#FactCheck - Digitally Altered Video of Olympic Medalist, Arshad Nadeem’s Independence Day Message

Introduction

In July 2025, the Digital Trust & Safety Partnership (DTSP) achieved a significant milestone with the formal acceptance of its Safe Framework Specification as an international standard, ISO/IEC 25389. This is the first globally recognised standard that is exclusively concerned with guaranteeing a secure online experience for the general public's use of digital goods and services.

Significance of the New Framework

Fundamentally, ISO/IEC 25389 provides organisations with an organised framework for recognising, controlling, and reducing risks associated with conduct or content. This standard, which was created under the direction of ISO/IEC's Joint Technical Committee 1 (JTC 1), integrates the best practices of DTSP and offers a precise way to evaluate organisational maturity in terms of safety and trust.  Crucially, it offers the first unified international benchmark, allowing organisations globally to coordinate on common safety pledges and regularly assess progress.

Other Noteworthy Standards and Frameworks

While ISO/IEC 25389 is pioneering, it’s not the only framework shaping digital trust and safety:

• One of the main outcomes of the United Nations’ 2024 Summit for the Future was the UN's Global Digital Compact, which describes cross-border cooperation on secure and reliable digital environments with an emphasis on countering harmful content, upholding online human rights, and creating accountability standards. 
• The World Economic Forum’s Digital Trust Framework defines the goals and values, such as cybersecurity, privacy, transparency, redressability, auditability, fairness, interoperability and safety, implicit to the concept of digital trust. It also provides a roadmap to digital trustworthiness that imbibes these dimensions. 
• The Framework for Integrity, Security and Trust (FIST) launched at the Cybereace Summit 2023 at USI of India in New Delhi, calls for a multistakeholder approach to co-create solutions and best practices for digital trust and safety.
• While still in the finalisation stage for implementation rollout, India's Digital Personal Data Protection Act, 2023 (DPDP Act) and its Rules (2025) aim to strike a balance between individual rights and data processing needs by establishing a groundwork for data security and privacy.
• India is developing frameworks in cutting-edge technologies like artificial intelligence. Using a hub-and-spoke model under the IndiaAI Mission, the AI Safety Institute was established in early 2025 with the goal of creating standards for trustworthy, moral, and safe AI systems. Furthermore, AI standards with an emphasis on safety and dependability are being drafted by the Bureau of Indian Standards (BIS). 
• Google's DigiKavach program (2023) and Google Safety Engineering Centre (GSEC) in Hyderabad are concrete efforts to support digital safety and fraud prevention in India's tech sector.

What It Means for India

India is already claiming its place in discussions about safety and trust around the world. Google's June 2025 safety charter for India, for example, highlights how India's distinct digital scale, diversity, and vast threat landscape provide insights that inform global cybersecurity strategies. 

For India's digital ecosystem, ISO/IEC 25389 comes at a critical juncture. Global best practices in safety and trust are desperately needed as a result of the rapid adoption of digital technologies, including the growth of digital payments, e-governance, and artificial intelligence and a concomitant rise in instances of digital harms. Through its guidelines, ISO/IEC 25389 provides a reference benchmark that Indian startups, government agencies, and tech companies can use to improve their safety standards.

Conclusion 

A global trust-and-safety standard like ISO/IEC 25389 is essential for making technology safer for people, even as we discuss the broader adoption of security and safety-by-design principles integrated into the processes of technological product development. India can improve user protection, build its reputation globally, and solidify its position as a key player in the creation of a safer, more resilient digital future by implementing this framework in tandem with its growing domestic regulatory framework (such as the DPDP Act and AI Safety policies).

References 

• https://dtspartnership.org/the-safe-framework-specification/
• https://dtspartnership.org/press-releases/dtsps-safe-framework-published-as-an-international-standard/?
• https://www.weforum.org/stories/2024/04/united-nations-global-digital-compact-trust-security/?
• https://economictimes.indiatimes.com/tech/technology/google-releases-safety-charter-for-india-senior-exec-details-top-cyber-threat-actors-in-the-country/articleshow/121903651.cms? 
• https://initiatives.weforum.org/digital-trust/framework 
• https://government.economictimes.indiatimes.com/news/secure-india/the-launch-of-fist-framework-for-integrity-security-and-trust/103302090 

‍

Introduction

As per the National Crime Records Bureau (NCRB) ‘Cyber Crime In India Report 2022’, A total of 65,893 cases were registered under Cyber Crimes, showing an increase of 24.4% in registration in comparison to 52,974 cases registered in 2021. The crime rate increased from 3.9 in 2021 to 4.8 in 2022. During 2022, 64.8% of cyber-crime cases registered were for the motive of fraud (42,710 out of 65,893 cases), followed by Extortion with 5.5% (3,648 cases) and Sexual Exploitation with 5.2% (3,434 cases). The statistics released by NCRB show the increased rate of cyber crimes in the country, which poses a significant question of safety in the online world. The rise in cybercrime indicates a rise in emerging criminal groups with malicious intentions, creating new cybercrime hotspots in the country where these groups target and commit cyber crimes despite limited resources.

Cyber Crime Hotspots

Police have recently arrested several cyber criminals in a specific region, indicating that certain areas have become hotspots for cybercrime. Mewat region is one such hotspot indicating a growing trend of cybercrime operating from this area. The Mewat gang's modus operandi is quite different; Cybercriminals in Mewat scam mobile owners just using smartphones and SIM cards without kingpins and targeting mobile owners. The scammers also lure people through online marketplaces such as OLX, in which they pretend to sell possessions and then either physically lure victims to pick-up locations or scam them virtually. 

A study conducted by Future Crime Research Foundation and IIT Kanpur in 2023 has revealed that Jamatara city, once considered the cyber crime capital of India, is no longer the epicentre. The study found that 35 hotspots in India are actively involved in cybercrime activities. The top 10 cybercrime hotspots in India collectively account for 80% of cybercrime-related cases in India. These districts are strategically located near India's capital or closer to the National Capital Region (NCR). These districts are strategically placed with multiple borders, making them easy targets for criminals.  

Online financial fraud and social media-related crimes are the most common in India. Cybercriminals exploit data as a gold mine, using it to commit crimes. For instance, they can obtain banking and insurance data, use simple AI tools to cheat victims, and they can easily impersonate identities to lure innocent people. In cybercrime hotspots, sextortion is a modern way for cybercriminals to record and demand money. Loan app fraud, OLX fraud, and job fraud also originate from these specific regions.

Recommendations 

To counter the challenges posed by emerging cybercrime hubs, the following recommendations are to be considered: 

• Advanced threat Intelligence: The digital landscape is evolving, and the threat landscape is becoming more complex. AI's role in cybersecurity is becoming increasingly critical, both positively and negatively, as it helps in understanding and addressing advanced threats. AI is capable of proactive threat hunting, real-time anomaly detection, and swift incident response.
• Enhancing capabilities of Law Enforcement Agencies: Law enforcement agencies must be sensitised to advanced tools or techniques to investigate cyber crime cases effectively. The development and implementation of advanced forensic tools and technologies need to be utilised or implemented to keep up with the evolving tactics of cybercrime perpetrators. 
• Continuous Monitoring: Continuous cybersecurity monitoring is crucial for detecting anomalies and preventing cyber-attacks. It involves analysing systems and data to establish baseline security, identify deviations, and investigate potential threats. Cybersecurity experts use data observability tools, artificial intelligence, and machine learning to detect unexpected dataset changes.
• Cyber Security Awareness: Public awareness needs to be higher. Cybercrime prevention and cybersecurity is a shared responsibility of all of us by being aware of the threats and following the best practices. The frequent interaction between law enforcement and the public is necessary to raise awareness about safeguarding personal and financial information. Effective campaigns on cyber security are necessary to educate netizens.

Safety Tips for Netizens

Install up-to-date security software and firewalls on devices, use strong passwords for accounts, and regularly update software and applications. Be cautious when clicking on links or downloading files from unknown sources, and be cautious of your personal information.

Conclusion

The rise of Cyber Crime Hotspots in specific regions or districts has significantly exacerbated the issue of increasing cybercrime rates. In order to combat cybercrime more effectively, it is necessary for law enforcement agencies to strengthen their coordination between different states and to adapt advanced technology methods to counter cybercrime threats effectively. Moreover, educating netizens about cyber crime threats and providing best practices is an effective method to counter these threats, considered the first line of defense against cybercrime.

References

• https://ncrb.gov.in/uploads/nationalcrimerecordsbureau/custom/1701607577CrimeinIndia2022Book1.pdf
• https://economictimes.indiatimes.com/tech/technology/no-kingpins-just-a-smartphone-and-sim-card-how-cybercriminals-in-mewat-scam-mobile-owners/articleshow/98062889.cms?from=mdr
• https://www.futurecrime.org/fcrf-cyber-crime-survey-2023
• https://timesofindia.indiatimes.com/city/mumbai/jamtara-loses-crown-as-new-remote-districts-rewrite-indias-cybercrime-map/articleshow/104475868.cms?from=mdr
• https://government.economictimes.indiatimes.com/news/secure-india/80-of-cyber-crimes-from-10-new-districts-iit-report/103921338
• https://www.dw.com/en/how-mewat-became-indias-new-hub-for-cyber-criminals/video-68674527
• https://www.indiatoday.in/from-india-today-magazine/story/into-cybercrime-hotspot-india-mewat-rajasthan-haryana-uttar-pradesh-2381545-2023-05-19
• https://frontline.thehindu.com/the-nation/spotlight-how-nuh-district-in-haryana-became-a-breeding-ground-for-cybercriminals/article67098193.ece
• https://www.opindia.com/2024/04/nuh-mewat-cyber-crime-haryana-police-crackdown/#google_vignette

‍

Overview:

A recent addition to the  list of cybercrime  is SharpRhino, a RAT (Remote Access Trojan) actively used by Hunters International ransomware group. SharpRhino is highly developed and penetrates into the network mask of IT specialists, primarily due to the belief in the tools’ legitimacy. Going under the genuine software installer, SharpRhino started functioning in mid-June 2024. However, Quorum Cyber discovered it in early August 2024 while investigating ransomware.

About Hunters International Group:

Hunters International emerged as one of the most notorious groups focused on ransomware attacks, having compromised over 134 targets worldwide in the first seven months of 2024. It is believed that the group is the rebranding of Hive ransomware group that was previously active, and there are considerable similarities in the code. Its focus on IT employees in particular demonstrates the fact that they move tactically in gaining access to the organizations’ networks.

Modus Operandi:

1. Typosquatting Technique 

SharpRhino is mainly distributed by a domain that looks like the genuine Angry IP Scanner, which is a popular network discovery tool. The malware installer, labeled as ipscan-3.9.1-setup. It is a 32-bit Nullsoft installer which embeds a password protected 7z archive in it. 

2. Installation Process 

• Execution of Installer: When the victim downloads and executes the installer and changes the windows registry in order to attain persistence. This is done by generating a registry entry that starts a harmful file, Microsoft. AnyKey. exe, are fakes originating from fake versions of true legitimate Microsoft Visual Studio tools. 

• Creation of Batch File: This drops a batch file qualified as LogUpdate at the installer.bat, that runs the PowerShell scripts on the device. These scripts are to compile C# code into memory to serve as a means of making the malware covert in its operation. 

• Directory Creation: The installer establishes two directories that allow the C2 communication – C:\ProgramData\Microsoft: WindowsUpdater24 and LogUpdateWindows. 

3. Execution and Functionality: 

• Command Execution: The malware can execute PowerShell commands on the infected system, these actions may involve privilege escalation and other extended actions such as lateral movement. 

• C2 Communication: SharpRhino interacts with command and control servers located on domains from platforms such as Cloudflare. This communication is necessary for receiving commands from the attackers and for returning any data of interest to the attackers. 

• Data Exfiltration and Ransomware Deployment: Once SharpRhino has gained control, it can steal information and then proceed to encrypt it with a .locked extension. The procedure generally concludes with a ransom message, which informs users on how to purchase the decryption key. 

4. Propagation Techniques: 

Also, SharpRhino can spread through the self-copying method, this is the virus may copy itself to other computers using the network account of the victim and pretending to be trustworthy senders such as emails or network-shared files. Moreover, the victim’s machine may then proceed to propagate the malware to other systems like sharing in the company with other employees.

Indicators of Compromise (IOCs):

• LogUpdate.bat
• Wiaphoh7um.t
• ipscan-3.9.1-setup.exe
• kautix2aeX.t
• WindowsUpdate.bat

Command and Control Servers:

• cdn-server-1.xiren77418.workers.dev
• cdn-server-2.wesoc40288.workers.dev
• Angryipo.org
• Angryipsca.com

Analysis:

‍

‍

Graph:

Precautionary measures to be taken:

To mitigate the risks posed by SharpRhino and similar malware, organizations should implement the following measures:

• Implement Security Best Practices: It is important only to download software from official sites and avoid similar sites to confuse the user by changing a few letters.

• Enhance Detection Capabilities: Use technology in detection that can detect the IOCs linked to Sharp Rhino.

• Educate Employees: Educate IT people and employees on phishing scams and the requirement to check the origin of the application.

• Regular Backups: It is also important to back up important files from systems and networks in order to minimize the effects of ransomware attacks on a business.

Conclusion:

SharpRhino could be deemed as the evolution of the strategies used by organizations like Hunters International and others involved in the distribution of ransomware. SharpRhino primarily focuses on the audience of IT professionals and employs complex delivery and execution schemes, which makes it an extremely serious threat for corporate networks. To do so it is imperative that organizations have an understanding of its inner workings in order to fortify their security measures against this relatively new threat. Through the enforcement of proper security measures and constant enlightenment of organizations on the importance of cybersecurity, firms can prevent the various risks associated with SharpRhino and related malware. Be safe, be knowledgeable, and most importantly, be secure when it comes to cyber security for your investments.

Reference: 

https://cybersecuritynews.com/sharprhino-ransomware-alert/

https://cybersecsentinel.com/sharprhino-explained-key-facts-and-how-to-protect-your-data/

https://www.dataprivacyandsecurityinsider.com/2024/08/sharprhino-malware-targeting-it-professionals/

‍