🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Proactively monitor and defend your organization against threats from the dark web with CloudSEK XVigil.
Schedule a DemoCategory:Â Adversary Intelligence
Industry:Â BFSI
Motivation:Financial
Region:Â India
Source*:Â
B - Usually ReliableÂ
2 - Possibly true
‍
This is an ongoing report and we will keep on updating as we have more information
This advisory highlights recent attacks on Indian banks, focusing on two primary attack vectors: geopolitical tensions and credential stealers/social media account takeovers.
In the last year we have observed that hacktivist groups have the following techniques that they generally use:
The ongoing Israel-Palestine conflict has fueled the activities of hacktivist groups, who have targeted Indian banks due to perceived political stances. The attacks have primarily focused on Distributed Denial of Service (DDoS) attacks aiming to disrupt online banking services and websites.
‍
‍
‍
‍
‍
‍
‍
Screenshot of hacktivist groups targeting indian banksÂ
‍
Please Note - Hacktivist groups are notorious for making claims to create chaos, at the time of writing this report most of these claims have been debunked and there was no spike noticed by the said banks/targeted banks. This happens because of the attention that they get in the pursuit of making these lofty claims.
‍
‍
In recent weeks, there has been a rise in attacks where hackers hijack social media accounts of major Indian banks, primarily Twitter, and use them to promote cryptocurrency scams. Hackers employ various techniques to acquire these accounts, including:
‍
‍
‍
‍
‍
Once control is gained, the compromised accounts spread links to fraudulent crypto websites and "crypto drainers," malicious tools designed to steal cryptocurrencies from unsuspecting users. The scams often leverage the popularity of Elon Musk and other prominent figures to gain trust.
‍
‍
‍
‍
‍
‍
‍
‍
‍
CloudSEK’s Threat Research Team uncovered a sophisticated scam targeting air travelers at Indian airports. The fraud involves a malicious Android application named Lounge Pass, distributed through fake domains like loungepass.in. This app secretly intercepts and forwards SMS messages from victims’ devices to cybercriminals, resulting in significant financial losses. The investigation revealed that between July and August 2024, over 450 travelers unknowingly installed the fraudulent app, resulting in a reported theft of more than INR 9 lakhs (approx. $11,000). The scammers exploited an exposed Firebase endpoint to store stolen SMS messages. Through domain analysis and passive DNS data, researchers identified several related domains spreading similar APKs. Key recommendations include downloading apps only from official stores, avoiding scanning random QR codes, and never granting SMS access to travel or lounge apps. Travelers should book lounge access through official channels and stay vigilant to protect their personal data. Stay updated on the latest scams and protect your travel data by following these guidelines.
Over recent months, the United States has faced a surge in cyber attacks, with ransomware incidents rising sharply from June to October 2024. Prominent groups, including Play, RansomHub, Lockbit, Qilin, and Meow, have targeted sectors such as Business Services, Manufacturing, IT, and Healthcare, compromising over 800 organizations. Major attacks included a breach of the City of Columbus by Rhysida ransomware and data leaks impacting Virginia’s Department of Elections and Healthcare.gov. Additionally, China’s "Salt Typhoon" espionage campaign is aggressively targeting U.S. ISPs, further complicating the cyber threat landscape. Hacktivist groups advocating pro-Russian and pro-Palestinian positions have also increased their attacks, affecting government entities and critical infrastructure. This report highlights the need for enhanced security protocols, regular audits, and public awareness initiatives to mitigate the growing cyber risks. Key recommendations include implementing multi-factor authentication, frequent employee training, and advanced threat monitoring to safeguard the nation's critical infrastructure and public trust.
CloudSEK’s latest research uncovers a troubling trend involving scammers using deepfake technology to promote fraudulent mobile applications. High-profile individuals, such as Virat Kohli, Anant Ambani, and even international figures like Cristiano Ronaldo and Ryan Reynolds, have been targeted through deepfake videos. These manipulated clips showcase them endorsing a mobile gaming app, luring unsuspecting users into scams. The fraudulent ads leverage the credibility of renowned news channels to enhance their legitimacy, fooling users into downloading harmful applications from fake domains resembling Google Play or Apple App Store. This emerging threat is particularly aimed at the Indian market but extends to other regions like Nigeria, Pakistan, and Southeast Asia. The deceptive gaming apps, designed to siphon money from users, require a minimum deposit, promising quick earnings but leading to significant financial losses. These scams exploit deepfake videos in creative ways to bypass detection, making them even more dangerous. To combat this growing threat, CloudSEK’s Deep Fake Analyzer offers a free solution for the cybersecurity community, helping professionals detect and mitigate the risks posed by manipulated videos, images, and audio. This tool is crucial in safeguarding organizations from deepfake-related scams and fraud. To access the CloudSEK Deep Fake Analyzer, visit https://community.cloudsek.com/
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
9
min read
This advisory highlights recent attacks on Indian banks, focusing on two primary attack vectors: geopolitical tensions and credential stealers/social media account takeovers.
Category:Â Adversary Intelligence
Industry:Â BFSI
Motivation:Financial
Region:Â India
Source*:Â
B - Usually ReliableÂ
2 - Possibly true
‍
This is an ongoing report and we will keep on updating as we have more information
This advisory highlights recent attacks on Indian banks, focusing on two primary attack vectors: geopolitical tensions and credential stealers/social media account takeovers.
In the last year we have observed that hacktivist groups have the following techniques that they generally use:
The ongoing Israel-Palestine conflict has fueled the activities of hacktivist groups, who have targeted Indian banks due to perceived political stances. The attacks have primarily focused on Distributed Denial of Service (DDoS) attacks aiming to disrupt online banking services and websites.
‍
‍
‍
‍
‍
‍
‍
Screenshot of hacktivist groups targeting indian banksÂ
‍
Please Note - Hacktivist groups are notorious for making claims to create chaos, at the time of writing this report most of these claims have been debunked and there was no spike noticed by the said banks/targeted banks. This happens because of the attention that they get in the pursuit of making these lofty claims.
‍
‍
In recent weeks, there has been a rise in attacks where hackers hijack social media accounts of major Indian banks, primarily Twitter, and use them to promote cryptocurrency scams. Hackers employ various techniques to acquire these accounts, including:
‍
‍
‍
‍
‍
Once control is gained, the compromised accounts spread links to fraudulent crypto websites and "crypto drainers," malicious tools designed to steal cryptocurrencies from unsuspecting users. The scams often leverage the popularity of Elon Musk and other prominent figures to gain trust.
‍
‍
‍
‍
‍
‍
‍
‍
‍