sensitive inquiries in less frequently moderated languages
• Prompt Injection: Lacing dangerous requests within innocent-appearing questions

These methods have enabled attackers to bypass moderation tools, transforming otherwise moral tools into cybercrime instruments.

‍

Conclusion

‍

As AI generations evolve and become more accessible, its application by state-sponsored cyber actors is unprecedentedly threatening global cybersecurity. The distinction between nation-state intelligence collection and cybercrime is eroding, with AI serving as a multiplier of adversarial campaigns. AI tools such as ChatGPT, which were created for benevolent purposes, can be targeted to multiply phishing, propaganda, and social engineering attacks. The cross-border governance, ethical development practices, and cyber hygiene practices need to be encouraged.  AI needs to be shaped not only by innovation but by responsibility.

‍

References

• https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/
• https://www.bankinfosecurity.com/openais-chatgpt-hit-nation-state-hackers-a-28640
• https://oecd.ai/en/incidents/2025-06-13-b5e9
• https://www.microsoft.com/en-us/security/security-insider/meet-the-experts/emerging-AI-tactics-in-use-by-threat-actors
• https://www.wired.com/story/youre-not-ready-for-ai-hacker-agents/
• https://www.cert-in.org.in/PDF/Digital_Threat_Report_2024.pdf
• https://cdn.openai.com/threat-intelligence-reports/5f73af09-a3a3-4a55-992e-069237681620/disrupting-malicious-uses-of-ai-june-2025.pdf

‍

Introduction

A famous quote, “Half knowledge is always dangerous”, but “Too much knowledge of anything can lead to destruction”. Recently very infamous spyware and malware named WyrmSpy and Dragon Egg were invented by a Chinese group of hackers APT41. The APT41 is a state-endorsed Clandstein active group based in the People’s Republic of China that has been active since 2012. In contrast to numerous countries-government supported, APT has a footprint record jeopardising both government organisations for clandestine activities as well as different private organisations or enterprises for their financial gain. APT41 group aims at Android devices through spyware wyrmspy and dragon egg, which masquerades as a legitimate application. According to the U.S. jury legal accusation from 2019 to 2020, the group was entangled in threatening over more than 100 public and private individuals and organisations in the United States and around the world.Moreover, a detailed analysis report was shared by the Lookout Threat Researchers, that has been actively monitoring and tracking both spyware and malware.

Briefing about how spyware attacks on Android devices take place

To begin with, this malware imitates a real source Android application to show some sort of notification. Once it is successfully installed on the user’s machine, proclaims multiple device’s permission to enable data filtration.

Wyrmspy complies with log files, photos, device locations, SMS(read and write), and audio recordings. It has also authenticated that there are no detection malware activities found on google play even after running multiple security levels. These malicious things are made with the intent to obtain rooting access privileges to the device and monitor activities to the specified commands received from the C2 servers.

Similarly, Dragon Egg can collect data files, contacts, locations, and audio recordings, and it also accesses camera photos once it successfully trade-off the device. Dragon egg receives a payload that is also known as “smallmload.jar”, which is either from APK(Android Packet Kit).

WyrmSpy initially masquerades as a default operation system application, and Dragon Egg simulates a third-party keyboard/ messaging application.

Overview of APT41 Chinese group background

APT41 is a Chinese-based stealth activity-carrying group that is said to be active since mid-2006. Rumours about APT41 that it was also a part of the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department. Owning to that fact, 2006 has seen 140+ organisations’ security getting compromised, ranging from 20 strategically crucial companies.APT is also recognised for rationally plundering hundreds of terabytes of data from at least 141 organisations between 2006 and 2013. It typically begins with spear-phishing emails to the targeted victims. These sent emails contain official templates along with language pretending to be from a legitimate real source, carrying a malicious attachment. As the victim opens the attached file, the backdoor bestows the control of the targeted machine to the APT groups machine. Once there is an unauthorised gain of access, the attacker visits and revisits the victim’s machine. The group remains dormant for lengthy durations, more likely for months or even for years.

Advisory points need to adhere to while using Android devices

• The security patch update is necessary at least once a week
• Clearing up unwanted junk files.
• Cache files of every frequently used application need to clear out.
• Install only required applications from
  Google play store.
• Download only necessary APK files only it comes from trusted resources.
• Before giving device permission, it is advisable to run your files or URLs on VirusTotal.com this website will give a good closure to the malicious intent.
• Install good antivirus software.
• Individuals need to check the source of the email before opening an attachment to it.
• Never collect or add any randomly found device to your system
• Moreover, the user needs to keep track of their device activity. Rather than using devices just for entertainment purposes, it is more important to look for data protection on that device.

Conclusion

Network Crack Program Hacker Group (NCPH), which grew as an APT41 group with malicious intent, earlier performed the role of grey hat hacker, this group somehow grew up greedy to enhance more money laundering by hacking networks, devices, etc. As this group conducts a supply chain of attacks to gain unauthorised access to the network throughout the world, targeting hundreds of companies, including an extensive selection of industries such as social media, telecommunications, government, defence, education, and manufacturing. Last but not least, many more fraud-making groups with malicious intent will be forming and implementing in the future. It is on individuals and organisations to secure themselves but practise basic security levels to safeguard themselves against such threats and attacks.

In the past decade, India’s gaming sector has seen a surprising but swift advancement, which brought along millions of players and over billions in investments and has even been estimated to be at $23 billion. Whether it's fantasy cricket and Ludo apps, high-stakes poker, or rummy platforms, investing real money in online gaming and gambling has become a beloved hobby for many. Moreover, it not only gave a boost to the economy but also contributed to creative innovation and the generation of employment.

The real concern lies behind the glossy numbers, tales of addiction, financial detriment, and the never-ending game of cat and mouse with legal loopholes. The sector’s meteoric rise has raised various concerns relating to national financial integrity, regulatory clarity and consumer safety. 

In light of this, the Promotion and Regulation of Online Gaming Act, 2025, which was passed by Parliament and signed into law on August 22, stands out as a significant development. The Act, which is positioned as a consumer protection and sector-defining law, aims to distinguish between innovation and exploitation by acknowledging e-sport as a legitimate activity and establishing unambiguous boundaries around the larger gaming industry. 

‍

Key Highlights of the Act

‍

• Complete Ban on all games involving Real-Money: All e-games, whether based on skill or luck, that involve monetary stakes have been banned.
• Prohibition of Ads: Promotion of such e-games has also been disallowed across all platforms.
• Legal Ramifications: Operation of such games may lead to up to 3 years in prison with a 1 cr fine; Advertisement for the same may lead to up to 2 years in prison with a 50 lakh fine. However, in case of repeat offences, this may go up to 3-5 years in prison and 2 cr in fines.
• Creation of Online Gaming Authority: The creation of a national-level regulatory body to classify and monitor games, register platforms and enforce the dedicated rules.
• Support for eSports and Social & Educational games: All kinds of games that are non-monetary, promote social and educational growth, will not only be recognised but encouraged. Meanwhile, eSports will also gain official recognition under the Ministry of Sports.

‍

Positive Impacts

‍

• Addressal & Tackling of Addiction and Financial Ruin: The major reason behind the ban is to reduce the cases of players, mainly youth, getting into gambling and losing huge amounts of money to betting apps and games, and to protect vulnerable users 
• Boost to eSports & Regulatory Clarity: The law not only legitimises the eSport sector but also provides opportunities for scholarship and other financial benefits, along with windows for professional tournaments and platforms on global stages. Along with this aims to bring about an order around e-games of skill versus luck.
• Fraud Monitoring & Control: The law makes sure to block off avenues for money laundering, gambling and illegal betting networks.
• Promotion of Safe Digital Ecosystem: Encouraging social, developmental and educational games to focus on skill, learning and fun.

Challenges

The fact that the Promotion and Regulation of Online Gaming Act, 2025 is still in its early stages, which must be recognised. In the end, its effectiveness will rely not only on the letter of the law but on the strength of its enforcement and the wisdom of its application. The Act has the potential to safeguard the interests of at-risk youth from the dangers of gambling and its addiction, if it is applied carefully and clearly, all the while maintaining the digital ecosystem as a place of innovation, equity, and trust.

• Blanket Ban: By imposing a blanket ban on games that have long been justified as skill-based like rummy or fantasy cricket, the Act runs the risk of suppressing respectable enterprises and centres of innovation. Many startups that were once hailed for being at the forefront of India’s digital innovation may now find it difficult to thrive in an unpredictable regulatory environment.
• Rise of Illegal Platforms: History offers a sobering lesson, prohibition does not eliminate demand, it simply drives it underground. The prohibition of money games may encourage the growth of unregulated, offshore sites, where players are more vulnerable to fraud, data theft, and abuse and have no way to seek consumer protection.
  
  

Conclusion

The Act is definitely a tough and bold stand to check and regulate India’s digital gaming industry, but it is also a double-edged sword. It brings in much-needed consumer protection regulations in place and legitimises e-Sports. However, it also casts a long shadow over a successful economy and runs the risk of fostering a black market that is more harmful than the issue it was intended to address. 

Therefore, striking a balance between innovation and protection, between law and liberty, will be considered more important in the coming years than the success of regulations alone. India’s legitimacy as a digital economy ready for global leadership, as well as the future of its gaming industry, will depend on how it handles this delicate balance. 

‍

References: 

1. https://economictimes.indiatimes.com/tech/technology/gaming-bodies-write-to-amit-shah-urge-to-block-blanket-ban-warn-of-rs-20000-crore-tax-loss/articleshow/123392342.cms
2. https://m.economictimes.com/news/india/govt-estimates-45-cr-people-lose-about-rs-20000-cr-annually-from-real-money-gaming/articleshow/123408237.cms
3. https://www.cyberpeace.org/resources/blogs/promotion-and-regulation-of-online-gaming-bill-2025-gets-green-flag-from-both-houses-of-parliament
4. https://www.thehindu.com/business/Industry/real-money-gaming-firms-wind-down-operations/article69965196.ece

‍