By Ashwani Mishra, Editor-Technology, 63SATS
India’s Ministry of Home Affairs has launched ‘Cyber Commandos’ to proactively combat digital threats. In Ukraine, Russian-backed hackers disrupted railway ticketing systems, labelled by officials as cyber terrorism. A new data leak exposed 201 million X user profiles, traced to a 2022 Twitter vulnerability.
The EU unveiled its ProtectEU strategy, aiming to boost Europol’s powers and reassess encryption laws. Malware Hijack Loader has evolved with advanced evasion techniques, while a sophisticated phishing campaign exploited Microsoft Teams and DLL sideloading, echoing Storm-1811 tactics.
India Deploys ‘Cyber Commandos’ to Counter Digital Threats
In a bid to bolster cyber readiness, the Ministry of Home Affairs has launched a proactive ‘Cyber Commandos’ initiative. Unlike conventional cybercrime cells, these units are trained to preempt attacks. The first batch, trained by IIT Madras Pravartak Technologies Foundation, covered key areas such as digital forensics, ethical hacking, and cyber threat intelligence.
Real-world simulations and legal frameworks enhanced operational readiness. This marks a critical shift in India’s cyber defence posture, aiming to empower law enforcement with cutting-edge skills to fight evolving digital threats and reduce cybercrime response time.
Ukraine Labels Rail Cyberattack as Digital Terrorism
Ukraine has accused Russian-backed hackers of targeting its national railway, Ukrzaliznytsia, on March 24, taking down its ticketing systems. CERT-UA’s forensic probe traced the sophisticated malware to Russian intelligence-linked techniques. The malware was custom-built to exploit infrastructure-specific weaknesses, showing signs of extensive planning.
Yevheniia Nakonechna of the SSSCIP condemned the act as “cyber terrorism,” stating it intentionally disrupted essential public services. This attack highlights the growing risk posed by state-sponsored cyber operations targeting critical infrastructure, escalating the role of cyberwarfare in modern conflicts.
201M X User Records Leaked from Past Twitter Exploits
A data leak involving 201 million X (formerly Twitter) users has re-emerged, shared online by a user named ‘ThinkingOne.’ The 34 GB trove includes names, emails, profile data, and more—sourced from two older breaches. Safety Detectives verified parts of the dataset as genuine.
The root cause dates to a 2022 vulnerability discovered via Twitter’s bug bounty program, which allowed data harvesting through email or phone number queries. Twitter acknowledged that the flaw had been exploited before remediation, reigniting concerns around social media data security and persistent vulnerabilities.
EU Eyes ‘Europol-as-FBI’ Model in New Security Blueprint
The European Commission unveiled ProtectEU, a strategic overhaul of its internal security posture. Amid shifting geopolitical dynamics, the bloc aims to enhance Europol’s capabilities to resemble a full-fledged operational agency, akin to the U.S. FBI. The strategy also targets controversial ground—proposing roadmaps for lawful data access and re-evaluating encryption policies.
While not prescribing concrete legislation yet, the proposal signals the EU’s intent to empower law enforcement amid rising cyber threats, cross-border crimes, and challenges posed by end-to-end encryption technologies.
Hijack Loader Evolves with Stealth, VM Evasion Tricks
An upgraded version of Hijack Loader malware is making headlines for its stealth features. Cybersecurity firm Zscaler reported new modules enabling call stack spoofing and anti-virtual machine checks—making the malware harder to detect.
First uncovered in 2023, Hijack Loader is used to deliver payloads like info-stealers and evade security tools. Recent campaigns also involved misuse of code-signing certificates and deployment tactics like ClickFix. Tracked under aliases like GHOSTPULSE and SHADOWLADDER, the malware’s evolution highlights the growing complexity of loader frameworks targeting enterprise systems.
Teams-Based Phishing Uses Vishing, DLL Sideloading
A new multi-stage phishing campaign exploits Microsoft Teams and Quick Assist, according to Ontinue’s Cyber Defence Centre. Attackers initiated contact via vishing, tricking users into granting access, then sideloaded a malicious DLL through a signed TeamViewer binary.
This enabled the deployment of a JavaScript-based backdoor and persistence via LNK files and BITS jobs. Tactics closely align with those used by Storm-1811, though attribution is unconfirmed. The attack blends voice phishing, remote access, and signed binary abuse, showcasing increasingly blended techniques in modern phishing campaigns.
