#FactCheck - Viral Video of Aircraft Carrier Destroyed in Sea Storm Is AI-Generated

Overview:

A recent addition to the  list of cybercrime  is SharpRhino, a RAT (Remote Access Trojan) actively used by Hunters International ransomware group. SharpRhino is highly developed and penetrates into the network mask of IT specialists, primarily due to the belief in the tools’ legitimacy. Going under the genuine software installer, SharpRhino started functioning in mid-June 2024. However, Quorum Cyber discovered it in early August 2024 while investigating ransomware.

About Hunters International Group:

Hunters International emerged as one of the most notorious groups focused on ransomware attacks, having compromised over 134 targets worldwide in the first seven months of 2024. It is believed that the group is the rebranding of Hive ransomware group that was previously active, and there are considerable similarities in the code. Its focus on IT employees in particular demonstrates the fact that they move tactically in gaining access to the organizations’ networks.

Modus Operandi:

1. Typosquatting Technique 

SharpRhino is mainly distributed by a domain that looks like the genuine Angry IP Scanner, which is a popular network discovery tool. The malware installer, labeled as ipscan-3.9.1-setup. It is a 32-bit Nullsoft installer which embeds a password protected 7z archive in it. 

2. Installation Process 

• Execution of Installer: When the victim downloads and executes the installer and changes the windows registry in order to attain persistence. This is done by generating a registry entry that starts a harmful file, Microsoft. AnyKey. exe, are fakes originating from fake versions of true legitimate Microsoft Visual Studio tools. 

• Creation of Batch File: This drops a batch file qualified as LogUpdate at the installer.bat, that runs the PowerShell scripts on the device. These scripts are to compile C# code into memory to serve as a means of making the malware covert in its operation. 

• Directory Creation: The installer establishes two directories that allow the C2 communication – C:\ProgramData\Microsoft: WindowsUpdater24 and LogUpdateWindows. 

3. Execution and Functionality: 

• Command Execution: The malware can execute PowerShell commands on the infected system, these actions may involve privilege escalation and other extended actions such as lateral movement. 

• C2 Communication: SharpRhino interacts with command and control servers located on domains from platforms such as Cloudflare. This communication is necessary for receiving commands from the attackers and for returning any data of interest to the attackers. 

• Data Exfiltration and Ransomware Deployment: Once SharpRhino has gained control, it can steal information and then proceed to encrypt it with a .locked extension. The procedure generally concludes with a ransom message, which informs users on how to purchase the decryption key. 

4. Propagation Techniques: 

Also, SharpRhino can spread through the self-copying method, this is the virus may copy itself to other computers using the network account of the victim and pretending to be trustworthy senders such as emails or network-shared files. Moreover, the victim’s machine may then proceed to propagate the malware to other systems like sharing in the company with other employees.

Indicators of Compromise (IOCs):

• LogUpdate.bat
• Wiaphoh7um.t
• ipscan-3.9.1-setup.exe
• kautix2aeX.t
• WindowsUpdate.bat

Command and Control Servers:

• cdn-server-1.xiren77418.workers.dev
• cdn-server-2.wesoc40288.workers.dev
• Angryipo.org
• Angryipsca.com

Analysis:

‍

‍

Graph:

Precautionary measures to be taken:

To mitigate the risks posed by SharpRhino and similar malware, organizations should implement the following measures:

• Implement Security Best Practices: It is important only to download software from official sites and avoid similar sites to confuse the user by changing a few letters.

• Enhance Detection Capabilities: Use technology in detection that can detect the IOCs linked to Sharp Rhino.

• Educate Employees: Educate IT people and employees on phishing scams and the requirement to check the origin of the application.

• Regular Backups: It is also important to back up important files from systems and networks in order to minimize the effects of ransomware attacks on a business.

Conclusion:

SharpRhino could be deemed as the evolution of the strategies used by organizations like Hunters International and others involved in the distribution of ransomware. SharpRhino primarily focuses on the audience of IT professionals and employs complex delivery and execution schemes, which makes it an extremely serious threat for corporate networks. To do so it is imperative that organizations have an understanding of its inner workings in order to fortify their security measures against this relatively new threat. Through the enforcement of proper security measures and constant enlightenment of organizations on the importance of cybersecurity, firms can prevent the various risks associated with SharpRhino and related malware. Be safe, be knowledgeable, and most importantly, be secure when it comes to cyber security for your investments.

Reference: 

https://cybersecuritynews.com/sharprhino-ransomware-alert/

https://cybersecsentinel.com/sharprhino-explained-key-facts-and-how-to-protect-your-data/

https://www.dataprivacyandsecurityinsider.com/2024/08/sharprhino-malware-targeting-it-professionals/

‍

Introduction

The automobile business is fast expanding, with vehicles becoming sophisticated, interconnected gadgets equipped with cutting-edge digital technology. This integration improves convenience, safety, and efficiency while also exposing automobiles to a new set of cyber risks. Electric vehicles (EVs) are equipped with sophisticated computer systems that manage various functions, such as acceleration, braking, and steering. If these systems are compromised, it could result in hazardous situations, including the remote control of the vehicle or unauthorized access to sensitive data. The automotive sector is evolving with the rise of connected car stakeholders, exposing new vulnerabilities for hackers to exploit. 

Why Automotive Cybersecurity is required

Cybersecurity threats to automotives result from hardware, software and overall systems redundancy. Additional concerns include general privacy clauses that justify collecting and transferring data to “third-party vendors”, without explicitly disclosing who such third parties are and the manner of processing personal data. For example, infotainment platform data may show popular music and the user’s preferences, which may be used by the music industry to improve marketing strategies. Similarly, it is lesser known that any data relating to behavioural tracking data, such as driving patterns etc., are also logged by the original equipment manufacturer.

Hacking is not limited to attackers gaining control of an electronic automobile; it includes malicious actors hacking charging stations to manipulate the systems. In Russia, EV charging stations were hacked in Moscow to display pro-Ukraine and anti-Putin messages such as “Glory to Ukraine” and “Death to the enemy” in the backdrop of the Russia-Ukraine war. Other examples include instances from the Isle of Wight, where hackers controlled the EV monitor to show inappropriate content and display high voltage fault codes to EV owners, preventing them from charging their vehicles with empty batteries.

UN Economic Commission for Europe releases Regulation 155 for Automobiles

UN Economic Commission for Europe Regulation 155 lays down uniform provisions concerning the approval of vehicles with regard to cybersecurity and cybersecurity management systems (CSMS). This was originally a part of the Commission.s Work Paper (W.P.) 29 that aimed to harmonise vehicular regulations for vehicles and vehicle equipment. Regulation 155 has a two-prong objective; first, to ensure cybersecurity at the organisational level and second, to ensure adequate designs of the vehicle architecture. A critical aspect in this context is the implementation of a certified CSMS by all companies that bring vehicles to market. Notably, this requirement alters the perspective of manufacturers; their responsibilities no longer conclude with the start of production (SOP). Instead, manufacturers are now required to continuously monitor and assess the safety systems throughout the entire life cycle of a vehicle, including making any necessary improvements.

This Regulation reflects the highly dynamic nature of software development and assurance. Moreover, the management system is designed to ensure compliance with safety requirements across the entire supply chain. This is a significant challenge, considering that suppliers currently account for over 70 per cent of the software volume.

The Regulation, which is binding in nature for 64 member countries, came into force in 2021. UNECE countries were required to be compliant with the Regulations by July 2022 for all new vehicles and by July 2024, the Regulation was set to apply to all vehicles. It is believed that the Regulation will become a de facto global standard, since vehicles authorised in a particular country may not be brought into the global market or the market of any UNECE member country based on any other authorisation. In such a scenario, OEMs of non-member countries may be required to give a “self-declaration”, declaring the equipment’s conformity with cybersecurity standards.

Conclusion

To compete and ensure trust, global car makers must deliver a robust cybersecurity framework that meets evolving regulations. The UNECE regulations in this regard are driving this direction by requiring automotive original equipment manufacturers (OEMs) to integrate vehicle cybersecurity throughout the entire value chain. The ‘security by design' approach aims to build a connected car that is trusted by all.  Automotive cybersecurity involves measures and technologies to protect connected vehicles and their onboard systems from growing digital threats.

References:

1. “Electric vehicle cyber security risks and best practices (2023)”, Cyber Talk, 1 August 2023. https://www.cybertalk.org/2023/08/01/electric-vehicle-cyber-security-risks-and-best-practices-2023/#:~:text=EVs%20are%20equipped%20with%20complex,unauthorized%20access%20to%20sensitive%20data. 
2. Gordon, Aaron, “Russian Electric Vehicle Chargers Hacked, Tell Users “PUTIN IS A D*******D”, Vice, 28 February 2022. https://www.vice.com/en/article/russian-electric-vehicle-chargers-hacked-tell-users-putin-is-a-dickhead/ 
3. “Isle of Wight: Council’s electric vehicle chargers hacked to show porn site”, BBC, 6 April 2022. https://www.bbc.com/news/uk-england-hampshire-61006816 
4. Sandler, Manuel, “UN Regulation No. 155: What You Need to Know about UN R155”, Cyres Consulting, 1 June 2022. https://www.cyres-consulting.com/un-regulation-no-155-requirements-what-you-need-to-know/?srsltid=AfmBOopV1pH1mg6M2Nn439N1-EyiU-gPwH2L4vq5tmP0Y2vUpQR-yfP7#A_short_overview_Background_knowledge_on_UN_Regulation_No_155 
5. https://unece.org/wp29-introduction?__cf_chl_tk=ZYt.Sq4MrXvTwSiYURi_essxUCGCysfPq7eSCg1oXLA-1724839918-0.0.1.1-13972

‍

Introduction

‍

We were all stunned and taken aback when multiple photos of streets in the U.S. surfaced with heavily drugged individuals loosely sitting on the streets, victims of a systematically led drug operation that has recently become a target of the Trump-led “tariff” war, which he terms as a war on drug cartels. The drug is a synthetic opioid, fentanyl, which is highly powerful and addictive. The menace of this drug is found in a country that has Wall Street and the largest and most powerful economy globally. The serious implications of drug abuse are not about a certain economy; instead, it has huge costs to society in general. The estimated cost of substance misuse to society is more than $820 billion each year and is expected to continue rising. 

On June 26, the International Day against Drug Abuse and Illicit Trafficking is observed globally. However, this war is waged daily for millions of people, not on streets or borders, but in bloodstreams, behind locked doors, and inside broken homes. Drug abuse is no longer a health crisis; it is a developmental crisis. The United Nations Office on Drugs and Crime has launched a campaign against this organised crime that says, “Break the Cycle’ attributing to the fact that de-addiction is hard for individuals. 

The Evolving Drug Crisis: From Alleyways to Algorithms

‍

The menace of Drug abuse and illicit trafficking has also taken strides in advancement, and what was once considered a street-side vice has made its way online in a faceless, encrypted, and algorithmically optimised sense. The online drug cartels operate in the shadows and often hide in plain sight, taking advantage of the privacy designed to benefit individuals. With the help of darknet markets, cryptocurrency, and anonymised logistics, the drug trade has transformed into a transnational, tech-enabled industry on a global scale. In an operation led by the U.S. Department of Justice’s Joint Criminal Opiod and Darknet Enforcement (JCODE) and related to Operation RapTor, an LA apartment was only to find an organised business centre that operated as a hub of one of the most prolific methamphetamine and cocaine distributors in the market. Aaron Pinder, Unit Chief of the FBI Hi-Tech Organised Crime Unit, said in his interview, “The darknet vendors that we investigate, they truly operate on a global scale.” On January 11, 2025, during the Regional Conference on “Drug Trafficking and National Security,” it was acknowledged how cryptocurrency, the dark web, online marketplaces, and drones have made drug trafficking a faceless crime. Reportedly, there has been a seven-fold increase in the drugs seized from 2004-14 to 2014-24. 

‍

India’s Response: Bridging Borders, Policing Bytes

‍

India has been historically vulnerable due to its geostrategic placement between the Golden Crescent (Afghanistan-Iran-Pakistan) and Golden Triangle (Myanmar-Laos-Thailand), and confronts a fresh danger from “click-to-consume’ narcotics. Although India has always adopted a highly sensitised approach, it holds an optimistic future outlook for the youth. Last year, to commemorate the occasion of International Day against Drug Abuse and Illicit Trafficking, the Department of Social Justice & Empowerment organised a programme to engage individuals for the cause. The Indian authorities are often seen coming down heavily on the drug peddlers and cartels, and to aid the cause, the Home Minister Amit Shah inaugurated the new office complex of the NCB’s Bhopal zonal unit and extension of the MANAS-2 helpline to all 36 states and UTs. The primary objectives of this step are to evaluate the effectiveness of the Narcotics Coordination Mechanism (NCORD), assess the progress of states in fighting drug trafficking, and share real-time information from the National Narcotics Helpline ‘MANAS’ portal with the Anti-Narcotics Task Force (ANTF) of states and UTs. 

‍

The United Nation’s War on Narcotics: From Treaties to Technology

‍

The United Nations Office on Drugs and Crime (UNODC) is leading the international response. It offers vital data, early warning systems, and technical support to the states fighting the drug problem. The UNODC incorporates cooperation in cross-border intelligence, overseeing the darknet activities, encouraging the treatment and harm reduction, and using anti-money laundering mechanisms to stop financial flows. India has always pledged its support to the UN led activities, and as per reports dated 26th March, 2025, India chaired the prestigious UN-backed Commission on Narcotic Drugs (CND) meeting held in vienna, wherein India highlighted the importance of opioids for medical purposes as well as the nation’s notable advancements in the field. 

‍

Resolution on June 26: From Commemoration to Commitment

‍

Let June 26 be more than a date on the calendar- let it echo as a call to action, a day when awareness transforms into action, and resolve becomes resistance. On this day, CyberPeace resolves the following:

‍

• To treat addicts as victims rather than criminals and to pitch for reforms to provide access to reasonably priced, stigma-free rehabilitation.
• To integrate anti-drug awareness into digital literacy initiatives and school curricula in order to teach frequently and early.
• To demand responsibility and accountability from online marketplaces and delivery services that unwittingly aid traffickers
• To tackle the demand side through employment, mental health services, and social protection, particularly for at-risk youth.

‍

References

• https://www.gatewayfoundation.org/blog/cost-of-drug-addiction/#:~:text=The%20estimated%20cost%20for%20substance,Alcohol%3A%20%24249%20billion 
• https://www.unodc.org/unodc/en/drugs/index-new.html 
• https://www.fbi.gov/news/stories/global-operation-targets-darknet-drug-trafficking 
• https://www.thehindu.com/news/national/dark-web-crypto-drones-emerge-as-challenges-in-fight-against-drug-trafficking-amit-shah/article69088383.ece 
• https://www.pib.gov.in/PressReleaseIframePage.aspx?PRID=2028704 
• https://www.newindianexpress.com/nation/2025/Mar/26/in-a-first-india-chairs-un-forum-on-narcotics-pledges-to-improve-access-to-pain-relief-and-palliative-care 

‍