#FactCheck - AI Artwork Misattributed: Mahendra Singh Dhoni Sand Sculptures Exposed as AI-Generated

Background

‍

Cyber slavery and online trafficking have become alarming challenges in Southeast Asia. Against this backdrop, India successfully rescued 197 of its citizens from Mae Sot in Thailand on November 10, 2025, using two Indian Air Force flights. The evacuees had fled Myanmar’s Myawaddy region in October after intense military operations forced them to escape. This was India’s second rescue effort within a week, following the November 6 mission that brought back 270 nationals from similar conditions. The operations were coordinated by the Indian Embassy in Bangkok and the Consulate in Chiang Mai, with crucial assistance from the Royal Thai Government.

‍

The Operation and Bilateral Cooperation

‍

The operation was carried out with the presence and supervision of Prime Minister Anutin Charnvirakul of Thailand and Indian Ambassador Nagesh Singh, who were both present at the ceremony in Mae Sot. This way, the two countries have not only proved but also cemented their bond to fight the crimes which were mentioned before and more than that, they have even promised to facilitate communication between their authorities. Prime Minister Charnvirakul thanked India for the quick intervention and added that Thailand would be giving the needed support for the repatriation of the other victims as well.

“Both parties reaffirmed their strong commitment to the fight against cross-border crimes, including cyber scams and human trafficking, in the region and to improving cooperation among the relevant agencies in both countries.”, Embassy of India, Bangkok.

‍

The Cyber Scam Network

‍

The Myawaddy area in Myanmar has made a quick shift to become a hotspot for the entire world of cybercrimes. Moreover, the crimes are especially committed by the organised criminal groups that take advantage of foreign nationals. After the Myanmar military imposed a restriction in late October, over 1,500 people from 28 nations moved to Thailand because of the KK Park cyber hub and other centres being raided.

A UN report (2025) indicated that this fraud activity is part of a larger network that extends the countries populated with very low-tech criminals who target the most naïve, and they are the very ones who end up being tortured. The trafficked persons often belong to the local population or come from neighbouring countries and are recruited with the promise of high salaries as IT or customer service agents, only to be imprisoned in a compound where they are forced to perform phishing, investment fraud, and cryptocurrency scams aimed at the victims all over the globe. These centres operate in border territories having poor governance, easy-to-cross borders, and little police presence, hence making human trafficking a major factor contributing to cybercrime.

‍

India’s Response and Preventive Measures

‍

The Indian Embassy in Thailand worked hand in hand with the Thai government to facilitate bringing back and repatriating the Indian citizens who had entered Thailand illegally when they were escaping Myanmar.

The embassy was far from helpless in the matter. In the case of the embassy's advisory, they suggested to the citizens that:

• It is mandatory to check the authenticity of the job offers and the agents before securing employment in other countries.
• Such employment by means of tourist or visa-free entry permits should be avoided, as such entries allow only for a short-duration visit or tourism.
• Be careful of ads claiming high pay for online or remote work in Southeast Asia.

‍

The embassy reiterated the Government of India’s commitment to ensuring easy access to assistance for citizens overseas and to addressing the growing intersection between cyber fraud and human trafficking.

‍

CyberPeace Analysis and Advisory

‍

The case of Myawaddy demonstrates that cybercrime and human trafficking have grappled to become a complicated global threat. The scam centres gradually come to depend on the trafficked labour of people who are being forced to commit the fraud digitally under coercion. This underlines the requirement for the cybersecurity measures that consider the rights of humans and the protection of the victims, not only the technical defence.

‍

1. Cybercrime–Human Trafficking Convergence: 

Cybercrime has moved up to the level of a human trafficking operation. The unwilling victims of such fraud schemes are scared for their very lives or even more, not of a reliable way out. This situation is such that one cannot tell where cyber exploitation ends and forced labour begins.

2. Cross-Border Enforcement Challenges:

To effectively carry out their unlawful acts, the criminals use legal and jurisdictional loopholes that are present across borders. Dismantling such networks requires the regional cooperation of India, Thailand, and ASEAN countries.

3. Socioeconomic Vulnerability:

The situation with unemployment being stagnant and the public not being educated about the situation makes people, especially the youth, very prone to scams of getting hired overseas. Thus, to prevent this uneducated flocking to the fraudsters, it is necessary to constantly implant in them the knowledge of online literacy and the importance of verification of job offers.

4. Public–Private Coordination: 

The scammers’ mode of operation usually includes online recruitment through social media and encrypted platforms where their victims can be found and contacted. In this regard, cooperation among government institutions, tech platforms, and civil society is imperative to put an end to the operation of these digital trafficking channels.

‍

CyberPeace Expert Advisory

To lessen the possibility of such incidents, CyberPeace suggests the following preventive and policy measures:

‍

Individuals:

‍

• Trust but verify: Before giving your approval to anything, always verify the job offer by official embassy websites or MEA-approved recruiting agencies first.
• Watch out for red flags: If a recruiter offers a very high salary for almost no work, asks for tourist visas, or gives no written contract, be very careful and pull out immediately.
• Protect your documents: Give a trusted person the responsibility of keeping both digital and physical copies of your passport and visa, and also register your travel with the MADAD portal.
• Report if in doubt: If an agent looks suspicious, contact the nearest Indian Embassy or Consulate or report it to cybercrime.gov.in or the 1930 Helpline.

‍

Policymakers and Agencies:

‍

• Strengthen Bilateral Task Forces: Set up armed forces of cyber and human trafficking enforcement units in South and Southeast Asian countries.
• Support Regional Awareness Campaigns: In addition to targeted advisories in local languages, the most vulnerable job seekers in Tier-2 and Tier-3 cities should also receive such awareness in their languages.
• Overseas Employment Advertising should be regulated: All digital job postings should be made to meet transparency standards and fraudulent recruitment should be punished with heavy fines.
• Invest in Digital Forensics and Intelligence Sharing: Create common databases for monitoring international cybercriminal groups.

‍

Conclusion

‍

The return of Indian citizens from Thailand represents a significant humanitarian and diplomatic milestone and highlights that cybercrime, though carried out through digital channels, remains deeply human in nature. International cooperation, well-informed citizens, and a rights-based cybersecurity approach are the minimum requirements for a global campaign against the new breed of cybercrime that is characterised by fraud and trafficking working hand in hand. CyberPeace reminds everyone that digital vigilance, verification, and collaboration across borders are the most effective ways to prevent online abuse and such crimes.

Reference

‍

• https://www.ndtv.com/india-news/197-indians-repatriated-from-thailand-by-special-indian-air-force-flights-9611934
• https://www.thehindu.com/news/national/india-airlifts-citizens-who-worked-in-myanmar-cybercrime-hub-from-thailand/article70264322.ece
• https://www.mea.gov.in/Images/attach/03-List-4-2024.pdf

‍

Executive Summary
‍
‍

Amid the ongoing tensions involving the United States, Israel, and Iran, a video of a cargo ship engulfed in flames is being widely shared across social media platforms. The clip shows a vessel burning intensely at sea, with users claiming that Iran targeted the ship with a drone for attempting to cross the Strait of Hormuz without permission. Some users have also claimed that the destroyed vessel was a Pakistani-flagged oil tanker hit by Iranian missiles. However, research by CyberPeace found the claim to be false. Our verification also reveals that the viral video is being misrepresented.

‍

Claim

‍

Social media users, including an X (formerly Twitter) account named “IranDefenceForce,” shared the video claiming that Iran targeted an oil tanker in the Strait of Hormuz for allegedly violating restrictions.

‍

• https://x.com/IranDefenceForc/status/2037436345501782308
• https://perma.cc/PAK5-JQ6Y 

‍

‍

Fact Check

‍

A keyword-based news search led us to multiple credible reports mentioning a statement by Iran’s Foreign Minister Abbas Araghchi. According to reports, Iran had allowed ships from “friendly countries” including India, China, Russia, Iraq, and Pakistan to pass through the Strait of Hormuz.

• https://x.com/IranDefenceForc/status/2037436345501782308?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E203743 

‍

‍

A March 26, 2026 report by The Hindu stated that Araghchi also emphasized Iran’s assertion of sovereignty over the strategic waterway connecting the Persian Gulf and the Gulf of Oman. The same statement was also shared via the official X handle of the Iranian Consulate in Mumbai. During a frame-by-frame analysis of the viral video, we noticed the word “SAFEEN” written on a part of the ship. Using this clue, we conducted a targeted news search and found a report by Reuters dated March 4, 2026.

‍

• https://www.reuters.com/world/europe/malta-flagged-container-ship-hit-by-projectile-hormuz-vessel-abandoned-sources-2026-03-04/ 

‍

‍

‍

According to the report, a Malta-flagged container ship named Safeen Prestige was damaged in an attack while heading toward the Strait of Hormuz. Shipping sources cited in the report stated that the vessel was struck around 1109 GMT while sailing eastward, approximately two nautical miles north of Oman. The ship had reportedly departed from Sharjah Port in the United Arab Emirates but was damaged before reaching its destination. Its last known location was in the Persian Gulf. Additionally, earlier this month, another cargo vessel named Mayuri Naree was also attacked near Iran’s Qeshm Island. As per Reuters, an explosion caused a fire in the engine room, after which 20 crew members were rescued by the Omani navy, while three remained missing.

‍

Conclusion

‍

The viral video does not show Iran targeting a Pakistani oil tanker for violating restrictions in the Strait of Hormuz. In reality, the clip features the Malta-flagged container ship Safeen Prestige, which was damaged in an unidentified attack in the Persian Gulf. The claim being circulated on social media is misleading.

‍

Introduction

With the increasing frequency and severity of cyber-attacks on critical sectors, the government of India has formulated the National Cyber Security Reference Framework (NCRF) 2023, aimed to address cybersecurity concerns in India. In today’s digital age, the security of critical sectors is paramount due to the ever-evolving landscape of cyber threats. Cybersecurity measures are crucial for protecting essential sectors such as banking, energy, healthcare, telecommunications, transportation, strategic enterprises, and government enterprises. This is an essential step towards safeguarding these critical sectors and preparing for the challenges they face in the face of cyber threats. Protecting critical sectors from cyber threats is an urgent priority that requires the development of robust cybersecurity practices and the implementation of effective measures to mitigate risks.

Overview of the National Cyber Security Policy 2013

The National Cyber Security Policy of 2013 was the first attempt to address cybersecurity concerns in India. However, it had several drawbacks that limited its effectiveness in mitigating cyber risks in the contemporary digital age. The policy’s outdated guidelines, insufficient prevention and response measures, and lack of legal implications hindered its ability to protect critical sectors adequately. Moreover, the policy should have kept up with the rapidly evolving cyber threat landscape and emerging technologies, leaving organisations vulnerable to new cyber-attacks. The 2013 policy failed to address the evolving nature of cyber threats, leaving organisations needing updated guidelines to combat new and sophisticated attacks.

As a result, an updated and more comprehensive policy, the National Cyber Security Reference Framework 2023, was necessary to address emerging challenges and provide strategic guidance for protecting critical sectors against cyber threats.

Highlights of NCRF 2023

• Strategic Guidance: NCRF 2023 has been developed to provide organisations with strategic guidance to address their cybersecurity concerns in a structured manner.
• Common but Differentiated Responsibility (CBDR): The policy is based on a CBDR approach, recognising that different organisations have varying levels of cybersecurity needs and responsibilities.
• Update of National Cyber Security Policy 2013: NCRF supersedes the National Cyber Security Policy 2013, which was due for an update to align with the evolving cyber threat landscape and emerging challenges.
• Different from CERT-In Directives: NCRF is distinct from the directives issued by the Indian Computer Emergency Response Team (CERT-In) published in April 2023. It provides a comprehensive framework rather than specific directives for reporting cyber incidents.
• Combination of robust strategies: National Cyber Security Reference Framework 2023 will provide strategic guidance, a revised structure, and a proactive approach to cybersecurity, enabling organisations to tackle the growing cyberattacks in India better and safeguard critical sectors.

Rising incidents of malware attacks on critical sectors

In recent years, there has been a significant increase in malware attacks targeting critical sectors. These sectors, including banking, energy, healthcare, telecommunications, transportation, strategic enterprises, and government enterprises, play a crucial role in the functioning of economies and the well-being of societies. The escalating incidents of malware attacks on these sectors have raised concerns about the security and resilience of critical infrastructure.

• Banking: The banking sector handles sensitive financial data and is a prime target for cybercriminals due to the potential for financial fraud and theft.
• Energy: The energy sector, including power grids and oil companies, is critical for the functioning of economies, and disruptions can have severe consequences for national security and public safety.
• Healthcare: The healthcare sector holds valuable patient data, and cyber-attacks can compromise patient privacy and disrupt healthcare services. Malware attacks on healthcare organisations can result in the theft of patient records, ransomware incidents that cripple healthcare operations, and compromise medical devices.
• Telecommunications: Telecommunications infrastructure is vital for reliable communication, and attacks targeting this sector can lead to communication disruptions and compromise the privacy of transmitted data. The interconnectedness of telecommunications networks globally presents opportunities for cybercriminals to launch large-scale attacks, such as Distributed Denial-of-Service (DDoS) attacks.
• Transportation: Malware attacks on transportation systems can lead to service disruptions, compromise control systems, and pose safety risks.
• Strategic Enterprises: Strategic enterprises, including defence, aerospace, intelligence agencies, and other sectors vital to national security, face sophisticated malware attacks with potentially severe consequences. Cyber adversaries target these enterprises to gain unauthorised access to classified information, compromise critical infrastructure, or sabotage national security operations.
• Government Enterprises: Government organisations hold a vast amount of sensitive data and provide essential services to citizens, making them targets for data breaches and attacks that can disrupt critical services.

Conclusion  

The sectors of banking, energy, healthcare, telecommunications, transportation, strategic enterprises, and government enterprises face unique vulnerabilities and challenges in the face of cyber-attacks. By recognising the significance of safeguarding these sectors, we can emphasise the need for proactive cybersecurity measures and collaborative efforts between public and private entities. Strengthening regulatory frameworks, sharing threat intelligence, and adopting best practices are essential to ensure our critical infrastructure’s resilience and security. Through these concerted efforts, we can create a safer digital environment for these sectors, protecting vital services and preserving the integrity of our economy and society. The rising incidents of malware attacks on critical sectors emphasise the urgent need for updated cybersecurity policy, enhanced cybersecurity measures, a collaboration between public and private entities, and the development of proactive defence strategies. National Cyber Security Reference Framework 2023 will help in addressing the evolving cyber threat landscape, protect critical sectors, fill the gaps in sector-specific best practices, promote collaboration, establish a regulatory framework, and address the challenges posed by emerging technologies. By providing strategic guidance, this framework will enhance organisations’ cybersecurity posture and ensure the protection of critical infrastructure in an increasingly digitised world.