Digitally Altered Photo of Rowan Atkinson Circulates on Social Media

Overview:

A recent addition to the  list of cybercrime  is SharpRhino, a RAT (Remote Access Trojan) actively used by Hunters International ransomware group. SharpRhino is highly developed and penetrates into the network mask of IT specialists, primarily due to the belief in the tools’ legitimacy. Going under the genuine software installer, SharpRhino started functioning in mid-June 2024. However, Quorum Cyber discovered it in early August 2024 while investigating ransomware.

About Hunters International Group:

Hunters International emerged as one of the most notorious groups focused on ransomware attacks, having compromised over 134 targets worldwide in the first seven months of 2024. It is believed that the group is the rebranding of Hive ransomware group that was previously active, and there are considerable similarities in the code. Its focus on IT employees in particular demonstrates the fact that they move tactically in gaining access to the organizations’ networks.

Modus Operandi:

1. Typosquatting Technique 

SharpRhino is mainly distributed by a domain that looks like the genuine Angry IP Scanner, which is a popular network discovery tool. The malware installer, labeled as ipscan-3.9.1-setup. It is a 32-bit Nullsoft installer which embeds a password protected 7z archive in it. 

2. Installation Process 

• Execution of Installer: When the victim downloads and executes the installer and changes the windows registry in order to attain persistence. This is done by generating a registry entry that starts a harmful file, Microsoft. AnyKey. exe, are fakes originating from fake versions of true legitimate Microsoft Visual Studio tools. 

• Creation of Batch File: This drops a batch file qualified as LogUpdate at the installer.bat, that runs the PowerShell scripts on the device. These scripts are to compile C# code into memory to serve as a means of making the malware covert in its operation. 

• Directory Creation: The installer establishes two directories that allow the C2 communication – C:\ProgramData\Microsoft: WindowsUpdater24 and LogUpdateWindows. 

3. Execution and Functionality: 

• Command Execution: The malware can execute PowerShell commands on the infected system, these actions may involve privilege escalation and other extended actions such as lateral movement. 

• C2 Communication: SharpRhino interacts with command and control servers located on domains from platforms such as Cloudflare. This communication is necessary for receiving commands from the attackers and for returning any data of interest to the attackers. 

• Data Exfiltration and Ransomware Deployment: Once SharpRhino has gained control, it can steal information and then proceed to encrypt it with a .locked extension. The procedure generally concludes with a ransom message, which informs users on how to purchase the decryption key. 

4. Propagation Techniques: 

Also, SharpRhino can spread through the self-copying method, this is the virus may copy itself to other computers using the network account of the victim and pretending to be trustworthy senders such as emails or network-shared files. Moreover, the victim’s machine may then proceed to propagate the malware to other systems like sharing in the company with other employees.

Indicators of Compromise (IOCs):

• LogUpdate.bat
• Wiaphoh7um.t
• ipscan-3.9.1-setup.exe
• kautix2aeX.t
• WindowsUpdate.bat

Command and Control Servers:

• cdn-server-1.xiren77418.workers.dev
• cdn-server-2.wesoc40288.workers.dev
• Angryipo.org
• Angryipsca.com

Analysis:

‍

‍

Graph:

Precautionary measures to be taken:

To mitigate the risks posed by SharpRhino and similar malware, organizations should implement the following measures:

• Implement Security Best Practices: It is important only to download software from official sites and avoid similar sites to confuse the user by changing a few letters.

• Enhance Detection Capabilities: Use technology in detection that can detect the IOCs linked to Sharp Rhino.

• Educate Employees: Educate IT people and employees on phishing scams and the requirement to check the origin of the application.

• Regular Backups: It is also important to back up important files from systems and networks in order to minimize the effects of ransomware attacks on a business.

Conclusion:

SharpRhino could be deemed as the evolution of the strategies used by organizations like Hunters International and others involved in the distribution of ransomware. SharpRhino primarily focuses on the audience of IT professionals and employs complex delivery and execution schemes, which makes it an extremely serious threat for corporate networks. To do so it is imperative that organizations have an understanding of its inner workings in order to fortify their security measures against this relatively new threat. Through the enforcement of proper security measures and constant enlightenment of organizations on the importance of cybersecurity, firms can prevent the various risks associated with SharpRhino and related malware. Be safe, be knowledgeable, and most importantly, be secure when it comes to cyber security for your investments.

Reference: 

https://cybersecuritynews.com/sharprhino-ransomware-alert/

https://cybersecsentinel.com/sharprhino-explained-key-facts-and-how-to-protect-your-data/

https://www.dataprivacyandsecurityinsider.com/2024/08/sharprhino-malware-targeting-it-professionals/

‍

Overview:

‘Kia Connect’ is the application that is used to connect ‘Kia’ cars which allows the user control various parameters of the vehicle through the application on his/her smartphone. The vulnerabilities found in most Kias built after 2013 with but little exception. Most of the risks are derived from a flawed API that deals with dealer relations and vehicle coordination. 

Technical Breakdown of Exploitation:

1. API Exploitation: The attack uses the vulnerabilities in Kia’s dealership network. The researchers also noticed that, for example, the logs generated while impersonating a dealer and registering on the Kia dealer portal would be sufficient for deriving access tokens needed for next steps.

2. Accessing Vehicle Information: The license plate number allowed the attackers to get the Vehicle Identification Number (VIN) number of their preferred car. This VIN can then be used to look up more information about the car and is an essential number to determine for the shared car.

3. Information Retrieval: Having the VIN number in hand, attackers can launch a number of requests to backends to pull more sensitive information about the car owner, including:

• Name
• Email address
• Phone number
• Geographical address

4. Modifying Account Access: With this information, attackers could change the accounts settings to make them a second user on the car, thus being hidden from the actual owner of the account.

5. Executing Remote Commands: Once again, it was discovered that attackers could remotely execute different commands on the vehicle, which includes:some text
   • Unlocking doors
   • Starting the engine
   • Monitoring the location of the vehicle in terms of position.
   • Honking the horn 

Technical Execution:

The researchers demonstrated that an attacker could execute a series of four requests to gain control over a Kia vehicle:

1. Generate Dealer Token: The attacker sends an HTTP request in order to create a dealer token.

2. Retrieve Owner Information: As indicated using the generated token, they make another request to another endpoint that returns the owner’s email address and phone number.

3. Modify Access Permissions: The attacker takes advantage of the leaked information (email address and VIN) of the owner to change between users accounts and make himself the second user.

4. Execute Commands: As the last one, they can send commands to perform actions on the operated vehicle.

Security Response and Precautionary Measures for Vehicle Owners

1. Regular Software Updates: Car owners must make sure their cars receive updates on the recent software updates provided by auto producers. 
2. Use Strong Passwords: The owners of Kia Connect accounts should develop specific and complex passwords for their accounts and then update them periodically. They should avoid using numbers like the birth dates, vehicle numbers and simple passwords.
3. Enable Multi-Factor Authentication: For security, vehicle owners should turn on the use of the secondary authentication when it is available to protect against unauthorized access to an account. 
4. Limit Personal Information Sharing: Owners of vehicles should be careful with the details that are connected with the account on their car, like the e-mail or telephone number, sharing them on social networks, for example.
5. Monitor Account Activity: It is also important to monitor the account activity because of change or access attempts that are unauthorized. In case of any abnormality or anything suspicious felt while using the car, report it to Kia customer support.
6. Educate Yourself on Vehicle Security: Being aware of cyber threats that are connected to vehicles and learning about how to safeguard a vehicle from such threats.
7. Consider Disabling Remote Features When Not Needed: If remote features are not needed,  then it is better to turn them off, and then turn them on again when needed. This can prove to help diminish the attack vector for would-be hackers.

Industry Implications:

The findings from this research underscore broader issues within automotive cybersecurity:

• Web Security Gaps: Most car manufacturers pay more attention to equipment running in automobiles instead of the safety of the websites that the car uses to operate thereby exposing automobiles that are connected very much to risks.

• Continued Risks: Vehicles become increasingly connected to internet technologies. Auto makers will have to carry cyber security measures in their cars in the future.

Conclusion:

The weaknesses found in Kia’s connected car system are a key concern for Automotive security. Since cars need web connections for core services, suppliers also face the problem of risks and need to create effective safeguards. Kia took immediate actions to tighten the safety after disclosure; however, new threats will emerge as this is a dynamic domain involving connected technology. With growing awareness of these risks, it is now important for car makers not only to put in proper security measures but also to maintain customer communication on how it safeguards their information and cars against cyber dangers. That being an incredibly rapid approach to advancements in automotive technology, the key to its safety is in our capacity to shield it from ever-present cyber threats.

Reference:

• https://timesofindia.indiatimes.com/auto/cars/hackers-could-unlock-your-kia-car-with-just-a-license-plate-is-yours-safe/articleshow/113837543.cms
• https://www.thedrive.com/news/hackers-found-millions-of-kias-could-be-tracked-controlled-with-just-a-plate-number
• https://www.securityweek.com/millions-of-kia-cars-were-vulnerable-to-remote-hacking-researchers/
• https://news24online.com/auto/kia-vehicles-hack-connected-car-cybersecurity-threat/346248/
• https://www.malwarebytes.com/blog/news/2024/09/millions-of-kia-vehicles-were-vulnerable-to-remote-attacks-with-just-a-license-plate-number
• https://informationsecuritybuzz.com/kia-vulnerability-enables-remote-acces/
• https://samcurry.net/hacking-kia

‍

‍

Introduction

We stand at the edge of a reality once confined to science fiction, a world where the very creations designed to serve us could redefine what it means to be human, rewriting the paradigm we built them in. The increasing prevalence of robotics and embodied AI systems in everyday life and cyber-physical settings draws attention to a complicated network of issues at the intersection of cybersecurity, human-to-robot trust, and robotic safety. The development of robotics cannot be perceived as a novelty or a fleeting interest area for enthusiasts, it has developed into a force that enters the area of human life that is private and has historically been reserved for human connection and care. We live in an era where countries can no longer afford to fall behind, at a time when technological prowess determines global influence. The new development currency of the 21st century is “Techno-sovereign”, meaning that one must be able to innovate as well as incorporate robotics, artificial intelligence, and other technologies.

‍

Entering the Robotic Renaissance

‍

The recent unveiling of the humanoid “pregnancy robot” presents the next frontier in reproductive robotics, garnering both criticism and support. Although this bold innovation holds promise, it also presents unavoidable cybersecurity, privacy, and ethical conundrums. The humanoid is being developed by Kaiwa Technology under the direction of Dr. Zhang Qifeng, who is also connected to Nanyang Technological University. As per the report of ECNS, he presented his idea for a robotic surrogate that could carry a child for a full-term pregnancy at the 2025 World Robot Conference in Beijing. While the technology is indubitably groundbreaking, it raises a lot of ethical and moral concerns as well as legal concerns, as surrogacy is banned in China.

Alongside the concerns raised by various segments of doctors, feminists who argue on the devaluation and pathologising of pregnancy, it also raises various cybersecurity concerns, keeping in mind the interpersonal and intimate nature of human connections, where robotics are now making headway. Pregnancy is inherently intimate. Our understanding of bodily autonomy is blurred when we move into the realm of machinery. From artificial amniotic fluid sensors to embryo data, every layer of this technology becomes a possible attack vector. Robots with artificial wombs are essentially IoT-powered medical systems. As per the research conducted by the Department of Computer Science and Engineering, Cornell University, “our lives have been made easier by the incorporation of AI into robotics systems, but there is a significant drawback as well: these systems are susceptible to security breaches. Malicious actors may take advantage of the data, algorithms, and physical components that make up AI-Robotics systems, which can cast a debilitating impact.

The Robotic Pivot: The Market’s Greatest Disruption

The humanoid “pregnancy robot” is not the only robotic innovation planning to take the industry for a whirlwind. China is pushing the boundaries amidst the escalating trade wars. Beijing is stepping up its efforts in sectors where it has the capacity and necessity to advance before the US. China’s leaders see AI as a source of national pride, a means of enhancing its military might, and a long-standing problem of Western dominance.  The proof lies in the fact that Beijing hosted the first World Humanoid Robot Games, reflecting China’s dual goals of showcasing its technological prowess as it moves closer to establishing itself as a dominant force in artificial intelligence applied to robotics and bringing people closer to machines that will eventually play a bigger role in daily life and the economy.

Despite China’s prominence, it is not the only country that sees the potential in AI-enabled robotics. Indian Space Research Organisation’s chairman V Narayanan announced that the humanoid robot Gaganyaan programme’s first uncrewed mission G1 would be launched with humanoid robot Vyommitra in December.

‍

Conclusion

The emergence of robotics holds both great potential and significant obstacles holds both great potential and significant obstacles. Robots have the potential to revolutionise accessibility and efficiency in a variety of fields, including healthcare and space exploration, but only if human trust, ethics, and cybersecurity keep up with technological advancements. This is not a far-flung issue for India, rather, it is a pressing appeal to properly lead in a world where technological sovereignty is equivalent to world power. 

‍

References

• https://nurse.org/news/pregnancy-robot-artificial-womb-china/ 
• https://timesofindia.indiatimes.com/life-style/health-fitness/health-news/chinas-2026-humanoid-robot-pregnancy-with-artificial-womb-a-revolutionary-leap-in-reproductive-technology/articleshow/123357813.cms?utm_source=chatgpt.com 
• https://arxiv.org/pdf/2310.08565 
• https://www.theguardian.com/world/2025/apr/21/humanoid-workers-and-surveillance-buggies-embodied-ai-is-reshaping-daily-life-in-china 
• https://english.elpais.com/technology/2025-08-21/china-stages-first-robot-olympics-to-showcase-its-tech-ambition.html ‍
• https://www.tribuneindia.com/news/india/1st-non-crew-gaganyaan-mission-to-launch-in-dec-with-robot-vyommitra/