A prominent Togolese human rights defender has been targeted with spyware by a threat actor known for striking victims in South Asia, marking the hacking group's first foray into digital surveillance in Africa. Amnesty International tied the covert attack campaign to a collective tracked as "Donot Team", which has been linked to cyber offensives in India and Pakistan, while also identifying apparent evidence linking the group's infrastructure to an Indian company called Innefu Labs.
India has announced a new security policy for its power sector and specified a grade of isolation it says exceeds that offered by air gaps. "The much hyped air gap myth between information technology and operational technology systems now stands shattered," the policy states, before going on to offer a slightly odd definition of an air gap.
A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans, signaling a "Boost in their development operations." First documented in September 2020 by Indian cybersecurity firm Quick Heal, SideCopy has a history of mimicking infections chains implemented by the Sidewinder APT to deliver its own set of malware - in an attempt to mislead attribution and evade detection - while constantly retooling payloads that includes additional exploits in its weaponry after a reconnaissance of the victim's data and environment.
A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research. Some of the victims include a foreign government organization, a power transmission organization, and a power generation and transmission organization.
WhatsApp on Wednesday fired a legal salvo against the Indian government to block new regulations that would require messaging apps to trace the "First originator" of messages shared on the platform, thus effectively breaking encryption protections. "Requiring messaging apps to 'trace' chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people's right to privacy," a WhatsApp spokesperson told The Hacker News via email.
As COVID-19 continues to ravage India, the nation's government has told it populace that 5G signals have nothing to do with the spread of the virus - if only because no 5G networks operate in India. After pointing out that the very notion is a nonsense, the department points out that India approved 5G trials on May 4th and they won't start for months.
Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. Reacting to the development, the company however said it had recently upgraded its security systems following reports of "Unauthorized access into our database" while stressing that users' funds and securities remained protected.
The highest-ranked officer in India's armed forces has admitted that China has cyber-war capabilities that can overwhelm his nation's defenses and suggested that only cross-forces collaboration will get India to parity with its giant neighbor. General Bipin Rawat, a four-star general and since 2020 the first to hold a new role of chief of defense staff, offered that assessment yesterday in a talk hosted by Indian think tank the Vivekananda International Foundation.
Indian digital financial services platform Mobikwik denies claims that almost 8 TB of data put up for sale was allegedly stolen from its servers. The threat actor who put the allegedly stolen data up for sale also created a search portal to allow anyone to check if their data is included in the stolen data.
Researchers have now disclosed more information on how they were able to breach multiple websites of the Indian government. Last month, researchers from the Sakura Samurai hacking group had partially disclosed that they had breached cyber systems of Indian government after finding a large number of critical vulnerabilities.