#FactCheck - Old Bareilly Lathi-Charge Video Falsely Linked to Lucknow Protest

Introduction

In today's relentless current of information, where social media is oftentimes both the stage and the playwright, the line between reality and spectacle can become distressingly blurry. In such a virtual Pantheon, the conflation of truth and fiction has recently surfaced in a particularly contentious instance. The central figure is Poonam Pandey, an entertainment personality known for transgressing traditional contours of celebrity boldness. Pandey found herself ensnared in a narrative of her own orchestration—a grim hoax purporting she had succumbed to cervical cancer. This deceptive foray, rather than awakening public consciousness as intended, spiralled into an ominous fable about the malignant spread of misinformation and the profound moral dilemmas it engenders.

The Deception

The tapestry of this event was woven with threads of tragedy and deception, framing Pandey both as the tragic hero and the ill-fated architect of a spectacle that unfolded with a haunting familiarity evocative of ancient Greek dramas. The monumental pillar of social media, on what seemed to be an ordinary day, was shattered by the startling declaration of Pandey's untimely passing. The statement, as bereft of nuance as it was devastating, proclaimed: 'We are deeply grieved to announce the loss of our cherished Poonam to cervical cancer.' The emotional pulse of the Indian Film Industry was jolted; waves of homage inundated the digital space, each tribute a poignant echo of the shock that rippled through her fanbase. Yet the crux of the matter had yet to be unveiled.

As the world grappled with this news, the scenario took an unforeseen detour. Poonam Pandey made a re-entrance onto the world stage, alive, revealing her alleged demise to be nothing more than a macabre masquerade. The public's reaction to this revelation was a stratified symphony of emotions—indignation mingled with disbelief, with an underlying crescendo of betrayal. Pandey's defense postured her act as a last resort to draw attention to the silent yet pervasive threat of cervical cancer. In the ensuing mire of reactions, an inescapable quandary emerged: is it ever permissible to employ deceit for the sake of presumed publicity?

The Chaos 

Satyajeet Tambe, an esteemed Maharashtra legislator, emerged amidst the churning chaos as a paragon of principled reason. Advocating that such mendacious stunts, playing the chords of public emotion and adulterating truth, should be met with legal repercussions, Tambe called for judicious action against Pandey. His imploration resonated with the necessity of integrity in the public domain, stating, 'The announcement of an influencer/model succumbing to cervical cancer should not be wielded as a tool for awareness.' His pronouncement sent reverberations through the collective conscience, echoing the need for accountability in the face of such transgressions.

Repercussion 

The All Indian Cine Workers Association, a custodian of the film industry's values, also voiced its reproach. They urged for an FIR to be lodged against Poonam Pandey, underlining their sentiments with disappointment and a keen sense of betrayal. Within their condemnation lay a profound recognition of the elevated emotional investment inherent in their industry—an industry where the reverence for life and the abhorrence of deceit intertwine, making the cultivation of such lowly stunts anathema.

This spectacle, while unique in the temerity of its execution, mirrors the broader pathological wave of misinformation that corrodes the foundations of our digital era: the malady of fake news. When delineated, fake news finds its essence as information chiselled specifically to deceive, a form of communication that is not merely slanted but entirely devoid of authenticity, manufactured with nefarious intent. A protean adversary, fake news adeptly masquerades as trustworthy news, ensnaring the unsuspecting in its tendrils. Its purveyors span a spectrum—from shadowy figures to ostensibly benign social media accounts—all contributing to a dystopian fabric where truth is persistently imperilled.

The conjurers of these illusions are, in a sense, cunning illusionists ensconced behind curtains of anonymity or masquerading under a cloak of transparency. They craft elaborate illusions devoid of truth, but dripping with sufficient plausibility to ensnare those who yearn for simplicity in an increasingly complex world. Destabilizing forces, such as hyper partisan media outlets, regurgitate a concoction of concocted 'facts' and distortions, deliberately smudging the once-clear line between empirical truth and partisan fabrication.

The Aftermath 

The Poonam Pandey episode stands as a harrowing beacon of the ethical abyss we face. It compels us to confront the irony of utilising falsity to raise awareness for laudable causes and considers the ramifications for public figures influencing the dissemination of information. The tempest around this event demonstrates the potent gravitational pull of information and the overarching need for the conscientious stewardship of its power.

Yet, as we sail through the murky waters of the digital expanse, where the allure of sensationalism and clickbait headlines is ever-present, our vigilance must not wane. The imperative of truth cannot come at the altar of awareness or sensationalism. The sanctity of fact anchors our understanding of reality; devoid of it, we are adrift in an ocean of confusion and misinformation.

In the dust settled after the Poonam Pandey debacle, the contours of a new discourse have emerged, harboring vital interrogations. How do we balance the drive for poignant awareness initiatives against the cardinal principle of truth? What mechanisms can ensure that health campaigns and their noble aspirations are not tainted by the allure of deception? Addressing these queries is not a solitary task for policymakers or influencers but, indeed, a collective societal responsibility that will define our cultural ethics and the legacy we wish to preserve.

Conclusion 

As we contemplate the broader implications of this incident, let us not allow its sensational nature to eclipse the very real and pressing issue of cervical cancer—a condition that, beyond the glare of controversy, continues to shadow lives with its lethal silence. Instead, let our focus pivot towards tangible, truth-driven efforts aimed at education and empowerment. Truth, after all, is the beacon that dispels the murky shadows of ignorance and guides us toward enlightenment and healing.

References 

• https://www.hindustantimes.com/india-news/poonam-pandey-in-trouble-as-maharashtra-politician-seeks-case-for-faking-her-death-101707005742992.html
• https://www.nagpurtoday.in/state-mlc-tambe-demands-police-action-against-poonam-pandey-for-faking-her-death/02051417

‍

Introduction

Recently the attackers employed the CVE-2017-0199 vulnerability in Microsoft Office to deliver a fileless form of the Remcos RAT. The Remcos RAT makes the attacker have full control of the systems that have been infected by this malware. This research will give a detailed technical description of the identified vulnerability, attack vector, and tactics together with the practical steps to counter the identified risks.

The Targeted Malware: Remcos RAT

Remcos RAT (Remote Control & Surveillance) is a commercially available remote access tool designed for legitimate administrative use. However, it has been widely adopted by cybercriminals for its stealth and extensive control capabilities, enabling:

• System control and monitoring
• Keylogging
• Data exfiltration
• Execution of arbitrary commands

The fileless variant utilised in this campaign makes detection even more challenging by running entirely in system memory, leaving minimal forensic traces.

Attack Vector: Phishing with Malicious Excel Attachments

The phishing email will be sent which appears as legitimate business communication, such as a purchase order or invoice. This email contains an Excel attachment that is weaponized to exploit the CVE-2017-0199 vulnerability.

Technical Analysis: CVE-2017-0199 Exploitation

Vulnerability Assessment

• CVE-2017-0199 is a Remote Code Execution (RCE) vulnerability in Microsoft Office which uses Object Linking and Embedding (OLE) objects.
• Affected Components:some text
  • Microsoft Word
  • Microsoft Excel
  • WordPad
• CVSS Score: 7.8 (High Severity)

Mechanism of Exploitation

The vulnerability enables attackers to craft a malicious document when opened, it fetches and executes an external payload via an HTML Application (HTA) file. The execution process occurs without requiring user interaction beyond opening the document.

Detailed Exploitation Steps

1. Phishing Email and Malicious Document some text
   • The email contains an Excel file designed to make use of CVE-2017-0199.
   • When the email gets opened, the document automatically connects to a remote server (e.g., 192.3.220[.]22) to download an HTA file (cookienetbookinetcache.hta).
2. Execution via mshta.exe some text
   • The downloaded HTA file is executed using mshta.exe, a legitimate Windows process for running HTML Applications.
   • This execution is seamless and does not prompt the user, making the attack stealthy.
3. Multi-Layer Obfuscation some text
   • The HTA file is wrapped in several layers of scripting, including: some text
     • JavaScript
     • VBScript
     • PowerShell
   • This obfuscation helps evade static analysis by traditional antivirus solutions.
4. Fileless Payload Deployment some text
   • The downloaded executable leverages process hollowing to inject malicious code into legitimate system processes.
   • The Remcos RAT payload is loaded directly into memory, avoiding the creation of files on disk.

Fileless Malware Techniques

1. Process Hollowing
The attack replaces the memory of a legitimate process (e.g., explorer.exe) with the malicious Remcos RAT payload. This allows the malware to:

• Evade detection by blending into normal system activity.
• Run with the privileges of the hijacked process.

2. Anti-Analysis Techniques

• Anti-Debugging: Detects the presence of debugging tools and terminates malicious processes if found.
• Anti-VM and Sandbox Evasion: Ensures execution only on real systems to avoid detection during security analysis.

3. In-Memory Execution

• By running entirely in system memory, the malware avoids leaving artifacts on the disk, making forensic analysis and detection more challenging.

Capabilities of Remcos RAT

Once deployed, Remcos RAT provides attackers with a comprehensive suite of functionalities, including:

• Data Exfiltration: some text
  • Stealing system information, files, and credentials.
• Remote Execution: some text
  • Running arbitrary commands, scripts, and additional payloads.
• Surveillance: some text
  • Enabling the camera and microphone.
  • Capturing screen activity and clipboard contents.
• System Manipulation: some text
  • Modifying Windows Registry entries.
  • Controlling system services and processes.
  • Disabling user input devices (keyboard and mouse).

Advanced Phishing Techniques in Parallel Campaigns

1. DocuSign Abuse
Attackers exploit legitimate DocuSign APIs to create authentic-looking phishing invoices. These invoices can trick users into authorising payments or signing malicious documents, bypassing traditional email security systems.

2. ZIP File Concatenation
By appending multiple ZIP archives into a single file, attackers exploit inconsistencies in how different tools handle these files. This allows them to embed malware that evades detection by certain archive managers.

Broader Implications of Fileless Malware

Fileless malware like Remcos RAT poses significant challenges:

• Detection Difficulties: Traditional signature-based antivirus systems struggle to detect fileless malware, as there are no static files to scan.
• Forensic Limitations: The lack of disk artifacts complicates post-incident analysis, making it harder to trace the attack's origin and scope.
• Increased Sophistication: These campaigns demonstrate the growing technical prowess of cybercriminals, leveraging legitimate tools and services for malicious purposes.

Mitigation Strategies

1. Patch Management some text
   • It is important to regularly update software to address known vulnerabilities like CVE-2017-0199. Microsoft released a patch for this vulnerability in April 2017.
2. Advanced Email Security some text
   • It is important to implement email filtering solutions that can detect phishing attempts, even those using legitimate services like DocuSign.
3. Endpoint Detection and Response (EDR)some text
   • Always use EDR solutions to monitor for suspicious behavior, such as unauthorized use of mshta.exe or process hollowing.
4. User Awareness and Training some text
   • Educate users about phishing techniques and the risks of opening unexpected attachments.
5. Behavioral Analysis some text
   • Deploy security solutions capable of detecting anomalous activity, even if no malicious files are present.

Conclusion

The attack via CVE-2017-0199 further led to the injection of a new fileless variant of Remcos RAT, proving how threats are getting more and more sophisticated. Thanks to the improved obfuscation and the lack of files, the attackers eliminate all traditional antiviral protection and gain full control over the infected computers. It is real and organisations have to make sure that they apply patches on time, that they build better technologies for detection and that the users themselves are more wary of the threats.

References

• Fortinet FortiGuard Labs: Analysis by Xiaopeng Zhang
• Perception Point: Research on ZIP File Concatenation
• Wallarm: DocuSign Phishing Analysis
• Microsoft Security Advisory: CVE-2017-0199

‍

Executive Summary
‍

Iran’s official news agencies have denied claims that senior officials, including Foreign Minister Abbas Araghchi and Parliament Speaker Mohammad Bagher Ghalibaf, have arrived in Pakistan for talks. A senior official told Iran’s Tasnim News Agency that Tehran is considering Pakistan’s proposal for peace talks, but any dialogue would depend on the United States fulfilling its commitment to halt military actions on all fronts.

Notably, the United States and Iran had agreed to a two-week ceasefire on April 8, 2026, with discussions reportedly scheduled for April 11 in Islamabad. Amid this backdrop, a video showing fighter jets escorting a large aircraft is being widely circulated on social media. Users claim that Pakistan deployed these jets to escort an Iranian delegation into the country.

However, an research by the CyberPeace found the claim to be false. The viral video is not recent and dates back to 2019.

‍

Claim

‍

An X (formerly Twitter) user shared the video claiming that Pakistan Air Force jets were escorting an Iranian delegation into Pakistan.

• https://x.com/55MTQ_/status/2042431764409507856 
• https://archive.ph/QftAS 

‍

‍

‍

Fact Check

‍

Reverse image search of keyframes from the viral video led us to a February 18, 2019 report by Radio Free Europe/Radio Liberty. The report stated that the fighter jets were deployed by Pakistan to escort the aircraft of Saudi Crown Prince Mohammed bin Salman during his visit to Pakistan on February 17, 2019.

• https://www.rferl.org/a/pakistan-saudi-prince/29776242.html

‍

‍

Further verification led us to the same footage uploaded on YouTube by the channel “SCMP Archive” on July 6, 2020. At the time, Pakistan’s Air Force had described the escort as part of a ceremonial welcome tradition for visiting dignitaries.

• https://www.youtube.com/watch?v=9zSmOrLluVA

‍

‍

Conclusion

The viral claim is misleading. The video does not show Pakistani fighter jets escorting an Iranian delegation amid ongoing ceasefire talks. Instead, it is an old clip from 2019, when Pakistan deployed JF-17 fighter jets to welcome Saudi Crown Prince Mohammed bin Salman during his official visit. There is no evidence linking the video to current geopolitical developments involving Iran and Pakistan. The footage has been taken out of context and reshared with a false narrative to mislead viewers.

‍