#FactCheck-AI-Generated Viral Image of US President Joe Biden Wearing a Military Uniform

Overview:

A recent addition to the  list of cybercrime  is SharpRhino, a RAT (Remote Access Trojan) actively used by Hunters International ransomware group. SharpRhino is highly developed and penetrates into the network mask of IT specialists, primarily due to the belief in the tools’ legitimacy. Going under the genuine software installer, SharpRhino started functioning in mid-June 2024. However, Quorum Cyber discovered it in early August 2024 while investigating ransomware.

About Hunters International Group:

Hunters International emerged as one of the most notorious groups focused on ransomware attacks, having compromised over 134 targets worldwide in the first seven months of 2024. It is believed that the group is the rebranding of Hive ransomware group that was previously active, and there are considerable similarities in the code. Its focus on IT employees in particular demonstrates the fact that they move tactically in gaining access to the organizations’ networks.

Modus Operandi:

1. Typosquatting Technique 

SharpRhino is mainly distributed by a domain that looks like the genuine Angry IP Scanner, which is a popular network discovery tool. The malware installer, labeled as ipscan-3.9.1-setup. It is a 32-bit Nullsoft installer which embeds a password protected 7z archive in it. 

2. Installation Process 

• Execution of Installer: When the victim downloads and executes the installer and changes the windows registry in order to attain persistence. This is done by generating a registry entry that starts a harmful file, Microsoft. AnyKey. exe, are fakes originating from fake versions of true legitimate Microsoft Visual Studio tools. 

• Creation of Batch File: This drops a batch file qualified as LogUpdate at the installer.bat, that runs the PowerShell scripts on the device. These scripts are to compile C# code into memory to serve as a means of making the malware covert in its operation. 

• Directory Creation: The installer establishes two directories that allow the C2 communication – C:\ProgramData\Microsoft: WindowsUpdater24 and LogUpdateWindows. 

3. Execution and Functionality: 

• Command Execution: The malware can execute PowerShell commands on the infected system, these actions may involve privilege escalation and other extended actions such as lateral movement. 

• C2 Communication: SharpRhino interacts with command and control servers located on domains from platforms such as Cloudflare. This communication is necessary for receiving commands from the attackers and for returning any data of interest to the attackers. 

• Data Exfiltration and Ransomware Deployment: Once SharpRhino has gained control, it can steal information and then proceed to encrypt it with a .locked extension. The procedure generally concludes with a ransom message, which informs users on how to purchase the decryption key. 

4. Propagation Techniques: 

Also, SharpRhino can spread through the self-copying method, this is the virus may copy itself to other computers using the network account of the victim and pretending to be trustworthy senders such as emails or network-shared files. Moreover, the victim’s machine may then proceed to propagate the malware to other systems like sharing in the company with other employees.

Indicators of Compromise (IOCs):

• LogUpdate.bat
• Wiaphoh7um.t
• ipscan-3.9.1-setup.exe
• kautix2aeX.t
• WindowsUpdate.bat

Command and Control Servers:

• cdn-server-1.xiren77418.workers.dev
• cdn-server-2.wesoc40288.workers.dev
• Angryipo.org
• Angryipsca.com

Analysis:

‍

‍

Graph:

Precautionary measures to be taken:

To mitigate the risks posed by SharpRhino and similar malware, organizations should implement the following measures:

• Implement Security Best Practices: It is important only to download software from official sites and avoid similar sites to confuse the user by changing a few letters.

• Enhance Detection Capabilities: Use technology in detection that can detect the IOCs linked to Sharp Rhino.

• Educate Employees: Educate IT people and employees on phishing scams and the requirement to check the origin of the application.

• Regular Backups: It is also important to back up important files from systems and networks in order to minimize the effects of ransomware attacks on a business.

Conclusion:

SharpRhino could be deemed as the evolution of the strategies used by organizations like Hunters International and others involved in the distribution of ransomware. SharpRhino primarily focuses on the audience of IT professionals and employs complex delivery and execution schemes, which makes it an extremely serious threat for corporate networks. To do so it is imperative that organizations have an understanding of its inner workings in order to fortify their security measures against this relatively new threat. Through the enforcement of proper security measures and constant enlightenment of organizations on the importance of cybersecurity, firms can prevent the various risks associated with SharpRhino and related malware. Be safe, be knowledgeable, and most importantly, be secure when it comes to cyber security for your investments.

Reference: 

https://cybersecuritynews.com/sharprhino-ransomware-alert/

https://cybersecsentinel.com/sharprhino-explained-key-facts-and-how-to-protect-your-data/

https://www.dataprivacyandsecurityinsider.com/2024/08/sharprhino-malware-targeting-it-professionals/

‍

Executive Summary 

‍

Social media users, particularly Pakistani propaganda accounts, shared an image showing coffins wrapped in the Indian tricolour and claimed that India violated the ceasefire along the Line of Control (LoC). According to the posts, Pakistan retaliated with heavy firing, captured the Indian Army’s Kumar Top post, and several Indian soldiers were killed in the exchange.

One user wrote, “Breaking News: Indian Army once again violated the ceasefire in the Mandal sector, targeting civilians with mortar shelling. Pakistan responded strongly, captured the Indian Army’s Kumar Top post, and several soldiers were reportedly killed. Calm has now been restored after Pakistan’s response.”

‍

‍

‍

Fact Check

‍

Research  by CyberPeace found the viral claim to be false. Using reverse image search, we traced the viral photo to the Shutterstock website. The image description states that it was taken on August 6, 2013, and shows Indian Army personnel standing near the coffins of soldiers who were killed by Pakistani infiltrators at a brigade headquarters in Poonch, located about 240 km from Jammu. This confirms that the image is old and unrelated to recent developments along the Line of Control.

• https://www.shutterstock.com/editorial/image-editorial/indian-army-personnel-stand-near-coffins-soldiers-7978701d?trackingId=z9wCYlIkFhzUEM__FUsYaw&listId=searchResults&dd_referrer=

‍

‍

‍

Further verification led us to a report published by NBC News on August 8, 2013, which also featured the same visual in connection with the 2013 cross-border attack.

‍

• https://www.nbcnews.com/news/world/india-accuses-pakistan-over-cross-border-raid-killed-five-soldiers-flna6c10874536

‍

Additionally, posts from the official X (formerly Twitter) handle of the Indian Army 16 Corps (White Knight Corps) stated that based on intelligence inputs and continuous surveillance, suspicious terrorist activity was detected near Nathua Tibba in the Sunderbani sector close to the LoC in the early hours of February 19, 2026. Alert troops responded promptly and successfully foiled the infiltration attempt. The Army also confirmed that operational vigilance remains high across the sector. However, there were no reports of casualties due to Pakistani firing.

‍

• https://x.com/Whiteknight_IA/status/2024468953192640630?s=20

‍

‍

‍

Conclusion:

‍

The viral image showing coffins of Indian soldiers is not recent but dates back to 2013. There are no confirmed reports of casualties from Pakistani firing along the Line of Control in the current context. Therefore, the claim circulating on social media is misleading.

‍

Introduction

Cybercrime in India is developing at a rapid rate in terms of depth and volume, with culprits leveraging technology, anonymity, and social engineering to exploit unsuspecting victims. In a high-profile instance of coordinated police action, the Delhi Police Crime Branch recently cracked a large-scale pan-India cybercrime syndicate with its arms stretching across Delhi, Rajasthan, and Uttar Pradesh. The syndicate used to be involved in a range of cybercrimes, from sextortion and online fraud to fake call centres and cloning of bank accounts. With over ₹5 crore of illicit financial transactions revealed, the operation highlights the critical role of proactive cyber policing, data security and public awareness in India's war against digital crime.

A Multi-State Operation: Crime Network across States

On May 24, 2025, on receiving a tip-off, the Delhi Police conducted a specific raid in New Ashok Nagar to catch a suspect consignment said to be used for cybercrime. This resulted in a multi-layered investigation that revealed a large crime syndicate. Police recovered 28 mobile phones, 30 SIM cards, 15 debit cards, 8 cheque books, and two laptops, equipment said to have been used in crimes ranging from sextortion to fake loan scams.

Three of the initial arrests revealed the use of fake kits like pre-activated SIMs and counterfeit documents to create phoney digital identities and bank accounts. They were being used to bypass KYC norms and make untraceable transactions, illustrating how cyber thieves exploit digital identity as well as financial authentication loopholes in the system.

Fake Call Centre Falsely Claiming to be a Lender

Tracing the leads, the investigation then led the police to Mundka, a semi-residential and industrial area in Delhi, where a fake call centre in the name of a loan assistance service was operating. Suspects were allegedly operating the business. With deceptive scripts, their telemarketing staff lured victims with the offer of instant personal loans. When a prospective victim replied favorably and was willing to go further, he was asked to send identification documents and was then forced to pay a "processing fee." Once the payment was made, the accused would cut off contact immediately, leaving the victims shortchanged.

During the raid, seven individuals were apprehended, six of whom were trained tele-callers with a reasonable level of technical skill. In spite of possessing educational certificates and receiving a meagre pay of between ₹8,000 and ₹9,000 a month, these individuals had been enticed into the cybercrime network, demonstrating how educated youth are now more commonly being exploited or recruited by such scam networks in return for quick money.

Uncovering the Sextortion Racket

The most shocking disclosure was that of a sextortion racket being run from New Ashok Nagar, a residential area located in West Delhi, New Delhi. Suspects tricked victims with fraudulent Facebook profiles, contacted them on Messenger, and then changed to WhatsApp video calls. Pornographic videos were played on such calls while the reactions of the victim were secretly recorded. These were later utilised for extortion by threatening to share them with the whole world. The ability of such a group to blackmail and psychologically manipulate the victims indicates the psychological nature of cybercrime and the need for online safety education.

Impact and Significance: A Wake-Up Call for Law Enforcement and Public Awareness

This crackdown is uncovering some ominous trends that reflect the changing face of cybercrime in India. The syndicate's framework highlights the organised and multi-state nature of cybercrime, mostly operating through systemic loopholes. Misuse of social media sites and fintech apps is also rampant, and these are being leveraged for scams, sextortion, and monetary fraud. One of the most concerning trends is young people becoming more engaged in cybercrime, either out of economic necessity or enticed by easy cash. Most of these scams increasingly involve psychological manipulation, particularly in sextortion, where shame and fear are employed as tools. Digital identity fraud has also been facilitated through false documents and lenient Know Your Customer (KYC) checks, with fraudsters being able to evade verification processes.

These observations underscore the necessity of strong reporting channels. There also needs to be an urgent implementation of stringent verification standards in the telecom and banking industries, along with extensive community-level digital literacy initiatives to sensitise citizens to online threats and preventive measures.

CyberPeace Vision: Building a Safe Digital India

India needs a multi-level cyber security approach, comprising people awareness, AI-driven detection systems, and coordination of inter-state policing. Precedence needs to be given to:

• Capacity building of cyber police units.
• Real-time exchange of scam intelligence among law enforcement.
• Schools, colleges, and workplaces should be aware of digital hygiene.
• Rehabilitation of cyber-offenders, especially youth.
• Countering online misinformation and disinformation through fact-checking and public education campaigns
• Ensuring inclusivity in cyber safety policies so vulnerable populations, including rural users, senior citizens, and linguistic minorities, are not left behind

The breakdown of the syndicate is a major victory, but the absence of difficulty with which these networks function highlights the need for cybercrime prevention initiatives, not after the fact. 

Conclusion 

The Delhi Police bust of a pan-India cybercrime gang is evidence of the increasing reach and audacity of cyber crooks from one corner of India to another. From sextortion and social engineering to financial fraud and identity theft on the web, the bust demonstrates how deep and pervasive cybercrime gangs have become. It is also a reminder that anyone can get entangled and that education, awareness, and early reporting are our best defence. With India's online presence expanding day by day, our collective cyber awareness must keep pace. The fight against cybercrime will not be won only by arrests, but through a national effort to secure our digital spaces.

‍

References

1. https://indianexpress.com/article/cities/delhi/delhi-police-cyber-crime-syndicate-10047218/
2. https://www.thehindu.com/news/cities/Delhi/delhi-police-bust-pan-india-cybercrime-syndicate/article69652694.ece#:~:text=The%20Delhi%20police%20have%20dismantled,and%20an%20orchestrated%20sextortion%20racket.
3. https://cybercrime.gov.in/
4. https://www.ncrb.gov.in/
5. https://economictimes.indiatimes.com/wealth/save/online-scams-are-on-the-rise-learn-about-the-latest-tricks-fraudsters-are-using-to-identify-frauds-and-protect-yourself/articleshow/114162295.cms?from=mdr

‍