#FactCheck: Viral video blast of fuel tank in UAE Al Hariyah Port portray as Russia-Ukraine Conflict
Executive Summary:
A viral video showing flames and thick smoke from large fuel tanks has been shared widely on social media. Many claimed it showed a recent Russian missile attack on a fuel depot in Ukraine. However, our research found that the video is not related to the Russia-Ukraine conflict. It actually shows a fire that happened at Al Hamriyah Port in Sharjah, United Arab Emirates, on May 31, 2025. The confusion was likely caused by a lack of context and misleading captions.
Claim:
The circulating claim suggests that Russia deliberately bombed Ukraine's fuel reserves and the viral video shows evidence of the bombing. The posts claim the fuel depot was destroyed purposefully during military operations, implying an increase in violence. This narrative is intended to generate feelings and reinforce fears related to war.
Fact Check:
After doing a reverse image search of the key frames of the viral video, we found that the video is actually from Al Hamriyah Port, UAE, not from the Russia-Ukraine conflict. During further research we found the same visuals were also published by regional news outlets in the UAE, including Gulf News and Khaleej Times, which reported on a massive fire at Al Hamriyah Port on 31 May 2025.
As per the news report, a fire broke out at a fuel storage facility in Al Hamriyah Port, UAE. Fortunately, no casualties were reported. Fire Management Services responded promptly and successfully brought the situation under control.
Conclusion:
The belief that the viral video is evidence of a Russian strike in Ukraine is misleading and incorrect. The video is actually of a fire at a commercial port in the UAE. When you share misleading footage like that, you distort reality and incite fear based on lies. It is simply a reminder that not all viral media is what it appears to be, and every viewer should take the time to check and verify the content source and context before accepting or reposting. In this instance, the original claim is untrue and misleading.
- Claim: Fresh attack in Ukraine! Russian military strikes again!
- Claimed On: Social Media
- Fact Check: False and Misleading
Related Blogs
Introduction
Freedom of speech and expression is fundamental to democracy and is constitutionally entrenched in Article 19(1)(a) of the Indian Constitution. The explosion of online spaces, brought about by the digital age, in the form of social media, blogs, and messaging apps, has reinterpreted how information is authored, disseminated, and consumed. This digital revolution has galvanised individuals to engage further inclusively in public debate, but has also fanatically magnified the risks of misinformation, hate speech, and threats to public order. Against this background, the judiciary is increasingly called upon to determine the limits of free speech, primarily where state regulation seeks to infringe upon constitutional protection.
Constitutional and Statutory Framework related to Freedom of Speech
The judiciary plays an integral role in balancing the fundamental right of freedom of speech with the regulation of online content, especially during the fast-paced evolution of the digital world. In India, with Article 19(1)(a) of the Constitution guaranteeing the freedom of speech, the courts bear the critical responsibility of protecting this liberty while recognising the State's legitimate interests in restricting harmful or unlawful content on a digital scale. This adjudicatory dilemma is even trickier because the said right has been held by the Supreme Court not to be an absolute one and is subject to "reasonable restrictions" as in Article 19(2), which recognises restrictions in the interest of sovereignty, security, public order, decency, and morality. Freedom of speech, being the cornerstone of democracy in India, does have an umbrella of reasonable restrictions under which the state can regulate any form of speech that infringes upon other equally compelling societal interests. However, with the coming of the internet and other digital communication arrangements, there was a need to develop new statutory instruments, i.e., Information Technology Act, 2000 (IT Act) and Rules made thereunder, including Information Technology (Intermediary Guidelines) and Digital Media Ethics Code Rules, 2021. These enactments attempt to regulate digital content, confronting issues such as hate speech, misinformation, and content that threatens public order. The judiciary's mandate is to interpret the enactments within the constitutional precincts, thus ensuring that the arbitrariness of State action is not aggravated or that the regulation is not overbroad. Judicial Landmark Decisions Affirming Balance The judiciary has played a front-ranking role in elaborating a jurisprudence protecting free speech in delineating legitimate regulation thereof. The Supreme Court judgment in Shreya Singhal v. Union of India, 2015, is seminal. Section 66A of the IT Act was struck down as it was vague and overly broad, causing a chilling effect on online speech. The Court has emphasised that any limitation on speech must be precise and fall strictly within the parameters laid down in Article 19(2). While the Court recognises that harmful online content needs to be addressed, the remedy must not encroach upon free political debate, satire, and criticism vital for democracy.
Following this, the Anuradha Bhasin case clarified the convergence of free speech and online access. The court held that the right to free speech had a vital medium in the form of the internet and that it would have to be an inevitable, proportionate shutdown, and transparent for challenge before the judiciary for any shutdown of the internet. This reaffirmed that restrictions on online speech must be rigorously tested.
Subsequent cases involve limitations on the 2021 IT Rules, whereby such government bodies can demand that “fake” or “misleading” material be taken off the internet. Courts move with circumspection, recognising the government's interest in fighting bogus information but remaining vigilant against over-regulation that can be code for pre-emptive censorship and threatening healthy discourses.
The virtual world raises particular and deeper questions: the viral nature of online speech multiplies its impact, distributing both democratic ideas and abusive material instantaneously. The courts recognise this twinning. While pressurising the legislature and executive to formulate clearer, more precise rules, courts simultaneously act as constitutional Guardians, avoiding breaches of the right with executive excess or vague laws. There is a strain between judicial activism, which promotes constitutional rights aggressively, and the fear of judicial paternalism, courts overreaching into policy arenas. But there is a need for vigilance by the judiciary due to the rapidly changing nature of digital technologies and threats to the freedoms of democracy. The judiciary continues to give contours to free speech and online regulation. There are enforcement issues, such as ongoing abuse of struck-down provisions, such as Section 66A, that the court counters with reaffirmation of constitutional directives. The evolving jurisprudence balances on thin stilts, upholding the democratic spirit of India by securing speech on online spaces and sanctioning reasonable, transparent moderation of harmful speech.
Conclusion
The Indian judiciary's leadership in balancing online content regulation with the freedom of speech is central and refined. The courts continually emphasise that speech on the digital medium is highly constitutionally protected and that restrictions must be legally valid, specific, essential, and proportionate. By classical decisions and constant review of new regulating actions, courts safeguard democratic participation in the digital public domain from unmeritorious censorship. Concurrently, the courts recognize the responsibility of the state in regulating digital ills such as mis recipe and hate speech, demanding parameters that uphold constitutional freedoms and the due process. The balancing act of the judiciary continues to be fundamental in defining India's digital democracy so that free speech can thrive even as the state upholds public order and human dignity in the digital communication age.
.webp)
Executive Summary
This report analyses a recently launched social engineering attack that took advantage of Microsoft Teams and AnyDesk to deliver DarkGate malware, a MaaS tool. This way, through Microsoft Teams and by tricking users into installing AnyDesk, attackers received unauthorized remote access to deploy DarkGate that offers such features as credential theft, keylogging, and fileless persistence. The attack was executed using obfuscated AutoIt scripts for the delivery of malware which shows how threat actors are changing their modus operandi. The case brings into focus the need to put into practice preventive security measures for instance endpoint protection, staff awareness, limited utilization of off-ice-connection tools, and compartmentalization to safely work with the new and increased risks that contemporary cyber threats present.
Introduction
Hackers find new technologies and application that are reputable for spreading campaigns. The latest use of Microsoft Teams and AnyDesk platforms for launching the DarkGate malware is a perfect example of how hackers continue to use social engineering and technical vulnerabilities to penetrate the defenses of organizations. This paper focuses on the details of the technical aspect of the attack, the consequences of the attack together with preventive measures to counter the threat.
Technical Findings
1. Attack Initiation: Exploiting Microsoft Teams
The attackers leveraged Microsoft Teams as a trusted communication platform to deceive victims, exploiting its legitimacy and widespread adoption. Key technical details include:
- Spoofed Caller Identity: The attackers used impersonation techniques to masquerade as representatives of trusted external suppliers.
- Session Hijacking Risks: Exploiting Microsoft Teams session vulnerabilities, attackers aimed to escalate their privileges and deploy malicious payloads.
- Bypassing Email Filters: The initial email bombardment was designed to overwhelm spam filters and ensure that malicious communication reached the victim’s inbox.
2. Remote Access Exploitation: AnyDesk
After convincing victims to install AnyDesk, the attackers exploited the software’s functionality to achieve unauthorized remote access. Technical observations include:
- Command and Control (C2) Integration: Once installed, AnyDesk was configured to establish persistent communication with the attacker’s C2 servers, enabling remote control.
- Privilege Escalation: Attackers exploited misconfigurations in AnyDesk to gain administrative privileges, allowing them to disable antivirus software and deploy payloads.
- Data Exfiltration Potential: With full remote access, attackers could silently exfiltrate data or install additional malware without detection.
3. Malware Deployment: DarkGate Delivery via AutoIt Script
The deployment of DarkGate malware utilized AutoIt scripting, a programming language commonly used for automating Windows-based tasks. Technical details include:
- Payload Obfuscation: The AutoIt script was heavily obfuscated to evade signature-based antivirus detection.
- Process Injection: The script employed process injection techniques to embed DarkGate into legitimate processes, such as explorer.exe or svchost.exe, to avoid detection.
- Dynamic Command Loading: The malware dynamically fetched additional commands from its C2 server, allowing real-time adaptation to the victim’s environment.
4. DarkGate Malware Capabilities
DarkGate, now available as a Malware-as-a-Service (MaaS) offering, provides attackers with advanced features. Technical insights include:
- Credential Dumping: DarkGate used the Mimikatz module to extract credentials from memory and secure storage locations.
- Keylogging Mechanism: Keystrokes were logged and transmitted in real-time to the attacker’s server, enabling credential theft and activity monitoring.
- Fileless Persistence: Utilizing Windows Management Instrumentation (WMI) and registry modifications, the malware ensured persistence without leaving traditional file traces.
- Network Surveillance: The malware monitored network activity to identify high-value targets for lateral movement within the compromised environment.
5. Attack Indicators
Trend Micro researchers identified several indicators of compromise (IoCs) associated with the DarkGate campaign:
- Suspicious Domains: example-remotesupport[.]com and similar domains used for C2 communication.
- Malicious File Hashes:some text
- AutoIt Script: 5a3f8d0bd6c91234a9cd8321a1b4892d
- DarkGate Payload: 6f72cde4b7f3e9c1ac81e56c3f9f1d7a
- Behavioral Anomalies:some text
- Unusual outbound traffic to non-standard ports.
- Unauthorized registry modifications under HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
Broader Cyber Threat Landscape
In parallel with this campaign, other phishing and malware delivery tactics have been observed, including:
- Cloud Exploitation: Abuse of platforms like Cloudflare Pages to host phishing sites mimicking Microsoft 365 login pages.
- Quishing Campaigns: Phishing emails with QR codes that redirect users to fake login pages.
- File Attachment Exploits: Malicious HTML attachments embedding JavaScript to steal credentials.
- Mobile Malware: Distribution of malicious Android apps capable of financial data theft.
Implications of the DarkGate Campaign
This attack highlights the sophistication of threat actors in leveraging legitimate tools for malicious purposes. Key risks include:
- Advanced Threat Evasion: The use of obfuscation and process injection complicates detection by traditional antivirus solutions.
- Cross-Platform Risk: DarkGate’s modular design enables its functionality across diverse environments, posing risks to Windows, macOS, and Linux systems.
- Organizational Exposure: The compromise of a single endpoint can serve as a gateway for further network exploitation, endangering sensitive organizational data.
Recommendations for Mitigation
- Enable Advanced Threat Detection: Deploy endpoint detection and response (EDR) solutions to identify anomalous behavior like process injection and dynamic command loading.
- Restrict Remote Access Tools: Limit the use of tools like AnyDesk to approved use cases and enforce strict monitoring.
- Use Email Filtering and Monitoring: Implement AI-driven email filtering systems to detect and block email bombardment campaigns.
- Enhance Endpoint Security: Regularly update and patch operating systems and applications to mitigate vulnerabilities.
- Educate Employees: Conduct training sessions to help employees recognize and avoid phishing and social engineering tactics.
- Implement Network Segmentation: Limit the spread of malware within an organization by segmenting high-value assets.
Conclusion
Using Microsoft Teams and AnyDesk to spread DarkGate malware shows the continuous growth of the hackers’ level. The campaign highlights how organizations have to start implementing adequate levels of security preparedness to threats, including, Threat Identification, Training employees, and Rights to Access.
The DarkGate malware is a perfect example of how these attacks have developed into MaaS offerings, meaning that the barrier to launch highly complex attacks is only decreasing, which proves once again why a layered defense approach is crucial. Both awareness and flexibility are still the key issues in addressing the constantly evolving threat in cyberspace.
Reference:
.webp)
Executive Summary:
A video circulating on social media claims that people in Balochistan, Pakistan, hoisted the Indian national flag and declared independence from Pakistan. The claim has gone viral, sparking strong reactions and spreading misinformation about the geopolitical scenario in South Asia. Our research reveals that the video is misrepresented and actually shows a celebration in Surat, Gujarat, India.
Claim:
A viral video shows people hoisting the Indian flag and allegedly declaring independence from Pakistan in Balochistan. The claim implies that Baloch nationals are revolting against Pakistan and aligning with India.
Fact Check:
After researching the viral video, it became clear that the claim was misleading. We took key screenshots from the video and performed a reverse image search to trace its origin. This search led us to one of the social media posts from the past, which clearly shows the event taking place in Surat, Gujarat, not Balochistan.
In the original clip, a music band is performing in the middle of a crowd, with people holding Indian flags and enjoying the event. The environment, language on signboards, and festive atmosphere all confirm that this is an Indian Independence Day celebration. From a different angle, another photo we found further proves our claim.
However, some individuals with the intention of spreading false information shared this video out of context, claiming it showed people in Balochistan raising the Indian flag and declaring independence from Pakistan. The video was taken out of context and shared with a fake narrative, turning a local celebration into a political stunt. This is a classic example of misinformation designed to mislead and stir public emotions.
To add further clarity, The Indian Express published a report on May 15 titled ‘Slogans hailing Indian Army ring out in Surat as Tiranga Yatra held’. According to the article, “A highlight of the event was music bands of Saifee Scout Surat, which belongs to the Dawoodi Bohra community, seen leading the yatra from Bhagal crossroads.” This confirms that the video was from an event in Surat, completely unrelated to Balochistan, and was falsely portrayed by some to spread misleading claims online.
Conclusion:
The claim that people in Balochistan hoisted the Indian national flag and declared independence from Pakistan is false and misleading. The video used to support this narrative is actually from Surat, Gujarat, India, during “The Tiranga Yatra”. Social media users are urged to verify the authenticity and source of content before sharing, to avoid spreading misinformation that may escalate geopolitical tensions.
- Claim: Mass uprising in Balochistan as citizens reject Pakistan and honor India.
- Claimed On: Social Media
- Fact Check: False and Misleading
