By Ashwani Mishra, Editor-Technology, 63SATS Cybertech
Mumbai Police launched a cyber forensics training program for 253 officers to strengthen digital crime response. In Japan, $350 million in unauthorized trades shook the financial sector, traced to phishing attacks on brokerage accounts. The Elusive Comet group is scamming crypto users via fake podcasts and VC brands. China-linked Mustang Panda unleashed advanced tools in a Myanmar cyberattack.
Meanwhile, a Sophos report warns that India’s SMBs are increasingly vulnerable due to outdated edge devices—making ransomware the dominant threat.
Mumbai Police Upskills Force to Tackle Cybercrime
In a move to combat rising digital threats, Mumbai Police launched a three-day Cyber Investigation & Forensics Training for 253 officers, backed by FedEx and United Way Mumbai. The program covers cyber frauds, phishing, financial crimes, and social media abuse.
As reported by Business Standard, DCP Datta Nalawade emphasized the need for continuous learning to counter evolving cybercrime tactics. The initiative includes officers from cyber cells, crime branches, and anti-narcotics units. Officials said this cross-sector collaboration reflects a strong commitment to proactive crime prevention and public safety. The training also highlights the importance of citizen awareness and responsible digital behaviour.
$350M in Unauthorized Trades Rattle Japan’s Financial Sector
Japan’s Financial Services Agency (FSA) has raised alarms over a massive spike in unauthorized stock trades totaling over $350 million. Hackers exploited stolen credentials from phishing websites imitating real brokerage platforms to access accounts and conduct fraudulent stock transactions. Victim accounts were manipulated to sell stocks, and proceeds were used to purchase Chinese shares, which still remain in those accounts.
Twelve securities firms have reported such incidents so far. The FSA warned that additional breaches may still be undetected and urged investors to be vigilant when accessing online trading platforms.
Elusive Comet Targets Crypto Investors with Fake Brands & Podcasts
Cybercriminal group Elusive Comet is running a convincing social engineering campaign to rob cryptocurrency users. Researchers from the Open Security Alliance report that the group lures victims through fake venture capital brands, websites, and podcasts, convincing them to download malware disguised as investment software.
Key fronts include “Aureon Capital,” “Aureon Press,” and “The OnChain Podcast,” with direct outreach done via X (formerly Twitter) and email. Millions in crypto assets have already been stolen. Experts warn the campaign poses a severe threat due to the sophistication of its storytelling and digital legitimacy.
Mustang Panda Debuts New Attack Tools in Myanmar Operation
China-based hacking group Mustang Panda has upgraded its cyber arsenal, targeting a Myanmar-based entity using its TONESHELL backdoor and debuting four new attack tools. These include keyloggers (PAKLOG and CorKLOG), StarProxy for lateral movement, and SplatCloak, a driver designed to evade endpoint detection systems.
The attack reflects Mustang Panda’s continued evolution and its focus on bypassing modern security defenses. Cybersecurity experts note that such attacks indicate persistent efforts by state-linked groups to refine tactics and exploit geopolitical instability for intelligence gathering and access.
Outdated Tech Puts India’s SMBs at Risk, Warns Sophos
A new Sophos report paints a grim picture for India’s small and mid-sized businesses (SMBs)—with outdated tech now their biggest cyber weakness. The study shows that 30% of breaches in 2024 stemmed from aging edge devices like old VPNs, firewalls, and routers. Often left unpatched or misconfigured, these devices are easy targets for attackers. VPNs were involved in 25% of ransomware cases.
Sophos warns of “digital detritus”—tech that should’ve been retired but remains exposed online. While threats evolve, ransomware still accounts for over 90% of incidents among midsize companies, urging urgent attention to infrastructure hygiene.
