#FactCheck - False Claim of Italian PM Congratulating on Ram Temple, Reveals Birthday Thanks

Introduction

The land of the dragon has been significantly advanced in terms of innovation and creating self-sustaining technologies of civic and military importance. Leading nations of the West still need to understand the advancements the dragon land has made in technologies and what potential threats it poses on an international level.

Int on Dragon Land

According to a leaked US intelligence study, China is developing powerful cyber weapons to “seize control” of adversary satellites and render them worthless for data communications or surveillance during combat.

According to the US, China’s effort to build up the capacity to “deny, exploit, or hijack” hostile satellites is critical to controlling information, which Beijing views as a crucial “war-fighting domain.”^[1]

The CIA-marked document, one of hundreds purportedly given by a 21-year-old US Air Guardsman in the most influential American intelligence leaks in over a decade, was released this year and has yet to be disclosed before.

This kind of cyber capabilities would be significantly superior to what Russia has used in Ukraine, where electronic warfare troops have used a brute-force strategy to little avail.

How were the capabilities discovered?

According to a top-secret US dossier, China could use its cyber capabilities to “take control of a satellite, making it inoperable for support of communications, weapons, or intelligence, surveillance, and reconnaissance systems.” The US has never acknowledged having a comparable or superior capability.

By broadcasting related frequencies from truck-mounted jamming systems like the Tirada-2, these attacks were first developed in the 1980s to block communications between low-orbit SpaceX satellites and their on-ground terminals. China’s more ambitious cyberattacks are designed to imitate the signals that adversary satellites’ operators send out, tricking them into malfunctioning or being entirely taken over at critical points in a battle.

Implications of such military capabilities

The south Chinese island nation of Taiwan is attempting to develop a communications infrastructure that can withstand an attack from China after observing how crucial satellite communications have been to the Ukrainian military.

According to a January 2023 article in the Financial Times, it is seeking investors to launch its own satellite provider while testing with 700 non-geostationary satellite receivers around Taiwan to ensure bandwidth in the case of conflict or natural calamities. Similarly, a Russian cyber strike rendered thousands of Ukrainian military routers from US-based Viasat inoperable in the hours before it launched its invasion last year, demonstrating how important satellite communications have become in contemporary wartime. This attack was deemed to be catastrophic by the Ukraine officials as it broke down the communication between the Ukraine army and the govt.

Additionally, several hundred wind turbines in Germany, Poland, and Italy were impacted, which cut off service to thousands of Viasat users in those countries. Even though it was complex, the Viasat hack required accessing the business’ computer systems and then sending commands to the modems that made them break.

How significant is the threat?

According to the leaked assessment, China’s objectives are much more sophisticated and focused towards the future. According to analysts, they would aim to disable satellites’ ability to interact with one another, relay signals and orders to weapons systems, or give back visual and intercepted electronic data. Satellites often work in interconnected clusters and remain unmanned, thus preventing the scope of proper surveillance. Officials from the US military have warned that China has made substantial advancements in creating military space technologies, particularly satellite communications. Beijing is vigorously pursuing counter-space capabilities in an effort to realise its “space dream” of being the dominant force outside of the Earth’s atmosphere by 2045.

Threat to India?

As China aggressively invests in technology meant to disrupt, degrade, and destroy our space capabilities, a potential threat remains on the Indian satellites and spaceships. The complexity of the communication network and extended distance from the Earth can point towards a high number of vulnerabilities for the Indian Space program. Still, the Indian Space Research Organisation (ISRO) has been working tirelessly, and as of 1st January 2022, India has 21 operational satellites in Low Earth Orbit (LEO) and 28 operational satellites in Geostationary Orbit. In 2021, ISRO launched one PSLV-DL variant (PSLV-C51) mission and one GSLV-MkII variant (GSLV-F10) mission. GSLV-F10 could not accomplish the mission successfully. In 2021, India placed five satellites and 1 PSLV rocket body (PS4 stage) in Low Earth Orbits. India placed 65 rocket bodies in orbit from the first launch, of which 42 are still in orbit around the Earth, and 23 have re-entered and burnt up in the Earth’s atmosphere. The break-up event of the 4th stage of PSLV-C3 in 2001 generated 386 debris, of which 76 are still in orbit.

Conclusion

The space race is the new cold war, all nations are working towards securing their space assets while exploring new elements in outer space. It is pertinent that the national interest in space is protected, and a long awaiting space treaty for the modern age needs to be ratified by all nations with a presence in space. The future of space exploration is bright for most nations, but the threats should be eradicated, and an all-inclusive space should be promoted to maintain harmony in space.

^[1] https://www.ft.com/content/fc72d277-7fa8-4b29-9231-4feb34f43b0c

Introduction

Search Engine Optimisation (SEO) is a process through which one can improve website visibility on search engine platforms like Google, Microsoft Bing, etc. There is an implicit understanding that SEO suggestions or the links that are generated on top are the more popular information sources and, hence, are deemed to be more trustworthy. This trust, however, is being misused by threat actors through a process called SEO poisoning.

SEO poisoning is a method used by threat actors to attack and obtain information about the user by using manipulative methods that position their desired link, web page, etc to appear at the top of the search engine algorithm. The end goal is to lure the user into clicking and downloading their malware, presented in the garb of legitimate marketing or even as a valid result for Google search.

An active example of attempts at SEO poisoning has been discussed in a report by the Hindustan Times on 11th November, 2024. It highlights that using certain keywords could make a user more susceptible to hacking. Hackers are now targeting people who enter specific words or specific combinations in search engines. According to the report, users who looked up and clicked on links at the top related to the search query “Are Bengal cats legal in Australia?” had details regarding their personal information posted online soon after.

SEO Poisoning - Modus Operandi Of Attack

There are certain tactics that are used by the attackers on SEO poisoning, these are:

• Keyword stuffing- This method involves overloading a webpage with irrelevant words, which helps the false website appear higher in ranking.
• Typosquatting- This method involves creating domain names or links similar to the more popular and trusted websites. A lack of scrutiny before clicking would lead the user to download malware, from what they thought was a legitimate site.
• Cloaking- This method operates by showing different content to both the search engines and the user. While the search engine sees what it assumes to be a legitimate website, the user is exposed to harmful content.
• Private Link Networks- Threat actors create a group of unrelated websites in order to increase the number of referral links, which enables them to rank higher on search engine platforms.
• Article Spinning- This method involves imitating content from other pre-existing, legitimate websites, while making a few minor changes, giving the impression to search engine crawlers of it being original content.
• Sneaky Redirect- This method redirects the users to malicious websites (without their knowledge) instead of the ones the user had intended to click.

CyberPeace Recommendations

• Employee Security Awareness Training: Security awareness training can help employees familiarise themselves with tactics of SEO poisoning, encouraging them to either spot such inconsistencies early on or even alert the security team at the earliest. 
• Tool usage: Companies can use Digital Risk Monitoring tools to catch instances of typosquatting. Endpoint Detection and Response (EDR) tools also help keep an eye on client history and assess user activities during security breaches to figure out the source of the affected file.
• Internal Security Measures: To refer to lists of Indicators of Compromise (IOC). IOC has URL lists that show evidence of the strange behaviour of websites, and this can be used to practice caution. Deploying Web Application Firewalls (WAFs) to mitigate and detect malicious traffic is helpful.

Conclusion

The nature of SEO poisoning is such that it inherently promotes the spread of misinformation, and facilitates cyberattacks. Misinformation regarding the legitimacy of the links and the content they display, in order to lure users into clicking on them, puts personal information under threat. As people trust their favoured search engines, and there is a lack of awareness of such tactics in use, one must exercise caution while clicking on links that seem to be popular, despite them being hosted by trusted search engines.

References

• https://www.checkpoint.com/cyber-hub/cyber-security/what-is-cyber-attack/what-is-seo-poisoning/
• https://www.vectra.ai/topics/seo-poisoning
• https://www.techtarget.com/whatis/definition/search-poisoning
• https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/seo-poisoning
• https://www.coalitioninc.com/blog/seo-poisoning-attacks
• https://www.sciencedirect.com/science/article/abs/pii/S0160791X24000186
• https://www.repindia.com/blog/secure-your-organisation-from-seo-poisoning-and-malvertising-threats/ 
• https://www.hindustantimes.com/technology/typing-these-6-words-on-google-could-make-you-a-target-for-hackers-101731286153415.html

‍

Introduction

The Data Security Council of India’s India Cyber Threat Report 2025 calculates that a staggering 702 potential attacks happened per minute on average in the country in 2024.  Recent alleged data breaches on organisations such as Star Health, WazirX, Indian Council of Medical Research (ICMR), BSNL, etc. highlight the vulnerabilities of government organisations, critical industries, businesses, and individuals in managing their digital assets. India is the second most targeted country for cyber attacks globally, which warrants the development and adoption of cybersecurity governance frameworks essential for the structured management of cyber environments. The following global models offer valuable insights and lessons that can help strengthen cybersecurity governance.

Overview of Global Cybersecurity Governance Models 

Cybersecurity governance frameworks provide a structured strategy to mitigate and address cyber threats. Different regions have developed their own governance models for cybersecurity, but they all emphasize risk management, compliance, and cross-sector collaboration for the protection of digital assets. Four such major models are: 

1. NIST CSF 2.0 (U.S.A): The National Institute of Standards and Technology Cyber Security Framework provides a flexible, voluntary, risk-based approach rather than a one-size-fits-all solution to manage cybersecurity risks. It endorses six core functions, which are:  Govern, Identify, Protect, Detect, Respond, and Recover. This is a widely adopted framework used by both public and private sector organizations even outside the U.S.A. 
2. ISO/IEC 27001: This is a globally recognized standard developed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides a risk-based approach to help organizations of all sizes and types to identify, assess, and mitigate potential cybersecurity threats to Information Security Management Systems (ISMS) and preserve the confidentiality, integrity, and availability of information.  Organizations can seek ISO 27001 certification to demonstrate compliance with laws and regulations.
3. EU NIS2 Directive: The Network and Information Security Directive 2 (NIS2) is an updated EU cybersecurity law that imposes strict obligations on critical services providers in four overarching areas: risk management, corporate accountability, reporting obligations, and business continuity. It is the most comprehensive cybersecurity directive in the EU to date, and non-compliance may attract non-monetary remedies, administrative fines up to at least €10 million or 2% of the global annual revenue (whichever is higher), or even criminal sanctions for top managers. 
4. GDPR: The General Data Protection Regulation (GDPR)of the EU is a comprehensive data privacy law that also has major cybersecurity implications. It mandates that organizations must integrate cybersecurity into their data protection policies and report breaches within 72 hours, and it prescribes a fine of up to €20 million or 4% of global turnover for non-compliance. 

India’s Cybersecurity Governance Landscape 

In light of the growing nature of cyber threats, it is notable that the Indian government has taken comprehensive measures along with efforts by relevant agencies such as the Ministry of Electronics and Information Technology, Reserve Bank of India (RBI), National Payments Corporation (NPCI) and Indian Cyber Crime Coordination Centre (I4C), CERT-In. However, there is still a lack of an overarching cybersecurity governance framework or comprehensive law in this area. Multiple regulatory bodies in India oversee cybersecurity for various sectors. Key mechanisms are: 

1. CERT-In Guidelines: The Indian Computer Emergency Response Team, under the Ministry of Electronics and Information Technology (MeitY), is the nodal agency responsible for cybersecurity incident response, threat intelligence sharing, and capacity building. Organizations are mandated to maintain logs for 180 days and report cyber incidents to CERT-In within six hours of noticing them according to directions under the Information Technology Act, 2000 (IT Act).
2. IT Act & DPDP Act: These Acts, along with their associated rules, lay down the legal framework for the protection of ICT systems in India.  While some sections mandate that “reasonable” cybersecurity standards be followed, specifics are left to the discretion of the organisations. Enforcement frameworks are vague, which leaves sectoral regulators to fill the gaps. 
3. Sectoral regulations: The Reserve Bank of India (RBI), the Insurance Regulatory and Development Authority of India (IRDAI), the Department of Telecommunications, the Securities Exchange Board of India (SEBI), National Critical Information Infrastructure Protection Centre (NCIIPC) and other regulatory bodies require that cybersecurity standards be maintained by their regulated entities. 

Lessons for India & Way Forward 

As the world faces unprecedented security and privacy threats to its digital ecosystem, the need for more comprehensive cybersecurity policies, awareness, and capacity building has perhaps never been greater. While cybersecurity practices may vary with the size, nature, and complexity of an organization (hence “reasonableness” informing measures taken), there is a need for a centralized governance framework in India similar to NIST2 to unify sectoral requirements for simplified compliance and improve enforcement. India ranks 10th on the World Cybercrime Index and was found to be "specialising" in scams and mid-tech crimes- those which affect mid-range businesses and individuals the most. To protect them, India needs to strengthen its enforcement mechanisms across more than just the critical sectors. This can be explored by penalizing bigger organizations handling user data susceptible to breaches more stringently, creating an enabling environment for strong cybersecurity practices through incentives for MSMEs, and investing in cybersecurity workforce training and capacity building. Finally,  there is a scope for increased public-private collaboration for real-time cyber intelligence sharing.  Thus, a unified, risk-based national cybersecurity governance framework encompassing the current multi-pronged cybersecurity landscape would give direction to siloed efforts. It would help standardize best practices, streamline compliance, and strengthen overall cybersecurity resilience across all sectors in India.
‍

References

• https://cdn.prod.website-files.com/635e632477408d12d1811a64/676e56ee4cc30a320aecf231_Cloudsek%20Annual%20Threat%20Landscape%20Report%202024%20(1).pdf 
• https://strobes.co/blog/top-data-breaches-in-2024-month-wise/#:~:text=In%20a%20large%2Dscale%20data,emails%2C%20and%20even%20identity%20theft. 
• https://www.google.com/search?q=nist+2.0&oq=nist+&gs_lcrp=EgZjaHJvbWUqBggBEEUYOzIHCAAQABiPAjIGCAEQRRg7MgYIAhBFGDsyCggDEAAYsQMYgAQyBwgEEAAYgAQyBwgFEAAYgAQyBwgGEAAYgAQyBggHEEUYPNIBCDE2MTJqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8 
• https://www.iso.org/standard/27001
• https://nis2directive.eu/nis2-requirements/ 
• https://economictimes.indiatimes.com/tech/technology/india-ranks-number-10-in-cybercrime-study-finds/articleshow/109223208.cms?from=mdr 

‍