By Ashwani Mishra, Editor-Technology, 63SATS
From national security breaches to AI threats, cyber turbulence continues. A hacker group claims to have leaked 20 TB of sensitive DRDO data, though officials deny any breach. Sebi extends the cybersecurity compliance deadline for regulated entities. France fines Apple $162 million for allegedly misusing its privacy tool to suppress competition.
Defense manufacturer AMTEC reportedly suffers a massive data breach. Sophos uncovers a targeted spyware campaign in Taiwan via fake messaging apps. Meanwhile, CERT-In urges Indians to use anonymous accounts on AI apps, warning of vulnerabilities like data poisoning and adversarial attacks.
DRDO Data Leak Claims Raise Alarms, But Officials Deny Breach
A hacker group, Babuk Locker 2.0, claims to have stolen 20 TB of sensitive data from India’s DRDO, including weapon blueprints, new Air Force facility details, and strategic partnerships. The group released 753 MB as proof on March 10. DRDO, known for tight internal controls, denies any data breach, stating the leaked files don’t belong to them but offers no further clarification.
The incident has triggered concerns over national security, with cyber experts urging immediate audit and enhanced breach detection across critical government infrastructure.
Sebi Extends Cybersecurity Framework Deadline to June 30
Securities regulator Sebi has granted a three-month extension to regulated entities for implementing its Cybersecurity and Cyber Resilience Framework (CSCRF), moving the compliance deadline to June 30, 2025. The move follows numerous industry appeals citing complexity and need for clarity. The framework, introduced in August 2024, aims to enhance cyber defenses across financial institutions.
Market Infrastructure Institutions, KRAs, and QRTAs remain excluded from the extension. Sebi emphasizes that the framework is critical in fortifying the industry’s resilience against emerging cyber threats and operational risks.
France Slaps Apple with $162M Fine Over Privacy Tool Misuse
Apple has been fined €150 million ($162 million) by the French Competition Authority for allegedly misusing its App Tracking Transparency (ATT) feature. While ATT gives users control over app-based tracking, regulators argue Apple unfairly advantaged itself by implementing it disproportionately between 2021 and 2023.
The regulator clarified that while user privacy is essential, Apple’s execution of the policy restricted fair competition in mobile advertising. This marks another significant case where big tech’s privacy claims are scrutinized for potential anti-competitive impact.
Military Ammunition Giant AMTEC Allegedly Hacked by InterLock
Cybercriminal group InterLock claims to have breached AMTEC, a leading military-grade ammunition producer, exfiltrating 4.2 TB of sensitive data. The leak includes over 2.9 million files and nearly 450,000 folders.
Screenshots were posted as evidence on InterLock’s dark web site. AMTEC, a unit of National Defense Corporation, has not responded to media inquiries. InterLock stated that AMTEC’s security team failed to detect the intrusion. The incident highlights growing threats to defense contractors and the urgent need for proactive cybersecurity practices in sensitive manufacturing sectors.
Sophos Uncovers Spyware Attack in Taiwan via Fake Chat Apps
Cybersecurity firm Sophos has exposed a targeted malware campaign in Taiwan using fake messaging apps to spread PJobRAT, a remote access trojan. Disguised as legitimate apps “SangaalLite” and “CChat,” the spyware was distributed through compromised WordPress sites.
The campaign, active for nearly two years, appears dormant now. The malware is capable of stealing messages, contacts, and files. Similar tactics were previously used in espionage against Indian military staff. Researchers suggest the attackers aimed at specific individuals, underscoring the persistent threat of social engineering in cyber warfare.
CERT-In Warns Against Unsafe AI Apps, Urges Anonymous Use
India’s cyber agency CERT-In has issued a caution against unsafe AI apps, urging users to sign up with anonymous accounts. The advisory warns of vulnerabilities like data poisoning, prompt injection, adversarial attacks, and model inversion—techniques that can manipulate or extract sensitive data.
CERT-In highlights AI’s widespread adoption across industries but stresses the risks tied to flawed design and misuse. As AI increasingly automates critical tasks, the agency recommends user vigilance and informed consent before engaging with AI-based services, especially in personal or professional contexts.
