#FactCheck-A manipulated image showing Indian cricketer Virat Kohli allegedly watching Rahul Gandhi's media briefing on his mobile phone has been widely shared online.

Overview:

A recent addition to the  list of cybercrime  is SharpRhino, a RAT (Remote Access Trojan) actively used by Hunters International ransomware group. SharpRhino is highly developed and penetrates into the network mask of IT specialists, primarily due to the belief in the tools’ legitimacy. Going under the genuine software installer, SharpRhino started functioning in mid-June 2024. However, Quorum Cyber discovered it in early August 2024 while investigating ransomware.

About Hunters International Group:

Hunters International emerged as one of the most notorious groups focused on ransomware attacks, having compromised over 134 targets worldwide in the first seven months of 2024. It is believed that the group is the rebranding of Hive ransomware group that was previously active, and there are considerable similarities in the code. Its focus on IT employees in particular demonstrates the fact that they move tactically in gaining access to the organizations’ networks.

Modus Operandi:

1. Typosquatting Technique 

SharpRhino is mainly distributed by a domain that looks like the genuine Angry IP Scanner, which is a popular network discovery tool. The malware installer, labeled as ipscan-3.9.1-setup. It is a 32-bit Nullsoft installer which embeds a password protected 7z archive in it. 

2. Installation Process 

• Execution of Installer: When the victim downloads and executes the installer and changes the windows registry in order to attain persistence. This is done by generating a registry entry that starts a harmful file, Microsoft. AnyKey. exe, are fakes originating from fake versions of true legitimate Microsoft Visual Studio tools. 

• Creation of Batch File: This drops a batch file qualified as LogUpdate at the installer.bat, that runs the PowerShell scripts on the device. These scripts are to compile C# code into memory to serve as a means of making the malware covert in its operation. 

• Directory Creation: The installer establishes two directories that allow the C2 communication – C:\ProgramData\Microsoft: WindowsUpdater24 and LogUpdateWindows. 

3. Execution and Functionality: 

• Command Execution: The malware can execute PowerShell commands on the infected system, these actions may involve privilege escalation and other extended actions such as lateral movement. 

• C2 Communication: SharpRhino interacts with command and control servers located on domains from platforms such as Cloudflare. This communication is necessary for receiving commands from the attackers and for returning any data of interest to the attackers. 

• Data Exfiltration and Ransomware Deployment: Once SharpRhino has gained control, it can steal information and then proceed to encrypt it with a .locked extension. The procedure generally concludes with a ransom message, which informs users on how to purchase the decryption key. 

4. Propagation Techniques: 

Also, SharpRhino can spread through the self-copying method, this is the virus may copy itself to other computers using the network account of the victim and pretending to be trustworthy senders such as emails or network-shared files. Moreover, the victim’s machine may then proceed to propagate the malware to other systems like sharing in the company with other employees.

Indicators of Compromise (IOCs):

• LogUpdate.bat
• Wiaphoh7um.t
• ipscan-3.9.1-setup.exe
• kautix2aeX.t
• WindowsUpdate.bat

Command and Control Servers:

• cdn-server-1.xiren77418.workers.dev
• cdn-server-2.wesoc40288.workers.dev
• Angryipo.org
• Angryipsca.com

Analysis:

‍

‍

Graph:

Precautionary measures to be taken:

To mitigate the risks posed by SharpRhino and similar malware, organizations should implement the following measures:

• Implement Security Best Practices: It is important only to download software from official sites and avoid similar sites to confuse the user by changing a few letters.

• Enhance Detection Capabilities: Use technology in detection that can detect the IOCs linked to Sharp Rhino.

• Educate Employees: Educate IT people and employees on phishing scams and the requirement to check the origin of the application.

• Regular Backups: It is also important to back up important files from systems and networks in order to minimize the effects of ransomware attacks on a business.

Conclusion:

SharpRhino could be deemed as the evolution of the strategies used by organizations like Hunters International and others involved in the distribution of ransomware. SharpRhino primarily focuses on the audience of IT professionals and employs complex delivery and execution schemes, which makes it an extremely serious threat for corporate networks. To do so it is imperative that organizations have an understanding of its inner workings in order to fortify their security measures against this relatively new threat. Through the enforcement of proper security measures and constant enlightenment of organizations on the importance of cybersecurity, firms can prevent the various risks associated with SharpRhino and related malware. Be safe, be knowledgeable, and most importantly, be secure when it comes to cyber security for your investments.

Reference: 

https://cybersecuritynews.com/sharprhino-ransomware-alert/

https://cybersecsentinel.com/sharprhino-explained-key-facts-and-how-to-protect-your-data/

https://www.dataprivacyandsecurityinsider.com/2024/08/sharprhino-malware-targeting-it-professionals/

‍

Introduction

On May 21st, 2025, the Department of Telecommunications (DoT) launched the Financial Risk Indicator (FRI) feature, marking an important step towards safeguarding mobile phone users from the risks of financial fraud. This was developed as a part of the Digital Intelligence Platform (DIP), which facilitates coordination between stakeholders to curb the misuse of telecom services for conducting cyber crimes.

What is the Financial Risk Indicator (FRI)?

The FRI is a risk-based metric feature that categorises phone numbers into risk, medium risk, and high risk based on their association with financial fraud in the past. The data pool enabling this intelligence sharing includes the Digital Intelligence Unit (DIU) of the DoT, which engages and sends a list of Mobile Numbers that were disconnected (Mobile Number Revocation List - MNRL) to the following stakeholders, creating a network of checks and balances. They are:

1. Intelligence from Non-Banking Finance Companies, and UPI (Unified Payment Interface) gateways.
2. The Chakshu facility- a feature on the Sanchar Saathi portal that enables users to report suspected fraudulent communication (Calls, SMS, WhatsApp messages), which has also been roped in.
3. Complaints from the National Cybercrime Reporting Portal (NCRP) through the I4C (Indian Cyber Coordination Center).

Some other initiatives taken up concerning securing against digital financial fraud are the Citizen Financial Cyber Fraud Reporting and Management System, the International Incoming Spoofed Calls Prevention System, among others.

A United Stance

The ease of payment and increasing digitisation might have enabled the increasing usage of UPI platforms. However, post-adoption, the responsibility of securing the digital payments infrastructure becomes essential. As per a report by CNBC TV18, UPI fraud cases surged by 85% in FY24. The number of incidents have increased from 7.25 lakh in FY23 to 13.42 lakh in FY24. These cases involved a total value of ₹1,087 crore, compared to ₹573 crore in the previous year, and the number continues to increase. 

Nevertheless, UPI platforms are taking their own initiative to combat such crimes. PhonePe, one of the most used digital payment interface as of January 2025 (Statista) has already incorporated the FRI into its PhonePe Protect feature; this blocks transactions with high-risk numbers and issues a warning prior to engaging with numbers that are categorised to be of medium risk. 

CyberPeace Insights

The launch of a feature addressing the growing threat of financial fraud is crucial for creating a network of stakeholders to coordinate with law enforcement to better track and prevent crimes. Publicity of these measures will raise public awareness and keep end-users informed. A secure infrastructure for digital payments is necessary in this age, with a robust base mechanism that can adapt to both current and future threats.

References

• https://www.thehawk.in/news/economy-and-business/centre-launches-financial-fraud-risk-indicator-to-safeguard-mobile-users
• https://telanganatoday.com/government-launches-financial-fraud-risk-indicator-to-safeguard-mobile-users
• https://www.pib.gov.in/PressReleasePage.aspx?PRID=2130249#:~:text=What%20is%20the%20%E2%80%9CFinancial%20Fraud,High%20risk%20of%20financial%20fraud
• https://www.business-standard.com/industry/news/dot-launches-financial-fraud-risk-indicator-to-aid-cybercrime-detection-125052101912_1.html 
• https://www.cnbctv18.com/business/finance/upi-fraud-cases-rise-85-pc-in-fy24-increase-parliament-reply-data-19514295.htm
• https://www.statista.com/statistics/1034443/india-upi-usage-by-platform/#:~:text=In%20January%202025%2C%20PhonePe%20held%20the%20highest,key%20drivers%20of%20UPI%20adoption%20in%20India
• https://telecom.economictimes.indiatimes.com/amp/news/policy/centre-notifies-draft-rules-for-delicensing-lower-6-ghz-band/121260887?nt

‍

Introduction

Digital Public Infrastructure (DPI) serves as the backbone of e-governance, enabling governments to deliver services more efficiently, transparently, and inclusively. By leveraging information and communication technology (ICT), digital governance systems reconfigure traditional administrative processes, making them more accessible and citizen-centric. However, the successful implementation of such systems hinges on overcoming several challenges, from ensuring data security to fostering digital literacy and addressing infrastructural gaps.

This article delves into the key enablers that drive effective DPI and outlines the measures already undertaken by the government to enhance its functionality. Furthermore, it outlines strategies for their enhancement, emphasizing the need for a collaborative, secure, and adaptive approach to building robust e-governance systems.

Key Enablers of DPI

Digital Public Infrastructure (DPI), the foundation for e-governance,  relies on common design, robust governance, and private sector participation for efficiency and inclusivity. This requires common principles, frameworks for collaboration, capacity building, and the development of common standards. Some of the key measures undertaken by the government in this regard include: 

1. Data Protection Framework: The Digital Personal Data Protection (DPDP) Act of 2023 establishes a framework to ensure consent-based data sharing and regulate the processing of digital personal data. It delineates the responsibilities of data fiduciaries in safeguarding users' digital personal data.
2. Increasing Public-Private Partnerships: Refining collaboration between the government and the private sector has accelerated the development, maintenance, expansion, and trust of the infrastructure of DPIs, such as the AADHAR, UPI, and  Data Empowerment and Protection Architecture (DEPA). For example, the Asian Development Bank attributes the success of UPI to its “consortium ownership structure”, which enables the wide participation of major financial stakeholders in the country.
3. Coordinated Planning: The PM-Gati Shakti establishes a clear coordination framework involving various inter-governmental stakeholders at the state and union levels. This aims to significantly reduce project duplications, delays, and cost escalations by streamlining communication, harmonizing project appraisal and approval processes, and providing a comprehensive database of major infrastructure projects in the country. This database called the National Master Plan, is jointly accessible by various government stakeholders through APIs.
4. Capacity Building for Government Employees:  The National e-Governance Division of the Ministry of Electronics and Information Technology routinely rolls out multiple training programs to build the technological and managerial skills required by government employees to manage Digital Public Goods (DPGs). For instance, it recently held a program on “Managing Large Digital Transformative Projects”. Additionally, the Ministry of Personnel, Public Grievances, and Pensions has launched the Integrated Government Online Training platform  (iGOT) Karmayogi for the continuous learning of civil servants across various domains. 

Digital Governance; Way Forward

E-governance utilizes information and communication technology (ICT) such as Wide Area Networks, the Internet, and mobile computing to implement existing government activities, reconfiguring the structures and processes of governance systems. This warrants addressing certain inter-related challenges such as : 

1. Data Security: The dynamic and ever-changing landscape of cyber threats necessitates regular advancements in data and information security technologies, policy frameworks, and legal provisions. Consequently, the digital public ecosystem must incorporate robust data cybersecurity measures, advanced encryption technologies, and stringent privacy compliance standards to safeguard against data breaches.
2. Creating Feedback Loops: Regular feedback surveys will help government agencies improve the quality, efficiency, and accessibility of digital governance services by tailoring them to be more user-friendly and enhancing administrative design. This is necessary to build trust in government services and improve their uptake among beneficiaries. Conducting the decennial census is essential to gather updated data that can serve as a foundation for more informed and effective decision-making.
3. Capacity Building for End-Users: The beneficiaries of key e-governance projects like Aadhar and UPI may have inadequate technological skills, especially in regions with weak internet network infrastructure like hilly or rural areas. This can present challenges in the access to and usage of technological solutions.  Robust capacity-building campaigns for beneficiaries can provide an impetus to the digital inclusion efforts of the government.
4. Increasing the Availability of Real-Time Data: By prioritizing the availability of up-to-date information, governments and third-party enterprises can enable quick and informed decision-making.  They can effectively track service usage, assess quality, and monitor key metrics by leveraging real-time data. This approach is essential for enhancing operational efficiency and delivering improved user experience.
5. Resistance to Change: Any resistance among beneficiaries or government employees to adopt digital governance goods may stem from a limited understanding of digital processes and a lack of experience with transitioning from legacy systems.  Hand-holding employees during the transitionary phase can help create more trust in the process and strengthen the new systems. 

Conclusion

Digital governance is crucial to transforming public services, ensuring transparency, and fostering inclusivity in a rapidly digitizing world. The successful implementation of such projects requires addressing challenges like data security, skill gaps, infrastructural limitations, feedback mechanisms, and resistance to change. Addressing these challenges with a strategic, multi-stakeholder approach can ensure the successful execution and long-term impact of large digital governance projects. By adopting robust cybersecurity frameworks, fostering public-private partnerships, and emphasizing capacity building, governments can create efficient and resilient systems that are user-centric, secure, and accessible to all. 

References

• https://www.adb.org/sites/default/files/publication/865106/adbi-wp1363.pdf 
• https://www.jotform.com/blog/government-digital-transformation-challenges/ 
• https://aapti.in/wp-content/uploads/2024/06/AaptixONI-DPIGovernancePlaybook_compressed.pdf 
• https://community.nasscom.in/sites/default/files/publicreport/Digital%20Public%20Infrastructure%2022-2-2024_compressed.pdf 
• https://proteantech.in/articles/Decoding-Digital-Public-Infrastructure-in-India/ 

‍

‍