#FactCheck- Viral Image of Rescued U.S. Airman in Iran is AI-Generated

Introduction

Against the dynamic backdrop of Mumbai, where the intersection of age-old markets and cutting-edge innovation is a daily reality, an initiative of paramount importance has begun to take shape within the hallowed walls of the Reserve Bank of India (RBI). This is not just a tweak, a nudge in policy, or a subtle refinement of protocols. What we're observing is nothing short of a paradigmatic shift, a recalibration of systemic magnitude, that aims to recalibrate the way India's financial monoliths oversee, manage, and secure their informational bedrock – their treasured IT systems.

On the 7th of November, 2023, the Reserve Bank of India, that bastion of monetary oversight and national fiscal stability, unfurled a new doctrine – the 'Master Direction on Information Technology Governance, Risk, Controls, and Assurance Practices.' A document comprehensive in its reach, it presents not merely an update but a consolidation of all previously issued guidelines, instructions, and circulars relevant to IT governance, plaited into a seamless narrative that extols virtues of structured control and unimpeachable assurance practices. Moreover, it grasps the future potential of Business Continuity and Disaster Recovery Management, testaments to RBI's forward-thinking vision.

This novel edict has been crafted with a target audience that spans the varied gamut of financial entities – from Scheduled Commercial Banks to Non-Banking Financial Companies, from Credit Information Companies to All India Financial Institutions. These are the juggernauts that keep the economic wheels of the nation churning, and RBI's precision-guided document is an unambiguous acknowledgment of the vital role IT holds in maintaining the heartbeat of these financial bodies. Here lies a riveting declaration that robust governance structures aren't merely preferred but essential to manage the landscape of IT-related risks that balloon in an era of ever-proliferating digital complexity.

Directive Structure

The directive's structure is a combination of informed precision and intuitive foresight. Its seven chapters are not simply a grouping of topics; they are the seven pillars upon which the temple of IT governance is to be erected. The introductory chapter does more than set the stage – it defines the very reality, the scope, and the applicability of the directive, binding the reader in an inextricable covenant of engagement and anticipation. It's followed by a deep dive into the cradle of IT governance in the second chapter, drawing back the curtain to reveal the nuanced roles and defiant responsibilities bestowed upon the Board of Directors, the IT Strategy Committee, the clairvoyant Senior Management, the IT Steering Committee, and the pivotal Head of IT Function.

As we move along to the third chapter, we encounter the nuts and bolts of IT Infrastructure & Services Management. This is not just a checklist; it is an orchestration of the management of IT services, third-party liaisons, the calculus of capacity management, and the nuances of project management. Here terms like change and patch management, cryptographic controls, and physical and environmental safeguards leap from the page – alive with earnest practicality, demanding not just attention but action.

Transparency deepens as we glide into the fourth chapter with its robust exploration of IT and Information Security Risk Management. Here, the demand for periodic dissection of IT-related perils is made clear, along with the edifice of an IT and Information Security Risk Management Framework, buttressed by the imperatives of Vulnerability Assessment and Penetration Testing.

The fifth chapter presents a tableau of circumspection and preparedness, as it waxes eloquent on the necessity and architecture of a well-honed Business Continuity Plan and a disaster-ready DR Policy. It is a paean to the anticipatory stance financial institutions must employ in a world fraught with uncertainty.

Continuing the narrative, the sixth chapter places the spotlight on Information Systems Audit, delineating the precise role played by the Audit Committee of the Board in ushering in accountability through an exhaustive IS Audit of the institution's virtual expanse.

And as we perch on the final chapter, we're privy to the 'repeal and other provisions' of the directive, underscoring the interplay of other applicable laws and the interpretation a reader may yield from the directive's breadth.

Conclusion 

To proclaim that this directive is a mere step forward in the RBI's exhaustive and assiduous efforts to propel India's financial institutions onto the digital frontier would be a grave understatement. What we are witnessing is the inception of a more adept, more secure, and more resilient financial sector. This directive is nothing less than a beacon, shepherding in an epoch of IT governance marked by impervious governance structures, proactive risk management, and an unyielding commitment to the pursuit of excellence and continuous improvement. This is no ephemeral shift - this is, indisputably, a revolutionary stride into a future where confidence and competence stand as the watchwords in navigating the digital terra incognita.

References:

https://www.businesstoday.in/industry/banks/story/rbi-issues-new-directions-on-it-governance-in-banks-nbfcs-effective-from-april-2024-check-details-405061-2023-11-08

‍

Executive Summary:

‍
A widely circulated claim on social media indicates that six soldiers of the Assam Rifles were killed during a retaliatory attack carried out by a Myanmar-based breakaway faction of the United Liberation Front of Asom (Independent), or ULFA (I). The post included a photograph of coffins covered in Indian flags with reference to soldiers who were part of the incident where ULFA (I) killed six soldiers. The post was widely shared, however, the fact-check confirms that the photograph is old, not related, and there are no trustworthy reports to indicate that any such incident took place. This claim is therefore false and misleading.

‍

‍

Claim:

‍
Social media users claimed that the banned militant outfit ULFA (I) killed six Assam Rifles personnel in retaliation for an alleged drone and missile strike by Indian forces on their camp in Myanmar with captions on it “Six Indian Army Assam Rifles soldiers have reportedly been killed in a retaliatory attack by the Myanmar-based ULFA group.”. The claim was accompanied by a viral post showing coffins of Indian soldiers, which added emotional weight and perceived authenticity to the narrative. 

‍

‍

Fact Check:

‍
We began our research with a reverse image search of the image of coffins in Indian flags, which we saw was shared with the viral claim. We found the image can be traced to August 2013. We found the traces in  The Washington Post,  which confirms the fact that the viral snap is from the Past incident where five Indian Army soldiers were killed by Pakistani intruders in Poonch, Jammu, and Kashmir, on August 6, 2013. 

‍

‍

Also, The Hindu and India Today offered no confirmation of the death of six Assam Rifles personnel. However, ULFA (I) did issue a statement dated July 13, 2025, claiming that three of its leaders had been killed in a drone strike by Indian forces. 

‍

‍

However, by using Shutterstock, it depicts that the coffin's image is old and not representative of any current actions by the United Liberation Front of Asom (ULFA).

‍

‍

The Indian Army denied it, with Defence PRO Lt Col Mahendra Rawat telling reporters there were "no inputs" of such an operation. Assam Chief Minister Himanta Biswa Sarma also rejected that there was cross-border military action whatsoever. Therefore, the viral claim is false and misleading.

‍

‍

Conclusion:

‍
The assertion that ULFA (I) killed six soldiers from the 6th Assam Rifles in a retaliation strike is incorrect. The viral image used in these posts is from 2013 in Jammu & Kashmir and has no relevance to the present. There have been no verified reports of any such killings, and both the Indian Army and the Assam government have categorically denied having conducted or knowing of any cross-border operation. This faulty narrative is circulating, and it looks like it is only inciting fear and misinformation therefore, please ignore it.

• Claim: Report confirms the death of six Assam Rifles personnel in an ULFA-led attack.
• Claimed On: Social Media
• Fact Check: False and Misleading

‍

Disclaimer:

This report is based on extensive research conducted by CyberPeace Research using publicly available information, and advanced analytical techniques. The findings, interpretations, and conclusions presented are based on the data available at the time of study and aim to provide insights into global ransomware trends.

The statistics mentioned in this report are specific to the scope of this research and may vary based on the scope and resources of other third-party studies. Additionally, all data referenced is based on claims made by threat actors and does not imply confirmation of the breach by CyberPeace. CyberPeace includes this detail solely to provide factual transparency and does not condone any unlawful activities. This information is shared only for research purposes and to spread awareness. CyberPeace encourages individuals and organizations to adopt proactive cybersecurity measures to protect against potential threats.

CyberPeace Research does not claim to have identified or attributed specific cyber incidents to any individual, organization, or nation-state beyond the scope of publicly observable activities and available information. All analyses and references are intended for informational and awareness purposes only, without any intention to defame, accuse, or harm any entity.

While every effort has been made to ensure accuracy, CyberPeace Research is not liable for any errors, omissions, subsequent interpretations and any unlawful activities of the findings by third parties. The report is intended to inform and support cybersecurity efforts globally and should be used as a guide to foster proactive measures against cyber threats.

Executive Summary: 

The 2024 ransomware landscape reveals alarming global trends, with 166 Threat Actor Groups leveraging 658 servers/underground resources and mirrors to execute 5,233 claims across 153 countries. Monthly fluctuations in activity indicate strategic, cyclical targeting, with peak periods aligned with vulnerabilities in specific sectors and regions. The United States was the most targeted nation, followed by Canada, the UK, Germany, and other developed countries, with the northwestern hemisphere experiencing the highest concentration of attacks. Business Services and Healthcare bore the brunt of these operations due to their high-value data, alongside targeted industries such as Pharmaceuticals, Mechanical, Metal, Electronics, and Government-related professional firms. Retail, Financial, Technology, and Energy sectors were also significantly impacted.

This research was conducted by CyberPeace Research using a systematic modus operandi, which included advanced OSINT (Open-Source Intelligence) techniques, continuous monitoring of Ransomware Group activities, and data collection from 658 servers and mirrors globally. The team utilized data scraping, pattern analysis, and incident mapping to track trends and identify hotspots of ransomware activity. By integrating real-time data and geographic claims, the research provided a comprehensive view of sectoral and regional impacts, forming the basis for actionable insights.

The findings emphasize the urgent need for proactive Cybersecurity strategies, robust defenses, and global collaboration to counteract the evolving and persistent threats posed by ransomware.

Overview:

This report provides insights into ransomware activities monitored throughout 2024. Data was collected by observing 166 Threat Actor Groups using ransomware technologies across 658 servers/underground resources and mirrors, resulting in 5,233 claims worldwide. The analysis offers a detailed examination of global trends, targeted sectors, and geographical impact.

Top 10 Threat Actor Groups:

The ransomware group ‘ransomhub’ has emerged as the leading threat actor, responsible for 527 incidents worldwide. Following closely are ‘lockbit3’ with 522 incidents and ‘play’ with 351. Other Groups are ‘akira’, ‘hunters’, ‘medusa’, ‘blackbasta’, ‘qilin’, ‘bianlian’, ‘incransom’. These groups usually employ advanced tactics to target critical sectors, highlighting the urgent need for robust cybersecurity measures to mitigate their impact and protect organizations from such threats.

Monthly Ransomware Incidents:

In January 2024, the value began at 284, marking the lowest point on the chart. The trend rose steadily in the subsequent months, reaching its first peak at 557 in May 2024. However, after this peak, the value dropped sharply to 339 in June. A gradual recovery follows, with the value increasing to 446 by August. September sees another decline to 389, but a sharp rise occurs afterward, culminating in the year’s highest point of 645 in November. The year concludes with a slight decline, ending at 498 in December 2024 (till 28th of December).

Top 10 Targeted Countries:

1. The United States consistently topped the list as the primary target probably due to its advanced economic and technological infrastructure.
2. Other heavily targeted nations include Canada, UK, Germany, Italy, France, Brazil, Spain, and India.
3. A total of 153 countries reported ransomware attacks, reflecting the global scale of these cyber threats

Top Affected Sectors:

1. Business Services and Healthcare faced the brunt of ransomware threat due to the sensitive nature of their operations.
2. Specific industries under threats:
   1. Pharmaceutical, Mechanical, Metal, and Electronics industries.
   2. Professional firms within the Government sector.
3. Other sectors:
   1. Retail, Financial, Technology, and Energy sectors were also significant targets.

Geographical Impact:

The continuous and precise OSINT(Open Source Intelligence) work on the platform, performed as a follow-up action to data scraping, allows a complete view of the geography of cyber attacks based on their claims. The northwestern region of the world appears to be the most severely affected by Threat Actor groups. The figure below clearly illustrates the effects of this geographic representation on the map.

Ransomware Threat Trends in India:

In 2024, the research identified 98 ransomware incidents impacting various sectors in India, marking a 55% increase compared to the 63 incidents reported in 2023. This surge highlights a concerning trend, as ransomware groups continue to target India's critical sectors due to its growing digital infrastructure and economic prominence.

Top Threat Actors Group Targeted India:

Among the following threat actors ‘killsec’ is the most frequent threat. ‘lockbit3’  follows as the second most prominent threat, with significant but lower activity than killsec. Other groups, such as ‘ransomhub’, ‘darkvault’, and ‘clop’, show moderate activity levels. Entities like ‘bianlian’, ‘apt73/bashe’, and ‘raworld’ have low frequencies, indicating limited activity. Groups such as ‘aps’ and ‘akira’ have the lowest representation, indicating minimal activity. The chart highlights a clear disparity in activity levels among these threats, emphasizing the need for targeted cybersecurity strategies.

Top Impacted Sectors in India:

The pie chart illustrates the distribution of incidents across various sectors, highlighting that the industrial sector is the most frequently targeted, accounting for 75% of the total incidents. This is followed by the healthcare sector, which represents 12% of the incidents, making it the second most affected. The finance sector accounts for 10% of the incidents, reflecting a moderate level of targeting. In contrast, the government sector experiences the least impact, with only 3% of the incidents, indicating minimal targeting compared to the other sectors. This distribution underscores the critical need for enhanced cybersecurity measures, particularly in the industrial sector, while also addressing vulnerabilities in healthcare, finance, and government domains.

Month Wise Incident Trends in India:

The chart indicates a fluctuating trend with notable peaks in May and October, suggesting potential periods of heightened activity or incidents during these months. The data starts at 5 in January and drops to its lowest point, 2, in February. It then gradually increases to 6 in March and April, followed by a sharp rise to 14 in May. After peaking in May, the metric significantly declines to 4 in June but starts to rise again, reaching 7 in July and 8 in August. September sees a slight dip to 5 before the metric spikes dramatically to its highest value, 24, in October. Following this peak, the count decreases to 10 in November and then drops further to 7 in December.

CyberPeace Advisory:

1. Implement Data Backup and Recovery Plans: Backups are your safety net. Regularly saving copies of your important data ensures you can bounce back quickly if ransomware strikes. Make sure these backups are stored securely—either offline or in a trusted cloud service—to avoid losing valuable information or facing extended downtime.  
2. Enhance Employee Awareness and Training: People often unintentionally open the door to ransomware. By training your team to spot phishing emails, social engineering tricks, and other scams, you empower them to be your first line of defense against attacks.  
3. Adopt Multi-Factor Authentication (MFA): Think of MFA as locking your door and adding a deadbolt. Even if attackers get hold of your password, they’ll still need that second layer of verification to break in. It’s an easy and powerful way to block unauthorized access.  
4. Utilize Advanced Threat Detection Tools: Smart tools can make a world of difference. AI-powered systems and behavior-based monitoring can catch ransomware activity early, giving you a chance to stop it in its tracks before it causes real damage.  
5. Conduct Regular Vulnerability Assessments: You can’t fix what you don’t know is broken. Regularly checking for vulnerabilities in your systems helps you identify weak spots. By addressing these issues proactively, you can stay one step ahead of attackers.

 ‍

Conclusion:

The 2024 ransomware landscape reveals the critical need for proactive cybersecurity strategies. High-value sectors and technologically advanced regions remain the primary targets, emphasizing the importance of robust defenses. As we move into 2025, it is crucial to anticipate the evolution of ransomware tactics and adopt forward-looking measures to address emerging threats. 

Global collaboration, continuous innovation in cybersecurity technologies, and adaptive strategies will be imperative to counteract the persistent and evolving threats posed by ransomware activities. Organizations and governments must prioritize preparedness and resilience, ensuring that lessons learned in 2024 are applied to strengthen defenses and minimize vulnerabilities in the year ahead.

‍

‍