Reading view
Investigating India
Linux Malware Campaign Uses Discord Emojis in Attack on Indian Government Targets
Threat Actor ‘UTA0137’ Linked to Campaign
Volexity researchers connected the campaign to a Pakistan-based threat actor they call UTA0137. The researchers said they have “high confidence that UTA0137 has espionage-related objectives and a remit to target government entities in India. Based on Volexity’s analysis, UTA0137’s campaigns appear to have been successful.” The researchers say they have “moderate confidence” that UTA0137 is a Pakistan-based threat actor because of the group’s targets and a few other reasons:- The Pakistani time zone was hardcoded in one malware sample.
- There are weak infrastructure links to SideCopy, a known Pakistan-based threat actor.
- The Punjabi language was used in the malware.
Attack Starts With DSOP PDF
The malware is delivered via a DSOP.pdf lure, which claims to be a beneficiary document of India’s Defence Service Officer Provident Fund (screenshot below). [caption id="attachment_77503" align="alignnone" width="750"] The DSOP lure that downloads the malware[/caption] The malware then downloads the next-stage payload, named vmcoreinfo, from a remote server, clawsindia[.]in. The payload is an instance of the DISGOMOJI malware and is dropped in a hidden folder named .x86_64-linux-gnu in the user’s home directory. DISGOMOJI, a UPX-packed ELF written in Golang, uses Discord for C2. “An authentication token and server ID are hardcoded inside the ELF, which are used to access the Discord server,” they wrote. “The malware creates a dedicated channel for itself in the Discord server, meaning each channel in the server represents an individual victim. The attacker can then interact with every victim individually using these channels.” On startup, DISGOMOJI sends a check-in message in the channel that contains information like the internal IP, the user name, host name, OS and current working directory. The malware can survive reboots through the addition of a @reboot entry to the crontab, and it also downloads a script named uevent_seqnum.sh to copy files from any attached USB devices.Discord Emojis Used for C2 Communication
C2 communication uses an emoji-based protocol, “where the attacker sends commands to the malware by sending emojis to the command channel, with additional parameters following the emoji where applicable.” A Clock emoji in the command message lets the attacker know a command is being processed, while a Check Mark emoji confirms that the command was executed. The researchers summarized the emoji commands in a table: [caption id="attachment_77505" align="alignnone" width="750"] The Discord emojis used to communicate with attackers (source: Volexity)[/caption] Post-exploitation activities include use of the Zenity utility to display malicious dialog boxes to socially engineer users into giving up their passwords. Open source tools such as Nmap, Chisel and Ligolo are also used, and the DirtyPipe exploit suggests increasing sophistication of the atacker's methods, the researchers said. Indicators of compromise (IoCs) can be downloaded from the Volexity GitHub page:How Blockchain Technology Can Help Safeguard Data and Strengthen Cybersecurity
Understanding Blockchain Technology
At its core, blockchain is a decentralized ledger that records transactions across a network of computers, ensuring that data remains transparent, secure, and immutable. Each block in the blockchain contains a timestamp, transaction data, and a cryptographic hash of the previous block, creating a chain of records that is nearly impossible to alter. The exponential growth of blockchain technology is fueled by the need to simplify business processes, increase transparency, improve traceability, and cut costs. According to ReportLinker, the global blockchain market is expected to increase by 80% between 2018 and 2023, from $1.2 billion to $23.3 billion.Key Components of Blockchain That Ensure Data Security
Blockchain technology enhances data security by ensuring that data recorded once remains unalterable and undeletable without network consensus, thus maintaining integrity. One of the key features of blockchain technology is decentralization. Unlike traditional centralized databases, blockchain operates on a distributed network. This structure reduces the risk of a single point of failure and makes it much more difficult for malicious entities to compromise the entire system. By distributing data across multiple nodes, blockchain eliminates vulnerabilities associated with centralized servers, thereby enhancing overall security. Another feature is the Cryptographic hash function which plays a crucial role in blockchain security. These mathematical algorithms generate a unique identifier for each block, making it virtually impossible to alter any recorded data without detection. All the altered information on the blockchain is visible and immutable, which not only ensures data integrity but also provides a reliable mechanism to detect and prevent fraudulent activities. Blockchain also employs consensus mechanisms such as Proof of Work (PoW) and Proof of Stake (PoS) to validate transactions and ensure network consistency. By allowing only authentic transactions to be added to the blockchain, these mechanisms prevent double payments and other fraudulent practices. Digital signatures, which use a private key to sign transactions, further enhance this level of security. This ensures that only authorized individuals can initiate or modify data entries, while anyone with the public key can verify the authenticity of the transaction.Applications Across Sectors
The use of blockchain technology could have a significant impact on cybersecurity across various sectors. Many organizations are recognizing the significant business benefits of blockchain technology and are increasingly adopting it across various sectors. Blockchain has a lot to offer, from manufacturing and healthcare to supply chains and beyond. Financial services, for instance, can benefit from blockchain's ability to secure transactions, reduce fraud, and improve transparency. The healthcare sector can utilize blockchain to secure storage and share patient information between authorized personnel, ensuring confidentiality and accuracy. In the manufacturing industry, blockchain is primarily used for the movement and management of digital assets and physical goods, enhancing transparency and traceability. In order to ensure a transparent and immutable record of the origin of products, supply chain management can use blockchain technology to prevent counterfeiting and ensure authenticity. Government services can also use blockchain to increase the security and efficiency of public records, voting systems as well as identity management.Key Challenges and Considerations
There are certain challenges to the use of blockchain technology, despite its many benefits. Scalability is an important concern, as the number of transactions increases, the blockchain may become slow and costly to maintain. Furthermore, significant computational power is required for consensus mechanisms such as POW which could result in considerable energy consumption. Regulatory uncertainty is another issue, as the evolving legal landscape can obscure the widespread adoption of blockchain technology. Addressing these challenges is crucial for the continued growth and adoption of blockchain technology. Global efforts are being made to create scalable blockchain systems and more effective consensus methods. Additionally, regulatory frameworks are also evolving to offer more precise guidelines to implement blockchain technology.Growth of Blockchain Technology in India
India is seeing a strong increase in the adoption of blockchain technology in many sectors. This growth is driven by government-backed projects and initiatives, such as the National Blockchain Framework, to improve transparency, security, and efficiency. The technology's potential to enhance data integrity and operational efficiency aligns well with India's digital transformation goals, making blockchain a key component in the nation's technological advancement. The use of blockchain technology has been much more of a game-changer in terms of data security and is supporting cybersecurity. It provides robust security against all cyber threats since it is decentralized, immutable, and fully transparent. Overcoming the challenges of scaling and regulatory uncertainty would enable blockchain's distributed ledger technology to emerge as the key player in secure digital infrastructures that drive innovation across all sectors. The more organizations study its potential applications, the more blockchain will change the face of data security and cybersecurity. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything."I hope my manager allows me to play next week"
Cricinfo: After the Pakistan win, a screen grab of his Slack out-of-office message was all over social media. It said he would be away from work until June 17, when the group phase of the World Cup ends. Netravalkar is not thinking ahead to whether he might have to extend his leave of absence in case USA make it to the Super 8s... ...update on that: As of an hour ago, the USA have enough points so they can't be caught by Ireland, Canada or Pakistan in their group. This means the USA qualify, along with India, into the final group stage of the current World Cup: this also gives the USA automatic qualification for the same World Cup tournament in 2026, two years before cricket returns to the Olympics in Los Angeles. Saurabh is going to need to ask for an extension to WFWCM (Work From World Cup Matches).
Pakistani Threat Actors Caught Targeting Indian Gov Entities
Security researchers at Cisco Talos and Volexity flag two Pakistani espionage campaigns targeting Indian government entities.
The post Pakistani Threat Actors Caught Targeting Indian Gov Entities appeared first on SecurityWeek.
AI and the Indian Election
As India concluded the world’s largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies—and what lessons that holds for the rest of the world.
The campaigns made extensive use of AI, including deepfake impersonations of candidates, celebrities and dead politicians. By some estimates, millions of Indian voters viewed deepfakes.
But, despite fears of widespread disinformation, for the most part the campaigns, candidates and activists used AI constructively in the election. They used AI for typical political activities, including mudslinging, but primarily to better connect with voters.
Deepfakes without the deception
Political parties in India spent an estimated US$50 million on authorized AI-generated content for targeted communication with their constituencies this election cycle. And it was largely successful.
Indian political strategists have long recognized the influence of personality and emotion on their constituents, and they started using AI to bolster their messaging. Young and upcoming AI companies like The Indian Deepfaker, which started out serving the entertainment industry, quickly responded to this growing demand for AI-generated campaign material.
In January, Muthuvel Karunanidhi, former chief minister of the southern state of Tamil Nadu for two decades, appeared via video at his party’s youth wing conference. He wore his signature yellow scarf, white shirt, dark glasses and had his familiar stance—head slightly bent sideways. But Karunanidhi died in 2018. His party authorized the deepfake.
In February, the All-India Anna Dravidian Progressive Federation party’s official X account posted an audio clip of Jayaram Jayalalithaa, the iconic superstar of Tamil politics colloquially called “Amma” or “Mother.” Jayalalithaa died in 2016.
Meanwhile, voters received calls from their local representatives to discuss local issues—except the leader on the other end of the phone was an AI impersonation. Bhartiya Janta Party (BJP) workers like Shakti Singh Rathore have been frequenting AI startups to send personalized videos to specific voters about the government benefits they received and asking for their vote over WhatsApp.
Multilingual boost
Deepfakes were not the only manifestation of AI in the Indian elections. Long before the election began, Indian Prime Minister Narendra Modi addressed a tightly packed crowd celebrating links between the state of Tamil Nadu in the south of India and the city of Varanasi in the northern state of Uttar Pradesh. Instructing his audience to put on earphones, Modi proudly announced the launch of his “new AI technology” as his Hindi speech was translated to Tamil in real time.
In a country with 22 official languages and almost 780 unofficial recorded languages, the BJP adopted AI tools to make Modi’s personality accessible to voters in regions where Hindi is not easily understood. Since 2022, Modi and his BJP have been using the AI-powered tool Bhashini, embedded in the NaMo mobile app, to translate Modi’s speeches with voiceovers in Telugu, Tamil, Malayalam, Kannada, Odia, Bengali, Marathi and Punjabi.
As part of their demos, some AI companies circulated their own viral versions of Modi’s famous monthly radio show “Mann Ki Baat,” which loosely translates to “From the Heart,” which they voice cloned to regional languages.
Adversarial uses
Indian political parties doubled down on online trolling, using AI to augment their ongoing meme wars. Early in the election season, the Indian National Congress released a short clip to its 6 million followers on Instagram, taking the title track from a new Hindi music album named “Chor” (thief). The video grafted Modi’s digital likeness onto the lead singer and cloned his voice with reworked lyrics critiquing his close ties to Indian business tycoons.
The BJP retaliated with its own video, on its 7-million-follower Instagram account, featuring a supercut of Modi campaigning on the streets, mixed with clips of his supporters but set to unique music. It was an old patriotic Hindi song sung by famous singer Mahendra Kapoor, who passed away in 2008 but was resurrected with AI voice cloning.
Modi himself quote-tweeted an AI-created video of him dancing—a common meme that alters footage of rapper Lil Yachty on stage—commenting “such creativity in peak poll season is truly a delight.”
In some cases, the violent rhetoric in Modi’s campaign that put Muslims at risk and incited violence was conveyed using generative AI tools, but the harm can be traced back to the hateful rhetoric itself and not necessarily the AI tools used to spread it.
The Indian experience
India is an early adopter, and the country’s experiments with AI serve as an illustration of what the rest of the world can expect in future elections. The technology’s ability to produce nonconsensual deepfakes of anyone can make it harder to tell truth from fiction, but its consensual uses are likely to make democracy more accessible.
The Indian election’s embrace of AI that began with entertainment, political meme wars, emotional appeals to people, resurrected politicians and persuasion through personalized phone calls to voters has opened a pathway for the role of AI in participatory democracy.
The surprise outcome of the election, with the BJP’s failure to win its predicted parliamentary majority, and India’s return to a deeply competitive political system especially highlights the possibility for AI to have a positive role in deliberative democracy and representative governance.
Lessons for the world’s democracies
It’s a goal of any political party or candidate in a democracy to have more targeted touch points with their constituents. The Indian elections have shown a unique attempt at using AI for more individualized communication across linguistically and ethnically diverse constituencies, and making their messages more accessible, especially to rural, low-income populations.
AI and the future of participatory democracy could make constituent communication not just personalized but also a dialogue, so voters can share their demands and experiences directly with their representatives—at speed and scale.
India can be an example of taking its recent fluency in AI-assisted party-to-people communications and moving it beyond politics. The government is already using these platforms to provide government services to citizens in their native languages.
If used safely and ethically, this technology could be an opportunity for a new era in representative governance, especially for the needs and experiences of people in rural areas to reach Parliament.
This essay was written with Vandinika Shukla and previously appeared in The Conversation.
The World's Largest Democracy Goes to the Polls
People are still trying to figure out why the upset, but reasons include: while India's economy has grown over the last 10 years, so has social inequality and unemployment, the opposition Indian National Developmental Inclusive Alliance, which looked painfully fractured earlier this year, pulled itself together,, dissatisfaction among younger voters, concerns over freedom of the press, religious freedoms, and human rights in general. An explainer on the logistics of an election for just shy of a billion potential voters. Podcast: Looking for Modi -- An overview of Modi's career from an Australian journalit whose visa renewal was denield by the Modie government. (5 episodes) (via user d-no in a previous thread) Podcast: Modi's India -- asegment of the larger CBC podcast Understood, this CBC production digs deeper into the murder of Hardeep Singh Nijjar in Canada. (4 episodes) If you are a The Economist subscriber, they have a podcast, too. Podcast: Behind the Bastards did 2 episodes on Modi Part 1 Part 2 Previously -- Amit Shah, Modi's right hand man Previously -- Assassination of Hardeep Singh Nijjar Previously -- Modi in 2021 Previously -- Election 2019 There are quite a few more, if you search for them
India’s Next Government Will Face Serious Climate Challenges
The fake news divide: how Modi’s rule is fracturing India – video
Ahead of the election in India, the Guardian’s video team travelled through the country to explore how fake news and censorship might shape the outcome.
Almost one billion people are registered to vote. The country's prime minister, Narendra Modi, has been in power for more than 10 years, and his Hindu nationalist Bharatiya Janata party (BJP) is seeking a third term.
But critics of Modi and the BJP say his government has become increasingly authoritarian, fracturing the country along religious lines and threatening India’s secular democracy. At the same time, the space for freedom of speech has been shrinking while disinformation and hate speech has exploded on social media.
Elon Musk’s Diplomacy: Woo Right-Wing World Leaders. Then Benefit.
WhatsApp in India
Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.