#FactCheck- Burning Helicopter Video Not From Iran, Dates Back to 2020 Syria

Introduction

In the labyrinthine world of cybersecurity, a new spectre has emerged from the digital ether, casting a long shadow over the seemingly impregnable orchards of Apple's macOS. This phantom, known as SpectralBlur, is a backdoor so cunningly crafted that it remained shrouded in the obscurity of cyberspace, undetected by the vigilant eyes of antivirus software until its recent unmasking. The discovery of SpectralBlur is not just a tale of technological intrigue but a narrative that weaves together the threads of geopolitical manoeuvring, the relentless pursuit of digital supremacy, and the ever-evolving landscape of cyber warfare.

SpectralBlur, a term that conjures images of ghostly interference and elusive threats, is indeed a fitting moniker for this new macOS backdoor threat. Cybersecurity researchers have peeled back the layers of the digital onion to reveal a moderately capable backdoor that can upload and download files, execute shell commands, update its configuration, delete files, and enter states of hibernation or sleep, all at the behest of a remote command-and-control server. Greg Lesnewich, a security researcher whose name has become synonymous with the relentless pursuit of digital malefactors, has shed light on this new threat that overlaps with a known malware family attributed to the enigmatic North Korean threat actors.

SpectralBlur similar to Lazarus Group’s KANDYKORN

The malware shares its DNA with KANDYKORN, also known as SockRacket, an advanced implant that functions as a remote access trojan capable of taking control of a compromised host. It is a digital puppeteer, pulling the strings of infected systems with a malevolent grace. The KANDYKORN activity also intersects with another campaign orchestrated by the Lazarus sub-group known as BlueNoroff, or TA444, which culminates in the deployment of a backdoor referred to as RustBucket and a late-stage payload dubbed ObjCShellz.

Recently, the threat actor has been observed combining disparate pieces of these two infection chains, leveraging RustBucket droppers to deliver KANDYKORN. This latest finding is another sign that North Korean threat actors are increasingly setting their sights on macOS to infiltrate high-value targets, particularly those within the cryptocurrency and blockchain industries. 'TA444 keeps running fast and furious with these new macOS malware families,' Lesnewich remarked, painting a picture of a relentless adversary in the digital realm.

Patrick Wardle, a security researcher whose insights into the inner workings of SpectralBlur have further illuminated the threat landscape, noted that the Mach-O binary was uploaded to the VirusTotal malware scanning service in August 2023 from Colombia. The functional similarities between KANDYKORN and SpectralBlur have raised the possibility that they may have been built by different developers with the same requirements. What makes the malware stand out are its attempts to hinder analysis and evade detection while using grant to set up a pseudo-terminal and execute shell commands received from the C2 server.

The disclosure comes as 21 new malware families designed to target macOS systems, including ransomware, information stealers, remote access trojans, and nation-state-backed malware, were discovered in 2023, up from 13 identified in 2022. 'With the continued growth and popularity of macOS (especially in the enterprise!), 2024 will surely bring a bevvy of new macOS malware,' Wardle noted, his words a harbinger of the digital storms on the horizon.

Hackers are beefing up their efforts to go after the best MacBooks as security researchers have discovered a brand new macOS backdoor which appears to have ties to another recently identified Mac malware strain. As reported by Security Week, this new Mac malware has been dubbed SpectralBlur and although it was uploaded to VirusTotal back in August of last year, it remained undetected by the best antivirus software until it recently caught the attention of Proofpoint’s Greg Lesnewich.

Lesnewich explained that SpectralBlur has similar capabilities to other backdoors as it can upload and download files, delete files and hibernate or sleep when given commands from a hacker-controlled command-and-control (C2) server. What is surprising about this new Mac malware strain though is that it shares similarities to the KandyKorn macOS backdoor which was created by the infamous North Korean hacking group Lazarus.

Just like SpectralBlur, KandyKorn is designed to evade detection while providing the hackers behind it with the ability to monitor and control infected Macs. Although different, these two Mac malware strains appear to be built based on the same requirements. Once installed on a vulnerable Mac, SpectralBlur executes a function that allows it to decrypt and encrypt network traffic to help it avoid being detected. However, it can also erase files after opening them and then overwrite the data they contain with zeros..

How to keep your Apple computers safe from hackers

As with the best iPhones, keeping your Mac up to date is the easiest and most important way to keep it safe from hackers. Hackers often prey on users who haven’t updated their devices to the latest software as they can exploit unpatched vulnerabilities and security flaws.

Checking to see if you're running the latest macOS version is quite easy. Just click on the Apple Logo in the top right corner of your computer, head to System Preferences and then click on Software Update. If you need a bit more help, check out our guide on how to update a Mac for more detailed instructions with pictures.

Even though your Mac has its own built-in malware scanner from Apple called xProtect, you should consider using one of the best Mac antivirus software solutions for additional protection. Paid antivirus software is often updated more frequently and you often also get access to other extras to help keep you safe online like a password manager or a VPN.

Besides updating your Mac frequently and using antivirus software, you must be careful online. This means sticking to trusted online retailers, carefully checking the URLs of the websites you visit and avoiding opening links and attachments sent to you via email or social media from people you don’t know. Likewise, you should also learn how to spot a phishing scam to know which emails you want to delete right away.

Conclusion 

The thing about hackers and other cybercriminals is that they are constantly evolving their tactics and attack methods. This helps them avoid detection and allows them to devise brand-new ways to trick ordinary people. With the surge we saw in Mac malware last year, though, Apple will likely be working on beefing up xProtect and macOS to better defend against these new threats.

References 

• https://www.scmagazine.com/news/new-macos-malware-spectralblur-idd-as-north-korean-backdoor
• https://www.tomsguide.com/news/this-new-macos-backdoor-lets-hackers-take-over-your-mac-remotely-how-to-stay-safe
• https://thehackernews.com/2024/01/spectralblur-new-macos-backdoor-threat.html

Executive Summary:

‍

A video is circulating on social media claiming to be footage of the aftermath of Iran's missile strikes on Israel. The video shows destruction, damaged infrastructure, and panic among civilian casualties. After our own digital verification, visual inspection, and frame-by-frame inspection, we have determined that the video is fake. The video is just AI-generated clips and not related to any incident.

‍

‍

Claim:

‍

The viral video claims that a recent military strike by Iran resulted in the destruction of parts of Israel, following an initial missile attack launched by Iran. The footage appears current and depicts significant destruction of buildings and widespread chaos in the streets.

‍

FACT CHECK: 

‍

We conducted our research on the viral video to determine if it was AI-generated. During the research we broke the video into individual still frames, and upon closely examining the frames, several of the visuals he showed us had odd-shaped visual features, abnormal body proportions, and flickering movements that don't occur in real footage. We took several still frames and checked them in image search sites to see if they had appeared before. The search results revealed that several clips in the video had appeared previously, in separate and unrelated circumstances, which indicates that they are neither recent nor original.

‍

‍

‍

While examining the Instagram profile, we noticed that the account frequently shares visually dramatic AI content that appears digitally created. Many earlier posts from the same page include scenes that are unrealistic, such as wrecked aircraft in desolate areas or buildings collapsing in unnatural ways. In the current video, for instance, the fighter jets shown have multiple wings, which is not technically or aerodynamically possible in real life. The profile’s bio, which reads "Resistance of Artificial Intelligence," suggests that the page intentionally focuses on sharing AI-generated or fictional content. 

‍

‍

We also ran the viral post through Tenorshare.AI for Deep-Fake detection, and the result came 94% AI. All findings resulting from our research established that the video is synthetic and unrelated to any event occurring in Israel, and therefore debunked a false narrative propagated on social media.

‍

‍

Conclusion: 

Our research found that the video is fake and contains AI-generated images and is not related to any real missile strike or destruction occurring in Israel. The source is specific to fuel the panic and misinformation in a context of already-heightened geopolitical tension. We call on viewers not to share this unverified information and to rely on trusted sources. When there are sensitive international developments, the dissemination of fake imagery can promote fear, confusion, and misinformation on a global scale.

‍

• Claim: Real Footage of Iran’s Missile Strikes on Israel‍
• Claimed On: Social Media‍
• Fact Check: False and Misleading

‍

Introduction 
‍

In recent years, India has seen tremendous growth in its space industry. The satellite infrastructure of India now provides key services to a variety of sectors, including communication, navigation, broadcasting, disaster management and national security operations. Satellite communications globally will connect remote communities, aid in the delivery of Digital Governance and support India's strategic military capabilities. Given the expanding space ecosystem in India with the involvement of the public sector, private sector and research institutions, the security of satellite communications is becoming increasingly important.  

 At the same time, as satellite communication technologies become more pervasive, the risk of cyber threats targeting space systems increases. Cyberattacks against satellites, ground terminals or communication networks may critically impact, disrupt, damage, and/or destroy essential services, and expose sensitive information. To mitigate these risks, CERT-In (Computer Emergency Response Team), in collaboration with the SatCom Industry Association of India released a Cyber Security Framework and Guidelines for Space Platforms/Systems, including Satellite Communication, in 2026. This framework aims to establish and enhance cybersecurity measures throughout India's space ecosystem, while guiding how to better prepare for and respond to the growing volume of cyber threat activity targeting Space Systems. 
‍

Overview of the CERT-In Space Cybersecurity Framework 
‍

CERT-In introduced a dedicated cybersecurity framework for space systems in February 2026. Developed in collaboration with industry stakeholders, the framework provides guidelines to strengthen the security of satellite communication infrastructure across India. Although the guidelines are advisory in nature, they are designed to promote best practices and encourage organisations to adopt robust cybersecurity measures. 

The framework targets a wide range of stakeholders involved in satellite communication operations. These include government agencies, satellite operators, ground station operators, equipment manufacturers, technology vendors, and emerging space startups. By outlining cybersecurity principles, technical controls, and governance mechanisms, the framework aims to create a coordinated approach to protecting space assets. 

Another key objective of the guidelines is to foster collaboration between the public and private sectors. As India’s space industry expands and private participation increases, maintaining a secure and resilient ecosystem becomes essential. The framework, therefore, emphasises risk management, incident reporting, and continuous monitoring to strengthen the overall cybersecurity posture of the space sector. 
‍

Key Components of Satellite Communication Systems 
‍

Satellite communication systems are made up of multiple interconnected devices that can be used to deliver communication services. The cybersecurity framework groups these elements into three categories: the space segment, the ground segment, and the user segment.  

The space segment is everything related to the satellite itself, including the satellite's onboard systems. This includes the satellite's communication payload, telemetry systems, antennas, power systems, and software that controls its operation. Because satellites operate in remote parts of space with very little opportunity for maintenance, securing these systems is critical in order to guard against unauthorized access to or control of these systems.  

The ground segment comprises the terrestrial infrastructure responsible for controlling the satellite's operations. It consists of satellite mission control centres, ground stations, network gateways and data processing facilities. The ground stations send commands to the satellites and receive telemetry data from the satellites, which makes the ground station a very important physical interface point between the satellite asset located in outer space and a terrestrial network. 

The user segment contains any device terminal being used by either an individual or an organisation that is accessing a satellite service. Examples of user devices are satellite phones, VSAT terminals, modems, and IoT devices connected to satellite networks. Since these devices connect directly to the communication networks, vulnerabilities in user equipment could also represent a significant threat to the cybersecurity of satellite communications. 

Major Cyber Threats to Space Infrastructure 
‍

The space systems that support the delivery of satellite communications are being increasingly targeted with multiple types of cyber threats. A major category includes cyber-attacks on communication links between satellites and ground stations. Cyber criminals can attempt to jam the satellite’s communication link, intercept communication signals, or re-transmit previously sent communication signals in order to disrupt the operation of the affected satellites. 

Attacks on the systems that control the satellite are serious threats to satellite operations. Cybercriminals and hostile actors can perform command injection attacks where commands are sent to a satellite, and the satellite responds through some undesired action. If cybercriminals are able to gain access to the telemetry or command channels, they can potentially disrupt the operation of the satellite or alter the telemetry data being received from the satellite. 

The ground infrastructure that supports satellite communications is still a major target for cybercriminals. Mission control networks and data centres are susceptible to malware, ransomware, phishing, and insider threats. Attackers will frequently target ground stations because they provide a connection point to terrestrial networks and can exploit vulnerabilities from the ground station’s IT systems into the satellite control systems. The combination of these threats illustrates the need for an overall security strategy that encompasses all parts of the satellite communications ecosystem. 
‍

Key Security Principles and Measures 
‍

A comprehensive overview of multiple principles designed to increase the security of satellite communications is provided in the CERT-In Framework on Cybersecurity for Satellite Communications. The first of these principles, security by design, refers to ensuring that all cybersecurity controls associated with a system are implemented at the time of the system's initial design and development, not afterwards; therefore, security controls should be incorporated throughout the entire lifecycle of a satellite system. 

The second principle, which is known as Defense-in-Depth, consists of implementing many different layers or tiers of security controls to protect a system against cyber threats or attacks. An example of the different categories of security controls includes physical security, network security, and access control, among others. By combining security controls across multiple categories, an organisation may be able to reduce the chance that one single vulnerability will result in the loss of the entire system. 

The third principle in the Framework, Zero Trust Architecture (ZTA): Users and/or devices located within a network should not be able to rely on implicit trust. Therefore, every request for access to the network will be verified and continuously monitored for potential threats. 

The previous two principles stated that secure satellite communications should be conducted using strong encryption and authentication methods, as well as secure communications methods, and that an enterprise monitoring system would be put into place to help detect anomalies or suspicious behaviour. 

Conclusion 
‍

India is taking an important step toward protecting its expanding space ecosystem by creating a cybersecurity framework to safeguard cyberspace systems from cyber threats. The CERT-In guidelines offer a structured means of reducing the likelihood of cyber threats impacting satellite communication infrastructure through secure system design, continuous monitoring of systems and creating consistent partnerships among organisations. As well as providing evidence that both government and private sector organisations share a collective responsibility for the protection of space assets, both sectors participate in a collaborative effort.

India will need to implement rigorous cybersecurity measures as it expands its space infrastructure in order to ensure the continued availability of critical space infrastructure and ultimately develop its existing commercial satellite business operations with the highest level of safety and security.

References 
‍

1. https://www.cert-in.org.in/s2cMainServlet?pageid=GUIDLNVIEW02&refcode=CISG-2026-01
2. https://www.pib.gov.in/PressReleasePage.aspx?PRID=2233122&reg=3&lang=1

‍