#FactCheck-Protest Video from Nagrota Falsely Linked to Opposition Against Indian Army
Executive Summary
A video is being widely circulated on social media by Pakistani propaganda-linked users, showing a group of people protesting on a road. It is being claimed that protesters in Jammu & Kashmir stopped Indian Army personnel from entering Nagrota, indicating growing public opposition against the forces. Research by CyberPeace Research Wing found that the claim is misleading. The viral video is unrelated to any protest against the Indian Army.
Claim
A user posted the video on X, claiming: “The days of Indian military occupation are numbered; people of Jammu & Kashmir have risen against India. Protesters stopped the Indian Army from entering Nagrota.”
- https://x.com/Stealthfalconer/status/2050301106623045758?s=20

Fact Check
During the research, the CyberPeace Research Wing team found no evidence of any such incident where civilians blocked or opposed the Indian Army in Nagrota. Further probe led to a post by an X user “Defence News Of INDIA,” which contained the full version of the viral video. The accompanying information clarified that the protest took place in Dansal’s Badsu Panchayat area of Nagrota and was led by BJP MLA Devayani Rana.

The protest was organized against the Public Health Engineering (PHE) Department over severe water shortage issues in the region. Locals, along with the MLA, staged a sit-in to highlight the lack of water supply.
We also found multiple media reports, including from KBC News – Kashmir and Jammu Links News, confirming that Devayani Rana led a road blockade protest in her constituency over water scarcity and accused the Jal Shakti Department of negligence and administrative failure. Additionally, videos of the same protest were available on social media platforms, including live streams shared from Devayani Rana’s official pages.

Conclusion
Our research confirms that the viral claim is false and misleading. The video does not show any protest against the Indian Army. It is actually from a demonstration led by Devayani Rana and local residents over water shortage issues in Nagrota.
Related Blogs

Introduction
The rapid adoption of artificial intelligence (AI) tools and applications in companies has been largely presented as a groundbreaking development for enterprises. The potential for increased productivity and efficiently scaled companies eliminates repetitive tasks and builds a narrative that practically writes itself for executives. What has largely been ignored, however, is its effect on its users- the employees. Evidence from across the United States, United Kingdom, and continental Europe indicates an increase in psychological disengagement from work, along with an increase in the number of people who are actively sabotaging the very systems that companies have invested millions of dollars to implement, as a direct result of being forced to work with AI.
The Backdrop: Quiet Quitting
Quiet quitting is a form of employee disengagement wherein workers meet only the basic expectations of their job without. Gallup puts global employee engagement at just 21%. State of the Global Workplace 2026 report which analysed employee well-being across 160 countries reports that in India, employee and manager engagement has declined. Around 62% of workers describe themselves as not engaged, and another 17% are actively disengaged — not just drifting, but potentially pulling in the opposite direction. What does this mean for productivity? Gallup estimates this costs the global economy roughly $8.9 trillion in lost productivity each year, around 9% of world GDP. This is the workplace AI has entered into.
How AI Is Changing the Nature of Work
The promise was simpler work but employees report that the reality is often more of it. AI raises output expectations without necessarily reducing effort. Workers now lose the equivalent of 51 working days per year to technology friction, nearly two full months up 42% from 2025. Poorly integrated systems force employees to spend hours troubleshooting or correcting AI-generated outputs, adding cognitive load rather than removing it. Focus efficiency dropped to a three-year low of 60%, as collaboration time surged 34% and multitasking climbed 12%. AI is not eliminating work. It is transforming it into something more demanding and more fragmented. The psychological dimension is equally documented. TalentLMS research found that 54% of employees report persistent workplace unhappiness, with one in five experiencing it frequently or constantly. 29% report unmanageable workloads during this transition, and 15% do not clearly understand their role expectations in an AI-transformed workplace. When workers cannot see where they fit, withdrawal is a rational response.
Then there is the fear. IBM announced it would not replace roughly 7,800 back-office positions that could be handled by AI, framing it as natural attrition. Klarna said its AI assistant was doing the work of 700 full-time customer service agents. Dropbox laid off 16% of its workforce, with its CEO explicitly citing the need to “make room for AI.” AI was the leading cause of job cuts in March 2026 the first time that has happened since tracking began.
The Causal Link: AI Anxiety to Quiet Quitting
A peer-reviewed study published in March 2025 establishes the causal mechanism between forced AI adoption and employee disengagement. Conducted across 457 employees in Turkish SMEs, it found that AI anxiety does not directly compel people to resign. Instead, it triggers quiet quitting a form of progressive disengagement that functions as a precursor to departure. Drawing on Withdrawal Progression Theory, the study frames quiet quitting as a preliminary stage of turnover intention, where withdrawal progresses from mild detachment toward eventual exit. The integrated causal chain runs as follows: forced AI adoption creates work intensification and job anxiety, which produce burnout and loss of autonomy, which trigger psychological withdrawal, which precedes turnover. DHR Global’s Workforce Trends Report for 2026 found that overall employee engagement dropped from 88% to 64% in a single year. Crucially, 69% of C-suite leaders say their company has communicated clearly about AI’s impact on jobs but only 12% of entry-level staff agree. When the people most exposed to displacement are also the least informed about what is happening to their roles, disengagement is not a mystery. It is a response to a vacuum of information.
From Disengagement to Active Withdrawal
Quiet quitting is then a natural response. But what has emerged alongside it is something more active, and it is where the disengagement crisis tips into something organisations are unprepared for. The Writer and Workplace Intelligence survey of 2,400 knowledge workers found that 29% of employees admit to willfully withdrawing from their company’s AI strategy. Among Gen Z workers, that figure jumps to 44%. Active withdrawal takes several forms: entering proprietary data into public AI chatbots, using unapproved tools, outright refusing to engage with mandated platforms, and in some cases deliberately generating low-quality outputs to make the technology look ineffective. For Gen Z, the resistance has a structural logic. Junior roles in finance, law, and tech the traditional “learning by doing” rungs of the career ladder have declined by 32% since 2022. For a 22-year-old, AI is not a tool; it is a competitor that has already taken their first job. Workers who resist AI out of fear for their jobs are making themselves more vulnerable to the outcome they dread. 77% of executives say employees who refuse to become proficient in AI will not be considered for promotions or leadership roles, and 60% are considering cutting those who refuse to adopt it entirely.
Meanwhile, 75% of executives admit their company’s AI strategy is “more for show” than a meaningful guide to outcomes. Only 29% report significant ROI from generative AI, despite 97% claiming to have already deployed agents across their organisation. 39% of business leaders admit they made employees redundant as a result of deploying AI of whom 55% concede they made the wrong decisions about those redundancies. Organisations are moving fast, getting it wrong, and the cost is being absorbed by the workforce.
Conclusion
AI is not directly causing quiet quitting. However, AI is changing how we view working relationships; it will continue to result in predictable outcomes of poor execution of AI (i.e. passive to active disengagement) and radically change the way that we work, primarily by creating an increase in job demands, reducing autonomy, and raising worker anxiety without providing any transparency about future AI technology use. If AI continues to create a challenging work environment, it may lead to increased psychological detachment from work and ultimately result in productivity losses, possibly canceling out the very gains expected from AI integration. This globally rising disengagement from AI tools begets the question: is technology being deployed responsibly?
References
- https://www.gallup.com/workplace/349484/state-of-the-global-workplace.aspx
- https://www.walkme.com/news-releases/enterprises-lose-51-workdays-per-employee-to-technology-friction-annually-despite-record-ai-investment-walkme-global-study-of-3750-finds/.
- https://www.activtrak.com/resources/state-of-the-workplace/
- https://peoplemanagingpeople.com/employee-retention/quiet-cracking/
- https://www.webpronews.com/the-quiet-revolt-gen-z-workers-are-deliberately-undermining-ai-deployments-from-the-inside/
- https://www.uctoday.com/productivity-automation/44-of-gen-z-workers-are-sabotaging-your-enterprise-ai-rollout-the-problem-isnt-gen-z/
- https://pmc.ncbi.nlm.nih.gov/articles/PMC11939379/
- https://huntscanlon.com/workforce-trends-2026-leaders-confront-burnout-disengagement-and-ai-driven-change/
- https://fortune.com/2026/04/08/gen-z-workers-sabotage-ai-rollout-backlash/
- https://peoplemanagingpeople.com/employee-retention/quiet-cracking/
- https://www.hrgrapevine.com/us/content/article/2026-04-09-ai-adoption-is-tearing-companies-apart-says-new-report
- https://economictimes.indiatimes.com/news/new-updates/india-leads-in-workplace-disengagement-as-quiet-quitting-trend-rises-why-are-indians-mentally-checking-out-at-jobs/articleshow/130104773.cms?from=mdr

Introduction
Digital arrest scams operate by fraudsters convincing individuals that they are under official scrutiny, often through fabricated notices, video calls, and staged procedures. The harm is not just technical, it is psychological. It works because it feels real.
It is in this context that the Central Bureau of Investigation has introduced ABHAY, an AI based chatbot intended to help individuals verify whether a notice issued in the name of the agency is genuine or not. At one level, this is a simple verification tool. But on closer inspection, it reflects a deeper shift in how cyber threats are being understood and dealt with.
Understanding ABHAY as a Public Interface
ABHAY is designed as a citizen facing mechanism. A person who receives a suspicious communication can use the tool to check its authenticity. This becomes particularly relevant in situations where individuals are pressured into immediate compliance.
What stands out here is the timing. Traditional responses to cybercrime begin after harm has occurred. Complaints are filed, investigations begin, and then some form of remedy follows. ABHAY, however, operates before that stage. It intervenes at the point where a person is still deciding whether to believe what they have received.
“The AI-powered notice verification chatbot, ABHAY, will allow the public to verify the genuineness of a notice purportedly issued by the CBI. In the context of digital arrest frauds, this provides a much required tool for the citizens,” a CBI spokesperson said.
While this may seem like a small shift, but it changes the logic of response. It introduces verification as a first step, rather than enforcement as a later one. Verification tools aim to interrupt that process at a preventive stage. At the same time, their effectiveness depends on awareness along with the precision and functionality of the ABHAY AI. A tool cannot assist if it is not known or trusted. This places some responsibility on institutions to ensure that such initiatives are communicated clearly and remain accessible.
Digital Arrest Scams and the Problem of Legitimacy
Digital arrest scams depend on imitation and make-believe; all tied up with instilling fear through social engineering. Fraudsters replicate the form and language of legal authority. They even use official looking documents, adopt institutional identities, and often create a controlled environment where the victim feels watched and isolated.
The law usually assumes that a reasonable person can distinguish between genuine and fake communication. But in these cases, that assumption begins to weaken. The more convincing the imitation, the harder it becomes to question it.
ABHAY attempts to address this very gap. It does not investigate or punish, it simply verifies. In doing so, it restores a basic distinction that has become blurred. The distinction between lawful authority and its digital imitation.
Legal Context and Emerging Questions
From a legal perspective, this development sits slightly outside conventional frameworks. Under the Information Technology Act, 2000, offences such as cheating by personation and identity misuse are recognized, but the emphasis is on post facto liability. Similarly, consumer protection law addresses misleading conduct after it has affected consumers.
ABHAY operates at an earlier stage. It functions in what may be called a pre liability space.
This raises certain questions, even if they are not immediately visible. When a state agency provides an AI based verification tool, what is the nature of reliance that can be placed on it. If an individual acts based on its output, does that create any expectation of accuracy or responsibility. These are not yet settled issues, but they are likely to become relevant as such tools become more common.
Conclusion
ABHAY reflects a subtle but important shift in approach. By allowing individuals to verify authenticity at the moment of interaction, it introduces a form of prevention and protection that is immediate and practical. At the same time, it opens up questions around reliability, accountability, and long-term integration of such tools into legal frameworks. These questions will need attention as similar technologies are adopted more widely.
For now, ABHAY represents an early attempt to respond to a changing problem. One where trust itself has become a site of vulnerability.
References

Executive Summary:
New Linux malware has been discovered by a cybersecurity firm Volexity, and this new strain of malware is being referred to as DISGOMOJI. A Pakistan-based threat actor alias ‘UTA0137’ has been identified as having espionage aims, with its primary focus on Indian government entities. Like other common forms of backdoors and botnets involved in different types of cyberattacks, DISGOMOJI, the malware allows the use of commands to capture screenshots, search for files to steal, spread additional payloads, and transfer files. DISGOMOJI uses Discord (messaging service) for Command & Control (C2) and uses emojis for C2 communication. This malware targets Linux operating systems.
The DISCOMOJI Malware:
- The DISGOMOJI malware opens a specific channel in a Discord server and every new channel corresponds to a new victim. This means that the attacker can communicate with the victim one at a time.
- This particular malware connects with the attacker-controlled Discord server using Emoji, a form of relay protocol. The attacker provides unique emojis as instructions, and the malware uses emojis as a feedback to the subsequent command status.
- For instance, the ‘camera with flash’ emoji is used to screenshots the device of the victim or to steal, the ‘fox’ emoji cracks all Firefox profiles, and the ‘skull’ emoji kills the malware process.
- This C2 communication is done using emojis to ensure messaging between infected contacts, and it is almost impossible for Discord to shut down the malware as it can always change the account details of Discord it is using once the maliciou server is blocked.
- The malware also has capabilities aside from the emoji-based C2 such as network probing, tunneling, and data theft that are needed to help the UTA0137 threat actor in achieving its espionage goals.
Specific emojis used for different commands by UTA0137:
- Camera with Flash (📸): Captures a picture of the target device’s screen as per the victim’s directions.
- Backhand Index Pointing Down (👇): Extracts files from the targeted device and sends them to the command channel in the form of attachments.
- Backhand Index Pointing Right (👉): This process involves sending a file found on the victim’s device to another web-hosted file storage service known as Oshi or oshi[. ]at.
- Backhand Index Pointing Left (👈): Sends a file from the victim’s device to transfer[. ]sh, which is an online service for sharing files on the Internet.
- Fire (🔥): Finds and transmits all files with certain extensions that exist on the victim’s device, such as *. txt, *. doc, *. xls, *. pdf, *. ppt, *. rtf, *. log, *. cfg, *. dat, *. db, *. mdb, *. odb, *. sql, *. json, *. xml, *. php, *. asp, *. pl, *. sh, *. py, *. ino, *. cpp, *. java,
- Fox (🦊): This works by compressing all Firefox related profiles in the affected device.
- Skull (💀): Kills the malware process in windows using ‘os. Exit()’
- Man Running (🏃♂️): Execute a command on a victim’s device. This command receives an argument, which is the command to execute.
- Index Pointing up (👆) : Upload a file to the victim's device. The file to upload is attached along with this emoji
Analysis:
The analysis was carried out for one of the indicator of compromised SHA-256 hash file- C981aa1f05adf030bacffc0e279cf9dc93cef877f7bce33ee27e9296363cf002.
It is found that most of the vendors have marked the file as trojan in virustotal and the graph explains the malicious nature of the contacted domains and IPs.


Discord & C2 Communication for UTA0137:
- Stealthiness: Discord is a well-known messaging platform used for different purposes, which means that sending any messages or files on the server should not attract suspicion. Such stealthiness makes it possible for UTA0137 to remain dormant for greater periods before launching an attack.
- Customization: UTA0137 connected to Discord is able to create specific channels for distinct victims on the server. Such a framework allows the attackers to communicate with each of the victims individually to make a process more accurate and efficient.
- Emoji-based protocol: For C2 communication, emojis really complicates the attempt that Discord might make to interfere with the operations of the malware. In case the malicious server gets banned, malware could easily be recovered, especially by using the Discord credentials from the C2 server.
- Persistence: The malware, as stated above, has the ability to perpetually exist to hack the system and withstand rebooting of systems so that the virus can continue to operate without being detected by the owner of the hacked system.
- Advanced capabilities: Other features of DISGOMOJI are the Network Map using Nmap scanner, network tunneling through Chisel and Ligolo and Data Exfiltration by File Sharing services. These capabilities thus help in aiding the espionage goals of UTA0137.
- Social engineering: The virus and the trojan can show the pop-up windows and prompt messages, for example the fake update for firefox and similar applications, where the user can be tricked into inputting the password.
- Dynamic credential fetching: The malware does not write the hardcoded values of the credentials in order to connect it to the discord server. This also inconveniences analysts as they are unable to easily locate the position of the C2 server.
- Bogus informational and error messages: They never show any real information or errors because they do not want one to decipher the malicious behavior easily.
Recommendations to mitigate the risk of UTA0137:
- Regularly Update Software and Firmware: It is essential to regularly update all the application software and firmware of different devices, particularly, routers, to prevent hackers from exploiting the discovered and disclosed flaws. This includes fixing bugs such as CVE-2024-3080 and CVE-2024-3912 on ASUS routers, which basically entails solving a set of problems.
- Implement Multi-Factor Authentication: There are statistics that show how often user accounts are attacked, it is important to incorporate multi-factor authentication to further secure the accounts.
- Deploy Advanced Malware Protection: Provide robust guard that will help the user recognize and prevent the execution of the DISGOMOJI malware and similar threats.
- Enhance Network Segmentation: Utilize stringent network isolation mechanisms that seek to compartmentalize the key systems and data from the rest of the network in order to minimize the attack exposure.
- Monitor Network Activity: Scanning Network hour to hour for identifying and handling the security breach and the tools such as Nmap, Chisel, Ligolo etc can be used.
- Utilize Threat Intelligence: To leverage advanced threats intelligence which will help you acquire knowledge on previous threats and vulnerabilities and take informed actions.
- Secure Communication Channels: Mitigate the problem of the leakage of developers’ credentials and ways of engaging with the discord through loss of contact to prevent abusing attacks or gaining control over Discord as an attack vector.
- Enforce Access Control: Regularly review and update the user authentication processes by adopting stricter access control measures that will allow only the right personnel to access the right systems and information.
- Conduct Regular Security Audits: It is important to engage in security audits periodically in an effort to check some of the weaknesses present within the network or systems.
- Implement Incident Response Plan: Conduct a risk assessment, based on that design and establish an efficient incident response kit that helps in the early identification, isolation, and management of security breaches.
- Educate Users: Educate users on cybersecurity hygiene, opportunities to strengthen affinity with the University, and conduct retraining on threats like phishing and social engineering.
Conclusion:
The new threat actor named UTA0137 from Pakistan who was utilizing DISGOMOJI malware to attack Indian government institutions using embedded emojis with a command line through the Discord app was discovered by Volexity. It has the capability to exfiltrate and aims to steal the data of government entities. The UTA0137 was continuously improved over time to permanently communicate with victims. It underlines the necessity of having strong protection from viruses and hacker attacks, using secure passwords and unique codes every time, updating the software more often and having high-level anti-malware tools. Organizations can minimize advanced threats, the likes of DISGOMOJI and protect sensitive data by improving network segmentation, continuous monitoring of activities, and users’ awareness.
References:
https://otx.alienvault.com/pulse/66712446e23b1d14e4f293eb
https://thehackernews.com/2024/06/pakistani-hackers-use-disgomoji-malware.html?m=1
https://cybernews.com/news/hackers-using-emojis-to-command-malware/
https://www.volexity.com/blog/2024/06/13/disgomoji-malware-used-to-target-indian-government/