#FactCheck - Viral Claim of Highway in J&K Proven Misleading

Introduction

In July 2025, the Digital Trust & Safety Partnership (DTSP) achieved a significant milestone with the formal acceptance of its Safe Framework Specification as an international standard, ISO/IEC 25389. This is the first globally recognised standard that is exclusively concerned with guaranteeing a secure online experience for the general public's use of digital goods and services.

Significance of the New Framework

Fundamentally, ISO/IEC 25389 provides organisations with an organised framework for recognising, controlling, and reducing risks associated with conduct or content. This standard, which was created under the direction of ISO/IEC's Joint Technical Committee 1 (JTC 1), integrates the best practices of DTSP and offers a precise way to evaluate organisational maturity in terms of safety and trust.  Crucially, it offers the first unified international benchmark, allowing organisations globally to coordinate on common safety pledges and regularly assess progress.

Other Noteworthy Standards and Frameworks

While ISO/IEC 25389 is pioneering, it’s not the only framework shaping digital trust and safety:

• One of the main outcomes of the United Nations’ 2024 Summit for the Future was the UN's Global Digital Compact, which describes cross-border cooperation on secure and reliable digital environments with an emphasis on countering harmful content, upholding online human rights, and creating accountability standards. 
• The World Economic Forum’s Digital Trust Framework defines the goals and values, such as cybersecurity, privacy, transparency, redressability, auditability, fairness, interoperability and safety, implicit to the concept of digital trust. It also provides a roadmap to digital trustworthiness that imbibes these dimensions. 
• The Framework for Integrity, Security and Trust (FIST) launched at the Cybereace Summit 2023 at USI of India in New Delhi, calls for a multistakeholder approach to co-create solutions and best practices for digital trust and safety.
• While still in the finalisation stage for implementation rollout, India's Digital Personal Data Protection Act, 2023 (DPDP Act) and its Rules (2025) aim to strike a balance between individual rights and data processing needs by establishing a groundwork for data security and privacy.
• India is developing frameworks in cutting-edge technologies like artificial intelligence. Using a hub-and-spoke model under the IndiaAI Mission, the AI Safety Institute was established in early 2025 with the goal of creating standards for trustworthy, moral, and safe AI systems. Furthermore, AI standards with an emphasis on safety and dependability are being drafted by the Bureau of Indian Standards (BIS). 
• Google's DigiKavach program (2023) and Google Safety Engineering Centre (GSEC) in Hyderabad are concrete efforts to support digital safety and fraud prevention in India's tech sector.

What It Means for India

India is already claiming its place in discussions about safety and trust around the world. Google's June 2025 safety charter for India, for example, highlights how India's distinct digital scale, diversity, and vast threat landscape provide insights that inform global cybersecurity strategies. 

For India's digital ecosystem, ISO/IEC 25389 comes at a critical juncture. Global best practices in safety and trust are desperately needed as a result of the rapid adoption of digital technologies, including the growth of digital payments, e-governance, and artificial intelligence and a concomitant rise in instances of digital harms. Through its guidelines, ISO/IEC 25389 provides a reference benchmark that Indian startups, government agencies, and tech companies can use to improve their safety standards.

Conclusion 

A global trust-and-safety standard like ISO/IEC 25389 is essential for making technology safer for people, even as we discuss the broader adoption of security and safety-by-design principles integrated into the processes of technological product development. India can improve user protection, build its reputation globally, and solidify its position as a key player in the creation of a safer, more resilient digital future by implementing this framework in tandem with its growing domestic regulatory framework (such as the DPDP Act and AI Safety policies).

References 

• https://dtspartnership.org/the-safe-framework-specification/
• https://dtspartnership.org/press-releases/dtsps-safe-framework-published-as-an-international-standard/?
• https://www.weforum.org/stories/2024/04/united-nations-global-digital-compact-trust-security/?
• https://economictimes.indiatimes.com/tech/technology/google-releases-safety-charter-for-india-senior-exec-details-top-cyber-threat-actors-in-the-country/articleshow/121903651.cms? 
• https://initiatives.weforum.org/digital-trust/framework 
• https://government.economictimes.indiatimes.com/news/secure-india/the-launch-of-fist-framework-for-integrity-security-and-trust/103302090 

‍

Overview:

After the blackout on July 19, 2024, which affected CrowdStrike’s services worldwide, cybercriminals began to launch many phishing attacks and distribute malware. These activities mainly affect CrowdStrike customers, using the confusion as a way to extort information through fake support sites. The analysis carried out by the Research Wing of CyberPeace and Autobot Infosec has identified several phishing links and malicious campaigns.

The Exploitation:

Cyber adversaries have registered domains that are similar to CrowdStrike’s brand and have opened fake accounts on social media platforms. These are fake platforms that are employed to defraud users into surrendering their personal and sensitive details for use in other fraudulent activities.

Phishing Campaign Links:

• crowdstrike-helpdesk[.]com
• crowdstrikebluescreen[.]com
• crowdstrike-bsod[.]com
• crowdstrikedown[.]site
• crowdstrike0day[.]com
• crowdstrikedoomsday[.]com
• crowdstrikefix[.]com
• crashstrike[.]com
• crowdstriketoken[.]com
• fix-crowdstrike-bsod[.]com
• bsodsm8r[.]xamzgjedu[.]com
• crowdstrikebsodfix[.]blob[.]core[.]windows[.]net
• crowdstrikecommuication[.]app
• fix-crowdstrike-apocalypse[.]com
• supportportal-crowdstrike-com[.]translate[.]goog
• crowdstrike-cloudtrail-storage-bb-126d5e[.]s3[.]us-west-1[.]amazonaws[.]com
• crowdstrikeoutage[.]info
• clownstrike[.]co[.]uk
• crowdstrikebsod[.]com
• whatiscrowdstrike[.]com
• clownstrike[.]co
• microsoftcrowdstrike[.]com
• crowdfalcon-immed-update[.]com
• crowdstuck[.]org
• failstrike[.]com
• winsstrike[.]com
• crowdpass[.]com

In one case, a PDF file is being circulated with CrowdStrike branding, saying ‘Download The Updater,’ which is a link to a ZIP file. The ZIP file is a compressed file that has an executable file with a virus. This is a clear sign that the hackers are out to take advantage of the current situation by releasing the malware as an update.

‍

‍

‍

In another case, there is a malicious Microsoft Word document that is currently being shared, which claims to offer a solution on how to deal with this CrowdStrike BSOD bug. But there is a hidden risk in the document. When users follow the instructions and enable the embedded macro, it triggers the download of an information-stealing malware from a remote host. This is a form of malware that is used to steal information and is not well recognized by most security software. Also it sends the stolen data to the samesame remote host but with different port number, which likey works as the CnC server for the campaign.

• Name New_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows[.]docm
• MD5 dd2100dfa067caae416b885637adc4ef
• SHA-1 499f8881f4927e7b4a1a0448f62c60741ea6d44b
• SHA-256 803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61
  
• URLS http://172.104.160[.]126:8099/payload2.txt, http://172.104.160[.]126:5000/Uploadss

‍

Recent Outage Impact:

On July 19, 2024, CrowdStrike faced a global outage that originated from an update of its Falcon Sensor security software. This outage affected many government organizations and companies in different industries, such as finance, media, and telecommunications. The event led to numerous complaints from the users who experienced problems like blue screen of death and system failure. Although, CrowdStrike has admitted to the problem and is in the process of fixing it. 

Preventive Measures:

• Organize regular awareness sessions to educate the employees about the phishing techniques and how they can avoid the phishing scams, emails, links, and websites.
• MFA should be used for login to the sensitive accounts and systems for an improvement on the security levels.
• Make sure all security applications including the antivirus and anti-malware are up to date to help in the detection of phishing scams.
• This includes putting in place of measures such as alert on account activity or login patterns to facilitate early detection of phishing attempts.
• Encourage employees and users to inform the IT department as soon as they have any suspicions regarding phishing attempts.

Conclusion:

The recent CrowdStrike outage is a perfect example of how cybercriminals take advantage of the situation and user’s confusion and anxiety. Thus, people and organizations can keep themselves from these threats and maintain the confidentiality of their information by being cautious and adhering to the proper standards. To get the current information on the BSOD problem and the detailed instructions on its solution, visit CrowdStrike’s support center. Reported problems should be handled with caution and regular backup should be made to minimize the effects.

References:

• https://app.any.run/tasks/2c0ffc87-4059-4d6f-8306-1258cf33aa54/
• https://app.any.run/tasks/48e18e33-2007-49a8-aa60-d04c21e8fa11
• https://www.virustotal.com/gui/file/19001dd441e50233d7f0addb4fcd405a70ac3d5e310ff20b331d6f1a29c634f0/relations
• https://www.virustotal.com/gui/file/803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61/detection
• https://www.joesandbox.com/analysis/1478411#iocs

‍

Introduction

Cyber slavery has emerged as a serious menace. Offenders target innocent individuals, luring them with false promises of employment, only to capture them and subject them to horrific torture and forced labour. According to reports, hundreds of Indians have been imprisoned in 'Cyber Slavery' in certain Southeast Asian countries. Indians who have travelled to South Asian nations such as Cambodia in the hopes of finding work and establishing themselves have fallen victim to the illusion of internet slavery. According to reports, 30,000 Indians who travelled to this region on tourist visas between 2022 and 2024 did not return. India Today’s coverage demonstrated how survivors of cyber slavery who have somehow escaped and returned to India have talked about the terrifying experiences they had while being coerced into engaging in cyber slavery.

Tricked by a Job Offer, Trapped in Cyber Slavery

India Today aired testimonials of cyber slavery victims who described how they were trapped. One individual shared that he had applied for a well-paying job as an electrician in Cambodia through an agent in Delhi. However, upon arriving in Cambodia, he was offered a job with a Chinese company where he was forced to participate in cyber scam operations and online fraudulent activities.

He revealed that a personal system and mobile phone were provided, and they were compelled to cheat Indian individuals using these devices and commit cyber fraud. They were forced to work 12-hour shifts. After working there for several months, he repeatedly requested his agent to help him escape. In response, the Chinese group violently loaded him into a truck, assaulted him, and left him for dead on the side of the road. Despite this, he managed to survive. He contacted locals and eventually got in touch with his brother in India, and somehow, he managed to return home.

This case highlights how cyber-criminal groups deceive innocent individuals with the false promise of employment and then coerce them into committing cyber fraud against their own country. According to the Ministry of Home Affairs' Indian Cyber Crime Coordination Center (I4C), there has been a significant rise in cybercrimes targeting Indians, with approximately 45% of these cases originating from Southeast Asia.

CyberPeace Recommendations

Cyber slavery has developed as a serious problem, beginning with digital deception and progressing to physical torture and violent actions to commit fraudulent online acts. It is a serious issue that also violates human rights. The government has already taken note of the situation, and the Indian Cyber Crime Coordination Centre (I4C) is taking proactive steps to address it. It is important for netizens to exercise due care and caution, as awareness is the first line of defence. By remaining vigilant, they can oppose and detect the digital deceit of phony job opportunities in foreign nations and the manipulative techniques of scammers. Netizens can protect themselves from significant threats that could harm their lives by staying watchful and double-checking information from reliable sources.

References

1. CyberPeace Highlights Cyber Slavery: A Serious Concern https://www.cyberpeace.org/resources/blogs/cyber-slavery-a-serious-concern
2. https://www.indiatoday.in/india/story/india-today-operation-cyber-slaves-stories-of-golden-triangle-network-of-fake-job-offers-2642498-2024-11-29
3. https://www.indiatoday.in/india/video/cyber-slavery-survivors-narrate-harrowing-accounts-of-torture-2642540-2024-11-29?utm_source=washare

‍