#FactCheck - Viral Images of Indian Army Eating Near Border area Revealed as AI-Generated Fabrication

Executive Summary

This report analyses a recently launched social engineering attack that took advantage of Microsoft Teams and AnyDesk to deliver DarkGate malware, a MaaS tool. This way, through Microsoft Teams and by tricking users into installing AnyDesk, attackers received unauthorized remote access to deploy DarkGate that offers such features as credential theft, keylogging, and fileless persistence. The attack was executed using obfuscated AutoIt scripts for the delivery of malware which shows how threat actors are changing their modus operandi. The case brings into focus the need to put into practice preventive security measures for instance endpoint protection, staff awareness, limited utilization of off-ice-connection tools, and compartmentalization to safely work with the new and increased risks that contemporary cyber threats present.

Introduction

Hackers find new technologies and application that are reputable for spreading campaigns. The latest use of Microsoft Teams and AnyDesk platforms for launching the DarkGate malware is a perfect example of how hackers continue to use social engineering and technical vulnerabilities to penetrate the defenses of organizations. This paper focuses on the details of the technical aspect of the attack, the consequences of the attack together with preventive measures to counter the threat.

Technical Findings

1. Attack Initiation: Exploiting Microsoft Teams

The attackers leveraged Microsoft Teams as a trusted communication platform to deceive victims, exploiting its legitimacy and widespread adoption. Key technical details include:

• Spoofed Caller Identity: The attackers used impersonation techniques to masquerade as representatives of trusted external suppliers.
• Session Hijacking Risks: Exploiting Microsoft Teams session vulnerabilities, attackers aimed to escalate their privileges and deploy malicious payloads.
• Bypassing Email Filters: The initial email bombardment was designed to overwhelm spam filters and ensure that malicious communication reached the victim’s inbox.

2. Remote Access Exploitation: AnyDesk

After convincing victims to install AnyDesk, the attackers exploited the software’s functionality to achieve unauthorized remote access. Technical observations include:

• Command and Control (C2) Integration: Once installed, AnyDesk was configured to establish persistent communication with the attacker’s C2 servers, enabling remote control.
• Privilege Escalation: Attackers exploited misconfigurations in AnyDesk to gain administrative privileges, allowing them to disable antivirus software and deploy payloads.
• Data Exfiltration Potential: With full remote access, attackers could silently exfiltrate data or install additional malware without detection.

3. Malware Deployment: DarkGate Delivery via AutoIt Script

The deployment of DarkGate malware utilized AutoIt scripting, a programming language commonly used for automating Windows-based tasks. Technical details include:

• Payload Obfuscation: The AutoIt script was heavily obfuscated to evade signature-based antivirus detection.
• Process Injection: The script employed process injection techniques to embed DarkGate into legitimate processes, such as explorer.exe or svchost.exe, to avoid detection.
• Dynamic Command Loading: The malware dynamically fetched additional commands from its C2 server, allowing real-time adaptation to the victim’s environment.

4. DarkGate Malware Capabilities

DarkGate, now available as a Malware-as-a-Service (MaaS) offering, provides attackers with advanced features. Technical insights include:

• Credential Dumping: DarkGate used the Mimikatz module to extract credentials from memory and secure storage locations.
• Keylogging Mechanism: Keystrokes were logged and transmitted in real-time to the attacker’s server, enabling credential theft and activity monitoring.
• Fileless Persistence: Utilizing Windows Management Instrumentation (WMI) and registry modifications, the malware ensured persistence without leaving traditional file traces.
• Network Surveillance: The malware monitored network activity to identify high-value targets for lateral movement within the compromised environment.

5. Attack Indicators

Trend Micro researchers identified several indicators of compromise (IoCs) associated with the DarkGate campaign:

• Suspicious Domains: example-remotesupport[.]com and similar domains used for C2 communication.

• Malicious File Hashes:some text
  • AutoIt Script: 5a3f8d0bd6c91234a9cd8321a1b4892d
  • DarkGate Payload: 6f72cde4b7f3e9c1ac81e56c3f9f1d7a
• Behavioral Anomalies:some text
  • Unusual outbound traffic to non-standard ports.
  • Unauthorized registry modifications under HKCU\Software\Microsoft\Windows\CurrentVersion\Run.

Broader Cyber Threat Landscape

In parallel with this campaign, other phishing and malware delivery tactics have been observed, including:

1. Cloud Exploitation: Abuse of platforms like Cloudflare Pages to host phishing sites mimicking Microsoft 365 login pages.
2. Quishing Campaigns: Phishing emails with QR codes that redirect users to fake login pages.
3. File Attachment Exploits: Malicious HTML attachments embedding JavaScript to steal credentials.
4. Mobile Malware: Distribution of malicious Android apps capable of financial data theft.

Implications of the DarkGate Campaign

This attack highlights the sophistication of threat actors in leveraging legitimate tools for malicious purposes. Key risks include:

• Advanced Threat Evasion: The use of obfuscation and process injection complicates detection by traditional antivirus solutions.
• Cross-Platform Risk: DarkGate’s modular design enables its functionality across diverse environments, posing risks to Windows, macOS, and Linux systems.
• Organizational Exposure: The compromise of a single endpoint can serve as a gateway for further network exploitation, endangering sensitive organizational data.

Recommendations for Mitigation

1. Enable Advanced Threat Detection: Deploy endpoint detection and response (EDR) solutions to identify anomalous behavior like process injection and dynamic command loading.
2. Restrict Remote Access Tools: Limit the use of tools like AnyDesk to approved use cases and enforce strict monitoring.
3. Use Email Filtering and Monitoring: Implement AI-driven email filtering systems to detect and block email bombardment campaigns.
4. Enhance Endpoint Security: Regularly update and patch operating systems and applications to mitigate vulnerabilities.
5. Educate Employees: Conduct training sessions to help employees recognize and avoid phishing and social engineering tactics.
6. Implement Network Segmentation: Limit the spread of malware within an organization by segmenting high-value assets.

Conclusion

Using Microsoft Teams and AnyDesk to spread DarkGate malware shows the continuous growth of the hackers’ level. The campaign highlights how organizations have to start implementing adequate levels of security preparedness to threats, including, Threat Identification, Training employees, and Rights to Access.

The DarkGate malware is a perfect example of how these attacks have developed into MaaS offerings, meaning that the barrier to launch highly complex attacks is only decreasing, which proves once again why a layered defense approach is crucial. Both awareness and flexibility are still the key issues in addressing the constantly evolving threat in cyberspace.

Reference:

• https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html
• https://socprime.com/blog/darkgate-malware-detection/

Introduction

Summer vacations have always been one of the most anticipated times in a child’s life. In earlier times, it was something entirely different. The season was filled with outdoor games, muddy hands, mango-stained mouths, and stories shared with cousins under the stars. Children lived in the moment, playing in parks, riding bicycles, and inventing new adventures without a screen in sight. Today, those same summer days are shaped by glowing devices, virtual games, and hours spent online. While technology brings learning and entertainment, it also invites risks that parents cannot ignore. The Cyber Mom Toolkit is here to help you navigate this shift, offering simple and thoughtful ways to keep your children safe, balanced, and joyful during these screen filled holidays.
‍

The Hidden Cyber Risks of Summer Break

With increased leisure time and less supervision, children are likely to venture into unknown reaches of the internet. I4C reports indicate that child-related cases, such as cyberbullying, sextortion, and viewing offensive content, surge during school vacations. Gaming applications, social networking applications, and YouTube can serve as entry points for cyber predators and spammers. That's why it is important that parents, particularly mothers know what digital spaces their children live in and how to intervene appropriately.

‍
Your Action Plan for Being a Cyber Smart Mom

‍

Moms Need to Get Digitally Engaged 

You do not need to be a tech expert to become a cyber smart mom. With just a few simple digital skills, you can start protecting your child online with confidence and ease.

1. Know the Platforms Your Children Use

Spend some time investigating apps such as Instagram, Snapchat, Discord, YouTube, or computer games like Roblox and Minecraft. Familiarise yourself with the type of content, chat options, and privacy loopholes they may have.

2. Install Parental Controls

Make use of native features on devices (Android, iOS, Windows) to limit screen time, block mature content, and track downloads. Applications such as Google Family Link and Apple Screen Time enable parents to control apps and web browsing. 

3. Develop a Family Cyber Agreement

• Establish common rules such as:
• No devices in bedrooms past 9 p.m.
• Add only safe connections on social media.
• Don't open suspicious messages or click on mysterious links.
• Always tell your mom if something makes you feel uncomfortable online.

‍

‍Talk Openly and Often

Kids tend to hide things online because they don't want to get punished or embarrassed. Trust is built better than monitoring. Here's how:

• Have non-judgmental chats about what they do online.
• Use news reports or real-life cases as conversation starters: "Did you hear about that YouTuber's hacked account?
• Encourage them to question things if they're confused or frightened.
• Honour their online life as a legitimate aspect of their lives.

‍

Look for the Signs of Online Trouble

Stay alert to subtle changes in your child’s behavior, as they can be early signs of trouble in their online world.

• Sudden secrecy or aggression when questioned about online activity.
• Overuse of screens, particularly in the evening.
• Deterioration in school work or interest in leisure activities.
• Mood swings, anxiety, or withdrawn behaviour.

If you notice these, speak to your child calmly. You can also report serious matters such as cyberbullying or blackmail on the Cybercrime Helpline 1930 or visit https://cybercrime.gov.in

‍

Support Healthy Digital Behaviours

Teach your kids to be good netizens by leading them to:

• Reflect Before Posting: No address, school name, or family information should ever appear in public posts.
• Set Strong Passwords: Passwords must be long, complicated, and not disclosed to friends, even best friends.
• Enable Privacy Settings: Keep social media accounts privately. Disable location sharing. Restrict comments and messages from others.
• Vigilance: Encourage them to spot fake news, scams, and manipulative ads. Critical thinking is the ultimate defence.

Stay alert to subtle changes in your child’s behavior, as they can be early signs of trouble in their online world.

‍

Where to Learn More and Get Support as a Cyber Mom

Cyber moms looking to deepen their understanding of online safety can explore a range of helpful resources offered by CyberPeace. Our blog features easy-to-understand articles on current cyber threats, safety tips, and parenting guidance for the digital age. You can also follow our social media pages for regular updates, quick tips, and awareness campaigns designed especially for families. If you ever feel concerned or need help, the CyberPeace Helpline is available to offer support and guidance. (+91 9570000066 or write to us at helpline@cyberpeace.net). For those who want to get more involved, joining the CyberPeace Corps allows you to become part of a larger community working to promote digital safety and cyber awareness across the country.

‍

Empowering Mothers Empowers Society

We at CyberPeace feel that every mother, irrespective of her background and technological expertise, has the potential to be a Cyber Mom. The intention is not to control the child but to mentor towards safer decisions, identify issues early, and prepare them for a lifetime of online responsibility. Mothers are empowered when they know. And children are safe when they are protected.

‍

Conclusion

The web isn't disappearing, and neither are its dangers. But when mothers are digital role models, they can make summer screen time a season of wise decisions. This summer, become a Cyber Mom: someone who learns, leads, and listens. Whether it's installing a parental control app, discussing openly about cyberbullying, or just asking your child, "What did you discover online today? " that engagement can make a difference. This summer break, help your child become digitally equipped with the skills and knowledge they need to navigate the online world safely and confidently.

Cyber safety starts at home, and there's no better point of departure than being alongside your child, rather than behind them.

‍

References

• https://cybercrime.gov.in
• https://support.apple.com/en-in/HT208982
• https://beinternetawesome.withgoogle.com
• https://www.cyberpeace.org
• https://ncpcr.gov.in

‍

‍

Introduction

As our reliance on digital communication technologies increases, so do the risks associated with the same. The propagation of false information is a significant concern. According to the World Economic Forum's 2024 Global Risk Report, India ranks the highest for misinformation and disinformation risk. Indian Vice President Shri Jagdeep Dhankhar emphasized the importance of transparency and accountability in the digital information age, addressing Indian Information Service officer trainees at the Vice President's Enclave on 18th June 2024. He has highlighted the issue of widespread misinformation and the need to regulate it. He stated “Information is power, information is too dangerous a power, information is that power which has to be regulated’’.

VC calls for regulation of the Information Landscape 

The Vice President of India, Shri Dhankhar, has called on young Indian Information Service officers to act swiftly to neutralize misinformation on social media. He emphasized the importance of protecting individuals and institutions from fake narratives set afloat on social media. The VP called for the officers to act as information warriors, protecting the privacy and reputation of affected individuals or institutions. 

The VP also highlighted India's vibrant democracy and the need for trust in the government. He called for the neutralization of motivated narratives set by global media and stressed the importance of not allowing others to calibrate them. He also emphasized the need to promote India's development narrative globally, highlighting its rich cultural heritage and diversity. He has expressed the need to regulate information, saying “Unregulated information & fake news can create a disaster of un-imaginable proportion.”

MeitY Advisory dated 1st March 2024

As regards to the issue of misinformation, the recently-issued advisory by the Ministry of Electronics and Information Technology (MeitY), specifies that all users should be well informed about the consequences of dealing with unlawful information on online platforms, including disabling access, removing non-compliant information, suspension or termination of access or usage rights of the user to their user account and imposing punishment under applicable law. The advisory entails that users are clearly informed, through terms of services and user agreements, about the consequences of engaging with unlawful information on the platform. Measures to combat deepfakes or misinformation have also been discussed in the advisory. The advisory necessitates identifying synthetically-created content across various formats, and advising platforms to employ labels, unique identifiers, or metadata to ensure transparency. Furthermore, the advisory mandates the disclosure of software details and tracing the first originator of such synthetically created content.

Conclusion

The battle against the growing incidences of misinformation and disinformation will not be easily won: developing a robust regulatory framework to counter online misinformation is essential. Alongside the regulatory framework, the government should encourage digital literacy campaigns, promote prebunking and debunking strategies and collaborate with relevant organisations such as cybersecurity experts, fact-checking entities, researchers, and policy analysts to combat misinformation on the Internet. Vice President Jagdeep Dhankhar's statement scores the need to regulate information to prevent the spread of fake news or misinformation.

References:

1. https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2026304
2. https://regmedia.co.uk/2024/03/04/meity_ai_advisory_1_march.pdf

‍