By Ashwani Mishra, Editor-Technology, 63SATS
Governments and tech giants are grappling with a surge in cyber threats targeting critical sectors and global leaders. India launched its first Digital Threat Report to safeguard the booming BFSI sector, while Canada exposed a China-linked disinformation campaign targeting PM candidate Mark Carney. Microsoft patched a zero-day vulnerability exploited by the PipeMagic trojan in global ransomware attacks.
Meanwhile, the UK and allies revealed spyware tools used to surveil Uyghur, Tibetan, and Taiwanese communities. In the U.S., CISA flagged a critical flaw in CentreStack enabling remote code execution. The message is clear: digital warfare is escalating across borders.
India Releases First Digital Threat Report for BFSI Sector
India has unveiled its first Digital Threat Report 2024, focused on bolstering cybersecurity in the BFSI sector. Spearheaded by MeitY, CERT-In, CSIRT-Fin, and SISA, the report identifies how the rise in digital payments—expected to hit $3.1 trillion by 2028—has turned BFSI into a top target for cybercriminals.
The report offers crucial recommendations: adopt MFA, segment networks, ensure timely patching, and enforce application whitelisting. It also highlights rising threats from AI-led social engineering and supply chain attacks. The message is clear—cyber defense must evolve with digital growth to protect India’s financial backbone.
China-Linked Campaign Targets Canada’s Carney Ahead of Elections
Canadian intelligence has flagged a China-linked disinformation operation aiming to discredit Prime Ministerial candidate Mark Carney before the April 28 federal election. The campaign, driven via WeChat and tied to Chinese internal security agencies, spreads false narratives through an anonymous account, Youli-Youmia.
Targeting Chinese-speaking communities in Canada, it seeks to influence voter sentiment in key ridings like Nepean, Ontario. Authorities warn that the effort is part of a broader geopolitical strategy using digital platforms to erode democratic processes through manipulation, particularly by exploiting linguistic and cultural channels to amplify misleading messages.
PipeMagic Trojan Used in Zero-Day Ransomware Attacks
Microsoft has disclosed that a zero-day flaw in the Windows Common Log File System (CLFS)—now patched—was exploited in ransomware attacks using a malware strain named PipeMagic. The vulnerability, tagged CVE-2025-29824, enabled attackers to gain SYSTEM privileges and hit organizations across sectors, including IT and real estate in the U.S., finance in Venezuela, software in Spain, and retail in Saudi Arabia.
Tracked as Storm-2460, the threat actors used PipeMagic to deploy ransomware after compromising systems. Microsoft urges immediate patching and monitoring to prevent further exploitation of this critical vulnerability.
UK, Allies Reveal Chinese Spyware Targeting Ethnic Minorities
A joint cybersecurity advisory from the UK’s NCSC and partners from five nations has revealed the use of spyware tools BADBAZAAR and MOONSHINE to surveil Uyghur, Tibetan, and Taiwanese communities. These tools, linked to Chinese state actors, are being used to monitor civil society groups and track individuals in real time by compromising smartphones.
The campaign, supported by agencies in the U.S., Germany, Canada, Australia, and New Zealand, is designed to suppress dissent and harvest personal data. The operation highlights a growing trend in state-sponsored digital repression targeting ethnic and political minorities.
CISA Flags CentreStack Flaw Enabling Remote Code Execution
The U.S. CISA has added a critical vulnerability in Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) list. The flaw, CVE-2025-30406 (CVSS 9.0), stems from a hard-coded MachineKey used in ViewState integrity verification. Exploitation allows attackers to forge payloads and trigger remote code execution via server-side deserialization.
The issue has been patched in version 16.4.10315.56368 released on April 3. CISA warns that the vulnerability is actively exploited in the wild and urges all users to apply the update immediately to protect cloud file sharing environments from compromise.
