#FactCheck - Digitally Altered Image Falsely Shows World Bank President Ajay Banga Holding Khalistani Flag
Executive Summary
A digitally manipulated image of World Bank President Ajay Banga has been circulating on social media, falsely portraying him as holding a Khalistani flag. The image was shared by a Pakistan-based X (formerly Twitter) user, who also incorrectly identified Banga as the President of the International Monetary Fund (IMF), thereby fuelling misleading speculation that he supports the Khalistani movement against India.
The Claim
On February 5, an X user with the handle @syedAnas0101010 posted an image allegedly showing Ajay Banga holding a Khalistani flag. The user misidentified him as the IMF President and captioned the post, “IMF president sending signals to INDIA.” The post quickly gained traction, amplifying false narratives and political speculation. Here is the link and archive link to the post, along with a screenshot:
Fact Check:
To verify the authenticity of the image, the CyberPeace Fact Check Desk conducted a detailed research . The image was first subjected to a reverse image search using Google Lens, which led to a Reuters news report published on June 13, 2023. The original photograph, captured by Reuters photojournalist Jonathan Ernst, showed Ajay Banga arriving at the World Bank headquarters in Washington, D.C., on June 2, 2023, marking his first day in office. In the authentic image, Banga is seen holding a coffee cup, not a flag.
Further analysis confirmed that the viral image had been digitally altered to replace the coffee cup with a Khalistani flag, thereby misrepresenting the context and intent of the original photograph. Here is the link to the report, along with a screenshot.

To strengthen the findings, the altered image was also analysed using the Hive Moderation AI detection tool. The tool’s assessment indicated a high likelihood that the image contained AI-generated or manipulated elements, reinforcing the conclusion that the image was not genuine. Below is a screenshot of the result.

Conclusion
The viral image claiming to show World Bank President Ajay Banga holding a Khalistani flag is fake. The photograph was digitally manipulated to spread misinformation and provoke political speculation. In reality, the original Reuters image from June 2023 shows Banga holding a coffee cup during his arrival at the World Bank headquarters. The claim that he supports the Khalistani movement is false and misleading.
Related Blogs

Executive Summary:
A viral video has circulated on social media, wrongly showing lawbreakers surrendering to the Indian Army. However, the verification performed shows that the video is of a group surrendering to the Bangladesh Army and is not related to India. The claim that it is related to the Indian Army is false and misleading.

Claims:
A viral video falsely claims that a group of lawbreakers is surrendering to the Indian Army, linking the footage to recent events in India.



Fact Check:
Upon receiving the viral posts, we analysed the keyframes of the video through Google Lens search. The search directed us to credible news sources in Bangladesh, which confirmed that the video was filmed during a surrender event involving criminals in Bangladesh, not India.

We further verified the video by cross-referencing it with official military and news reports from India. None of the sources supported the claim that the video involved the Indian Army. Instead, the video was linked to another similar Bangladesh Media covering the news.

No evidence was found in any credible Indian news media outlets that covered the video. The viral video was clearly taken out of context and misrepresented to mislead viewers.
Conclusion:
The viral video claiming to show lawbreakers surrendering to the Indian Army is footage from Bangladesh. The CyberPeace Research Team confirms that the video is falsely attributed to India, misleading the claim.
- Claim: The video shows miscreants surrendering to the Indian Army.
- Claimed on: Facebook, X, YouTube
- Fact Check: False & Misleading

Disclaimer:
This report is based on extensive research conducted by CyberPeace Research using publicly available information, and advanced analytical techniques. The findings, interpretations, and conclusions presented are based on the data available at the time of study and aim to provide insights into global ransomware trends.
The statistics mentioned in this report are specific to the scope of this research and may vary based on the scope and resources of other third-party studies. Additionally, all data referenced is based on claims made by threat actors and does not imply confirmation of the breach by CyberPeace. CyberPeace includes this detail solely to provide factual transparency and does not condone any unlawful activities. This information is shared only for research purposes and to spread awareness. CyberPeace encourages individuals and organizations to adopt proactive cybersecurity measures to protect against potential threats.
CyberPeace Research does not claim to have identified or attributed specific cyber incidents to any individual, organization, or nation-state beyond the scope of publicly observable activities and available information. All analyses and references are intended for informational and awareness purposes only, without any intention to defame, accuse, or harm any entity.
While every effort has been made to ensure accuracy, CyberPeace Research is not liable for any errors, omissions, subsequent interpretations and any unlawful activities of the findings by third parties. The report is intended to inform and support cybersecurity efforts globally and should be used as a guide to foster proactive measures against cyber threats.
Executive Summary:
The 2024 ransomware landscape reveals alarming global trends, with 166 Threat Actor Groups leveraging 658 servers/underground resources and mirrors to execute 5,233 claims across 153 countries. Monthly fluctuations in activity indicate strategic, cyclical targeting, with peak periods aligned with vulnerabilities in specific sectors and regions. The United States was the most targeted nation, followed by Canada, the UK, Germany, and other developed countries, with the northwestern hemisphere experiencing the highest concentration of attacks. Business Services and Healthcare bore the brunt of these operations due to their high-value data, alongside targeted industries such as Pharmaceuticals, Mechanical, Metal, Electronics, and Government-related professional firms. Retail, Financial, Technology, and Energy sectors were also significantly impacted.
This research was conducted by CyberPeace Research using a systematic modus operandi, which included advanced OSINT (Open-Source Intelligence) techniques, continuous monitoring of Ransomware Group activities, and data collection from 658 servers and mirrors globally. The team utilized data scraping, pattern analysis, and incident mapping to track trends and identify hotspots of ransomware activity. By integrating real-time data and geographic claims, the research provided a comprehensive view of sectoral and regional impacts, forming the basis for actionable insights.
The findings emphasize the urgent need for proactive Cybersecurity strategies, robust defenses, and global collaboration to counteract the evolving and persistent threats posed by ransomware.
Overview:
This report provides insights into ransomware activities monitored throughout 2024. Data was collected by observing 166 Threat Actor Groups using ransomware technologies across 658 servers/underground resources and mirrors, resulting in 5,233 claims worldwide. The analysis offers a detailed examination of global trends, targeted sectors, and geographical impact.
Top 10 Threat Actor Groups:
The ransomware group ‘ransomhub’ has emerged as the leading threat actor, responsible for 527 incidents worldwide. Following closely are ‘lockbit3’ with 522 incidents and ‘play’ with 351. Other Groups are ‘akira’, ‘hunters’, ‘medusa’, ‘blackbasta’, ‘qilin’, ‘bianlian’, ‘incransom’. These groups usually employ advanced tactics to target critical sectors, highlighting the urgent need for robust cybersecurity measures to mitigate their impact and protect organizations from such threats.

Monthly Ransomware Incidents:
In January 2024, the value began at 284, marking the lowest point on the chart. The trend rose steadily in the subsequent months, reaching its first peak at 557 in May 2024. However, after this peak, the value dropped sharply to 339 in June. A gradual recovery follows, with the value increasing to 446 by August. September sees another decline to 389, but a sharp rise occurs afterward, culminating in the year’s highest point of 645 in November. The year concludes with a slight decline, ending at 498 in December 2024 (till 28th of December).

Top 10 Targeted Countries:
- The United States consistently topped the list as the primary target probably due to its advanced economic and technological infrastructure.
- Other heavily targeted nations include Canada, UK, Germany, Italy, France, Brazil, Spain, and India.
- A total of 153 countries reported ransomware attacks, reflecting the global scale of these cyber threats

Top Affected Sectors:
- Business Services and Healthcare faced the brunt of ransomware threat due to the sensitive nature of their operations.
- Specific industries under threats:
- Pharmaceutical, Mechanical, Metal, and Electronics industries.
- Professional firms within the Government sector.
- Other sectors:
- Retail, Financial, Technology, and Energy sectors were also significant targets.

Geographical Impact:
The continuous and precise OSINT(Open Source Intelligence) work on the platform, performed as a follow-up action to data scraping, allows a complete view of the geography of cyber attacks based on their claims. The northwestern region of the world appears to be the most severely affected by Threat Actor groups. The figure below clearly illustrates the effects of this geographic representation on the map.

Ransomware Threat Trends in India:
In 2024, the research identified 98 ransomware incidents impacting various sectors in India, marking a 55% increase compared to the 63 incidents reported in 2023. This surge highlights a concerning trend, as ransomware groups continue to target India's critical sectors due to its growing digital infrastructure and economic prominence.

Top Threat Actors Group Targeted India:
Among the following threat actors ‘killsec’ is the most frequent threat. ‘lockbit3’ follows as the second most prominent threat, with significant but lower activity than killsec. Other groups, such as ‘ransomhub’, ‘darkvault’, and ‘clop’, show moderate activity levels. Entities like ‘bianlian’, ‘apt73/bashe’, and ‘raworld’ have low frequencies, indicating limited activity. Groups such as ‘aps’ and ‘akira’ have the lowest representation, indicating minimal activity. The chart highlights a clear disparity in activity levels among these threats, emphasizing the need for targeted cybersecurity strategies.

Top Impacted Sectors in India:
The pie chart illustrates the distribution of incidents across various sectors, highlighting that the industrial sector is the most frequently targeted, accounting for 75% of the total incidents. This is followed by the healthcare sector, which represents 12% of the incidents, making it the second most affected. The finance sector accounts for 10% of the incidents, reflecting a moderate level of targeting. In contrast, the government sector experiences the least impact, with only 3% of the incidents, indicating minimal targeting compared to the other sectors. This distribution underscores the critical need for enhanced cybersecurity measures, particularly in the industrial sector, while also addressing vulnerabilities in healthcare, finance, and government domains.

Month Wise Incident Trends in India:
The chart indicates a fluctuating trend with notable peaks in May and October, suggesting potential periods of heightened activity or incidents during these months. The data starts at 5 in January and drops to its lowest point, 2, in February. It then gradually increases to 6 in March and April, followed by a sharp rise to 14 in May. After peaking in May, the metric significantly declines to 4 in June but starts to rise again, reaching 7 in July and 8 in August. September sees a slight dip to 5 before the metric spikes dramatically to its highest value, 24, in October. Following this peak, the count decreases to 10 in November and then drops further to 7 in December.

CyberPeace Advisory:
- Implement Data Backup and Recovery Plans: Backups are your safety net. Regularly saving copies of your important data ensures you can bounce back quickly if ransomware strikes. Make sure these backups are stored securely—either offline or in a trusted cloud service—to avoid losing valuable information or facing extended downtime.
- Enhance Employee Awareness and Training: People often unintentionally open the door to ransomware. By training your team to spot phishing emails, social engineering tricks, and other scams, you empower them to be your first line of defense against attacks.
- Adopt Multi-Factor Authentication (MFA): Think of MFA as locking your door and adding a deadbolt. Even if attackers get hold of your password, they’ll still need that second layer of verification to break in. It’s an easy and powerful way to block unauthorized access.
- Utilize Advanced Threat Detection Tools: Smart tools can make a world of difference. AI-powered systems and behavior-based monitoring can catch ransomware activity early, giving you a chance to stop it in its tracks before it causes real damage.
- Conduct Regular Vulnerability Assessments: You can’t fix what you don’t know is broken. Regularly checking for vulnerabilities in your systems helps you identify weak spots. By addressing these issues proactively, you can stay one step ahead of attackers.
Conclusion:
The 2024 ransomware landscape reveals the critical need for proactive cybersecurity strategies. High-value sectors and technologically advanced regions remain the primary targets, emphasizing the importance of robust defenses. As we move into 2025, it is crucial to anticipate the evolution of ransomware tactics and adopt forward-looking measures to address emerging threats.
Global collaboration, continuous innovation in cybersecurity technologies, and adaptive strategies will be imperative to counteract the persistent and evolving threats posed by ransomware activities. Organizations and governments must prioritize preparedness and resilience, ensuring that lessons learned in 2024 are applied to strengthen defenses and minimize vulnerabilities in the year ahead.

Background
Cyber slavery and online trafficking have become alarming challenges in Southeast Asia. Against this backdrop, India successfully rescued 197 of its citizens from Mae Sot in Thailand on November 10, 2025, using two Indian Air Force flights. The evacuees had fled Myanmar’s Myawaddy region in October after intense military operations forced them to escape. This was India’s second rescue effort within a week, following the November 6 mission that brought back 270 nationals from similar conditions. The operations were coordinated by the Indian Embassy in Bangkok and the Consulate in Chiang Mai, with crucial assistance from the Royal Thai Government.
The Operation and Bilateral Cooperation
The operation was carried out with the presence and supervision of Prime Minister Anutin Charnvirakul of Thailand and Indian Ambassador Nagesh Singh, who were both present at the ceremony in Mae Sot. This way, the two countries have not only proved but also cemented their bond to fight the crimes which were mentioned before and more than that, they have even promised to facilitate communication between their authorities. Prime Minister Charnvirakul thanked India for the quick intervention and added that Thailand would be giving the needed support for the repatriation of the other victims as well.
“Both parties reaffirmed their strong commitment to the fight against cross-border crimes, including cyber scams and human trafficking, in the region and to improving cooperation among the relevant agencies in both countries.”, Embassy of India, Bangkok.
The Cyber Scam Network
The Myawaddy area in Myanmar has made a quick shift to become a hotspot for the entire world of cybercrimes. Moreover, the crimes are especially committed by the organised criminal groups that take advantage of foreign nationals. After the Myanmar military imposed a restriction in late October, over 1,500 people from 28 nations moved to Thailand because of the KK Park cyber hub and other centres being raided.
A UN report (2025) indicated that this fraud activity is part of a larger network that extends the countries populated with very low-tech criminals who target the most naïve, and they are the very ones who end up being tortured. The trafficked persons often belong to the local population or come from neighbouring countries and are recruited with the promise of high salaries as IT or customer service agents, only to be imprisoned in a compound where they are forced to perform phishing, investment fraud, and cryptocurrency scams aimed at the victims all over the globe. These centres operate in border territories having poor governance, easy-to-cross borders, and little police presence, hence making human trafficking a major factor contributing to cybercrime.
India’s Response and Preventive Measures
The Indian Embassy in Thailand worked hand in hand with the Thai government to facilitate bringing back and repatriating the Indian citizens who had entered Thailand illegally when they were escaping Myanmar.
The embassy was far from helpless in the matter. In the case of the embassy's advisory, they suggested to the citizens that:
- It is mandatory to check the authenticity of the job offers and the agents before securing employment in other countries.
- Such employment by means of tourist or visa-free entry permits should be avoided, as such entries allow only for a short-duration visit or tourism.
- Be careful of ads claiming high pay for online or remote work in Southeast Asia.
The embassy reiterated the Government of India’s commitment to ensuring easy access to assistance for citizens overseas and to addressing the growing intersection between cyber fraud and human trafficking.
CyberPeace Analysis and Advisory
The case of Myawaddy demonstrates that cybercrime and human trafficking have grappled to become a complicated global threat. The scam centres gradually come to depend on the trafficked labour of people who are being forced to commit the fraud digitally under coercion. This underlines the requirement for the cybersecurity measures that consider the rights of humans and the protection of the victims, not only the technical defence.
- Cybercrime–Human Trafficking Convergence:
Cybercrime has moved up to the level of a human trafficking operation. The unwilling victims of such fraud schemes are scared for their very lives or even more, not of a reliable way out. This situation is such that one cannot tell where cyber exploitation ends and forced labour begins.
- Cross-Border Enforcement Challenges:
To effectively carry out their unlawful acts, the criminals use legal and jurisdictional loopholes that are present across borders. Dismantling such networks requires the regional cooperation of India, Thailand, and ASEAN countries.
- Socioeconomic Vulnerability:
The situation with unemployment being stagnant and the public not being educated about the situation makes people, especially the youth, very prone to scams of getting hired overseas. Thus, to prevent this uneducated flocking to the fraudsters, it is necessary to constantly implant in them the knowledge of online literacy and the importance of verification of job offers.
- Public–Private Coordination:
The scammers’ mode of operation usually includes online recruitment through social media and encrypted platforms where their victims can be found and contacted. In this regard, cooperation among government institutions, tech platforms, and civil society is imperative to put an end to the operation of these digital trafficking channels.
CyberPeace Expert Advisory
To lessen the possibility of such incidents, CyberPeace suggests the following preventive and policy measures:
Individuals:
- Trust but verify: Before giving your approval to anything, always verify the job offer by official embassy websites or MEA-approved recruiting agencies first.
- Watch out for red flags: If a recruiter offers a very high salary for almost no work, asks for tourist visas, or gives no written contract, be very careful and pull out immediately.
- Protect your documents: Give a trusted person the responsibility of keeping both digital and physical copies of your passport and visa, and also register your travel with the MADAD portal.
- Report if in doubt: If an agent looks suspicious, contact the nearest Indian Embassy or Consulate or report it to cybercrime.gov.in or the 1930 Helpline.
Policymakers and Agencies:
- Strengthen Bilateral Task Forces: Set up armed forces of cyber and human trafficking enforcement units in South and Southeast Asian countries.
- Support Regional Awareness Campaigns: In addition to targeted advisories in local languages, the most vulnerable job seekers in Tier-2 and Tier-3 cities should also receive such awareness in their languages.
- Overseas Employment Advertising should be regulated: All digital job postings should be made to meet transparency standards and fraudulent recruitment should be punished with heavy fines.
- Invest in Digital Forensics and Intelligence Sharing: Create common databases for monitoring international cybercriminal groups.
Conclusion
The return of Indian citizens from Thailand represents a significant humanitarian and diplomatic milestone and highlights that cybercrime, though carried out through digital channels, remains deeply human in nature. International cooperation, well-informed citizens, and a rights-based cybersecurity approach are the minimum requirements for a global campaign against the new breed of cybercrime that is characterised by fraud and trafficking working hand in hand. CyberPeace reminds everyone that digital vigilance, verification, and collaboration across borders are the most effective ways to prevent online abuse and such crimes.
Reference
- https://www.ndtv.com/india-news/197-indians-repatriated-from-thailand-by-special-indian-air-force-flights-9611934
- https://www.thehindu.com/news/national/india-airlifts-citizens-who-worked-in-myanmar-cybercrime-hub-from-thailand/article70264322.ece
- https://www.mea.gov.in/Images/attach/03-List-4-2024.pdf