#FactCheck - Viral Video Misleadingly Tied to Recent Taiwan Earthquake

Overview:

A recent addition to the  list of cybercrime  is SharpRhino, a RAT (Remote Access Trojan) actively used by Hunters International ransomware group. SharpRhino is highly developed and penetrates into the network mask of IT specialists, primarily due to the belief in the tools’ legitimacy. Going under the genuine software installer, SharpRhino started functioning in mid-June 2024. However, Quorum Cyber discovered it in early August 2024 while investigating ransomware.

About Hunters International Group:

Hunters International emerged as one of the most notorious groups focused on ransomware attacks, having compromised over 134 targets worldwide in the first seven months of 2024. It is believed that the group is the rebranding of Hive ransomware group that was previously active, and there are considerable similarities in the code. Its focus on IT employees in particular demonstrates the fact that they move tactically in gaining access to the organizations’ networks.

Modus Operandi:

1. Typosquatting Technique 

SharpRhino is mainly distributed by a domain that looks like the genuine Angry IP Scanner, which is a popular network discovery tool. The malware installer, labeled as ipscan-3.9.1-setup. It is a 32-bit Nullsoft installer which embeds a password protected 7z archive in it. 

2. Installation Process 

• Execution of Installer: When the victim downloads and executes the installer and changes the windows registry in order to attain persistence. This is done by generating a registry entry that starts a harmful file, Microsoft. AnyKey. exe, are fakes originating from fake versions of true legitimate Microsoft Visual Studio tools. 

• Creation of Batch File: This drops a batch file qualified as LogUpdate at the installer.bat, that runs the PowerShell scripts on the device. These scripts are to compile C# code into memory to serve as a means of making the malware covert in its operation. 

• Directory Creation: The installer establishes two directories that allow the C2 communication – C:\ProgramData\Microsoft: WindowsUpdater24 and LogUpdateWindows. 

3. Execution and Functionality: 

• Command Execution: The malware can execute PowerShell commands on the infected system, these actions may involve privilege escalation and other extended actions such as lateral movement. 

• C2 Communication: SharpRhino interacts with command and control servers located on domains from platforms such as Cloudflare. This communication is necessary for receiving commands from the attackers and for returning any data of interest to the attackers. 

• Data Exfiltration and Ransomware Deployment: Once SharpRhino has gained control, it can steal information and then proceed to encrypt it with a .locked extension. The procedure generally concludes with a ransom message, which informs users on how to purchase the decryption key. 

4. Propagation Techniques: 

Also, SharpRhino can spread through the self-copying method, this is the virus may copy itself to other computers using the network account of the victim and pretending to be trustworthy senders such as emails or network-shared files. Moreover, the victim’s machine may then proceed to propagate the malware to other systems like sharing in the company with other employees.

Indicators of Compromise (IOCs):

• LogUpdate.bat
• Wiaphoh7um.t
• ipscan-3.9.1-setup.exe
• kautix2aeX.t
• WindowsUpdate.bat

Command and Control Servers:

• cdn-server-1.xiren77418.workers.dev
• cdn-server-2.wesoc40288.workers.dev
• Angryipo.org
• Angryipsca.com

Analysis:

‍

‍

Graph:

Precautionary measures to be taken:

To mitigate the risks posed by SharpRhino and similar malware, organizations should implement the following measures:

• Implement Security Best Practices: It is important only to download software from official sites and avoid similar sites to confuse the user by changing a few letters.

• Enhance Detection Capabilities: Use technology in detection that can detect the IOCs linked to Sharp Rhino.

• Educate Employees: Educate IT people and employees on phishing scams and the requirement to check the origin of the application.

• Regular Backups: It is also important to back up important files from systems and networks in order to minimize the effects of ransomware attacks on a business.

Conclusion:

SharpRhino could be deemed as the evolution of the strategies used by organizations like Hunters International and others involved in the distribution of ransomware. SharpRhino primarily focuses on the audience of IT professionals and employs complex delivery and execution schemes, which makes it an extremely serious threat for corporate networks. To do so it is imperative that organizations have an understanding of its inner workings in order to fortify their security measures against this relatively new threat. Through the enforcement of proper security measures and constant enlightenment of organizations on the importance of cybersecurity, firms can prevent the various risks associated with SharpRhino and related malware. Be safe, be knowledgeable, and most importantly, be secure when it comes to cyber security for your investments.

Reference: 

https://cybersecuritynews.com/sharprhino-ransomware-alert/

https://cybersecsentinel.com/sharprhino-explained-key-facts-and-how-to-protect-your-data/

https://www.dataprivacyandsecurityinsider.com/2024/08/sharprhino-malware-targeting-it-professionals/

‍

Introduction

‍Human Trafficking has been a significant concern and threat to society for a very long time. The aspects of our physical safety also have been influenced by human traffickers and the modus operandi they have adopted and deployed over the years. We are always cautious of younger children in regard to trafficking whenever we go out to crowded or unknown places. This concern and threat have also migrated to cyberspace and now pose new and different tangents of threats. These crimes are committed using technology and are further substantiated by different cybercrimes.

‍What is Cyber-Enabled Human Trafficking?

‍Cyber-enabled human trafficking is the new evolution of human trafficking in the digital age. Bad actors lure the victims via the internet and use social engineering to exploit their vulnerabilities to get them into their traps. In today's time, crime is often substantiated in lieu of fake job offers and a better lifestyle in new and major metropolitan cities. Now this crime has gone beyond the geographical boundaries of our nation, and often the victims end up in remote locations in the Middle East or South East Asia.

‍Cybercrime Hubs in Myanmar

‍The reports have indicated that a lot of trafficked victims are taken down to various cybercrime hubs in Myanmar. The victims are often lured on the pretext of job offers overseas, which pay handsomely. The victims make their way into the foreign nation but are then cornered by the bad actors and are segregated and taken into different hubs. The victims are often school graduates and seek basic jobs for their earnings. The victims are taken into Cybercrime hubs which Chinese syndicate criminals allegedly run.The victims are kept in tough conditions, beaten up, and held captive in remote jungles. Once the victim has lost hope, the criminals train them to commit cyber frauds like phishing. The victims are given scripts and mobile numbers to commit cybercrimes. The victims are given targets to ensure their survival, and due to the dark and threatening conditions, the victims just give up on the demands just to remain alive. Some of the victims make their way back home as well, but that is after 6-7 years of such constant torture and abuse to commit cybercrimes. The majority of such survivors face trouble seeking legal assistance as the criminals are almost impossible to track, thus making redressal for crimes and rehabilitation for survivors tough.

‍How to stay safe?

‍The criminals in such acts often target the vulnerable sector of the population, these people generally hail from tier 3 towns and rural areas. These victims aspire for a better life and earning opportunities, and due to less education and minimal awareness, they fail to see the traps set by the victims. The population at large can deploy the following measures and safe practices to avoid such horrific threats-

• Avoid Stranger interaction: Avoid interacting with strangers on any online platform or portal. Social media sites are the most used platforms by bad actors to make contact with potential victims.
• Do not Share: Avoid sharing any personal information with anyone online, and avoid filling out third-party surveys/forms seeking personal information.
• Check, Check and Recheck: Always be on alert for threats and always check and cross-check any link or platform you use or access.
• Too good to be true: If something feels like Too good to be true, it probably is and hence avoid falling for attractive job offers and work-from-home opportunities on social media platforms.
• Know your helplines: One should know the helpline numbers to make sure to exercise the reporting duty and also encourage your family members to report in case of any threat or issue.
• Raise Awareness: It is the duty of all netizens to raise awareness in society to arm more people against cybercrimes and fraud.

Conclusion

‍The name of cybercriminals is spreading all across the ecosystems, and now the technology is being deployed by such bad actors to even substantiate physical crimes. We need to be on alert and remain aware of such crimes and the modus Operandi of cyber criminals. Awareness and education are our best weapons to combat the threats and issues of cyber-enabled human trafficking, as the criminals feed on our vulnerabilities, lets eradicate them for once and for all and work towards creating a wholesome safe cyber ecosystem for all.https://www.scmp.com/week-asia/politics/article/3228543/inside-chinese-run-crime-hubs-myanmar-are-conning-world-we-can-kill-you-here

‍

Introduction

‍

India’s new Policy for Data Sharing from the National Transport Repository (NTR) released by the Ministry of Road Transport and Highways (MoRTH) in August, 2025, can be seen as a constitutional turning point and a milestone in administrative efficiency. The state has established an unprecedentedly large unified infrastructure by combining the records of 390 million vehicles, 220 million driver’s licenses, and the streams from the e-challan, e-DAR, and FASTag systems. Its supporters hail its promise of private-sector innovation, data-driven research, and smooth governance. However, there is a troubling paradox beneath this facade of advancement: the very structures intended to improve citizen mobility may simultaneously strengthen widespread surveillance. Without strict protections, the NTR runs the risk of violating the constitutional trifecta of need, proportionality, and legality as stated in Puttaswamy v. UOI, which brings to light important issues at the nexus of liberty, law, and data.  

The other pertinent question to be addressed is as India unifies one of its comprehensive datasets on citizen mobility the question becomes more pressing: while motorised citizens are now in the spotlight for accountability, what about the millions of other datasets that are still dispersed, unregulated, and shared inconsistently in the areas of health, education, telecom, and welfare?

‍

The Legal Backdrop

‍

MoRTH grounds its new policy in Sections 25A and 62B of the Motor Vehicles Act, 1988. Data is consolidated into a single repository since states are required by Section 136A to electronically monitor road safety. According to the policy, it complies with the Digital Personal Data Protection Act, 2023. 

The DPDP Act itself, however, is rife with state exclusions, particularly Sections 7 and 17, which give government organisations access to personal information for “any function under any law” or for law enforcement purposes. This is where the constitutional issue lies. Prior judicial supervision, warrants, or independent checks are not necessary. With legislative approval, MoRTH is essentially creating a national vehicle database without any constitutional protections. 

‍

Data, Domination and the New Privacy Paradigm

‍

As an efficiency and governance reform, VAHAN, SARATHI, e-challan, eDAR, and FASTag are being consolidated into a single National Transport Repository (NTR). However, centralising extensive mobility and identity-linked records on a large scale is more than just a technical advancement; it also changes how the state and private life interact. The NTR must therefore be interpreted through a more comprehensive privacy paradigm, one that acknowledges that data aggregation is a means of enhancing administrative capacity and has the potential to develop into a long-lasting tool of social control and surveillance unless both technological and constitutional restrictions are placed at the same time. 

‍

Two recent doctrinal developments sharpen this concern. First, the Supreme Court’s foundational ruling that privacy is a fundamental right remains the constitutional lodestar, any state interference must satisfy legality, necessity and proportionality (KS Puttaswamy & Anr. vs UOI). Second, as seen by the court’s most recent refusals to normalise ongoing, warrantless location monitoring, such as the ruling overturning bail requirements that required accused individuals to provide a Google maps pin, as movement tracking necessitates closer examination (Frank Vitus v. Narcotics Control Bureau & Ors.,).When taken as a whole, these authorities maintain that unrestricted, ongoing access to mobility and toll-transaction records is a constitutional issue and cannot be handled as an administrative convenience. 

‍

Structural Fault Lines in the NTR Framework

‍

Fundamentally, the NTR policy generates structural vulnerabilities by providing nearly unrestricted access through APIs and even mass transfers on physical media to a broad range of parties, including insurance companies, law enforcement, and intelligence services. This design undermines constitutional protections in three ways: first, it makes it possible to draw conclusions about private life patterns that the Supreme Court has identified as one of the most sensitive data categories by exposing rich mobility trails like FASTag logs and vehicle-linked identities; Second, it allows bulk datasets to circulate outside the ministry’s custodial boundary, which creates the possibility of function creep, secondary use, and monetisation risks reminiscent of the bulk sharing regime that the government itself once abandoned; and third, it introduces coercive exclusion by tying private sector access to Aadhaar-based OTP consent. 

‍

Reference

• https://morth.nic.in/sites/default/files/circulars_document/Data-Sharing-policy-20082025-merged.pdf

‍