By 63SATS News Desk
India strengthens cybersecurity with fraud prevention measures, preventing ₹4,386 crore in losses. Western Alliance Bank suffers a data breach affecting 22,000 customers. Nation-state hackers exploit a Windows vulnerability for years. WEMIX loses $6.1M in a cyberattack. Leaked chats suggest BlackBasta ransomware’s ties to Russian authorities. China accuses Taiwan of cyber espionage.
Google eyes a $30B acquisition of Wiz. Infosys settles a $17.5M data breach lawsuit. Denmark warns of rising cyber espionage. North Korean hackers target Android users with KoSpy malware. A Coinbase phishing scam deceives users. Cyber threats continue evolving, demanding stronger defenses.
India Strengthens Cybercrime Prevention with AI and Fraud Detection
India is boosting cybersecurity with the Indian Cyber Crime Coordination Centre (I4C) and the National Cyber Crime Reporting Portal. The ‘Citizen Financial Cyber Fraud Reporting System’ has prevented ₹4,386 crore in losses. AI-driven fraud detection by RBI and NPCI enhances security, while public awareness campaigns further protect users from evolving digital threats.
Western Alliance Bank Data Breach Exposes 22,000 Customers
Western Alliance Bank suffered a data breach due to a third-party vulnerability, affecting 22,000 customers. The Clop ransomware gang allegedly exploited a Cleo file-sharing flaw. The breach, detected in October 2024, underscores risks in vendor management. The bank has implemented security measures, but the incident highlights ongoing threats linked to third-party software.
Windows Shortcut Flaw Exploited by Nation-State Hackers Since 2017
Cybercriminal groups from China, Russia, and North Korea have exploited a Windows shortcut (.lnk) vulnerability since 2017. Identified as ZDI-CAN-25373, the flaw enables attackers to disguise malicious shortcuts, tricking users into executing malware. Despite its use in espionage campaigns, Microsoft has not assigned a CVE. Experts urge regular updates and advanced security controls.
Blockchain Gaming Firm WEMIX Loses $6.1M in Cyberattack
South Korea’s WEMIX lost 8.65 million tokens ($6.1M) in a cyberattack on February 28, 2025. CEO Kim Seok-Hwan confirmed the breach, which was contained to prevent further losses. Authorities are tracking stolen assets. The attack highlights vulnerabilities in blockchain-based platforms, stressing the need for stronger security measures in decentralized ecosystems.
Leaked BlackBasta Chat Logs Suggest Russian Government Links
A leak of 200,000 chat messages suggests ties between the BlackBasta ransomware gang and Russian authorities. Leader Oleg Nefedov allegedly escaped Armenian custody with Russian assistance. The logs hint at political intervention, fueling concerns over state-backed cybercrime. While no concrete proof exists, experts warn of increasing government involvement in cyber threats.
China Accuses Taiwan of Cyber Espionage on Infrastructure
China’s Ministry of State Security claims Taiwan’s ICEFCOM has been hacking Chinese power grids and telecom systems since 2023. Beijing named four individuals responsible for phishing attacks and misinformation campaigns. Taiwan denies the allegations, accusing China of cyber warfare. The accusations escalate ongoing cyber tensions between the two nations.
66% of Cloud Storage Buckets Store Sensitive Data, Increasing Risk
A Palo Alto Networks report found that 66% of cloud storage buckets contain sensitive data, exposing organizations to ransomware threats. Attackers use Amazon S3 encryption and AI-generated scripts to encrypt data. As cybercriminals refine tactics, enterprises must enhance encryption monitoring, implement zero-trust frameworks, and leverage threat intelligence to protect cloud assets.
WhatsApp Groups Expose Users to Phishing and Fraud
Experts warn that WhatsApp groups pose cybersecurity risks, exposing users’ names, phone numbers, and locations. Cybercriminals target housing societies, workplaces, and large communities for phishing scams and identity theft. Users are urged to limit group visibility, avoid sharing sensitive details, and regularly review group members to prevent unauthorized data access.
Microsoft Detects StilachiRAT, a New Remote Access Trojan
Microsoft has identified StilachiRAT, a remote access trojan (RAT) that steals credentials, digital wallet data, and clipboard information. The malware scans system hardware, detects RDP sessions, and monitors applications. Although not widespread, Microsoft urges organizations to update defenses, monitor suspicious activities, and restrict remote access to prevent espionage threats.
BlackLock Ransomware Group Rebrands from Eldorado, Targets Enterprises
BlackLock, a rebranded version of the Eldorado ransomware group, has executed 48 attacks in two months. It targets construction and real estate firms, encrypting data at high speeds and deploying wipers against government agencies. Operating via encrypted messaging platforms, BlackLock remains a growing threat, complicating efforts to track its cyber activities.
Cyberattack Cripples Cherokee County School District IT Systems
A cyberattack has disrupted IT operations in Cherokee County School District, affecting emails, networks, and WiFi. Online learning platforms remain inaccessible, and meal transactions have shifted to manual processing. The FBI and state authorities are investigating. Officials are prioritizing system restoration and assessing the extent of data exposure.
Google in Talks to Acquire Cybersecurity Firm Wiz for $30B
Google’s parent company, Alphabet, is in advanced discussions to acquire cybersecurity startup Wiz for $30 billion. If finalized, it would be Google’s largest acquisition, strengthening its cloud security capabilities against Microsoft and Amazon. Wiz specializes in real-time risk assessment, making it a strategic asset in Google’s cloud security expansion.
Karnataka Struggles with Rising Cybercrime Amid Polymorphic Malware Threats
Despite appointing 16 cyber technicians, Karnataka faces rising cybercrime due to polymorphic malware that evades detection. Only 1,248 out of 20,092 cybercrime cases were solved in 2024, with ₹2,900 crore lost. The state is upgrading forensic labs, but outdated security tools highlight the urgent need for AI-driven cybersecurity solutions.
Infosys Agrees to $17.5M Settlement Over Data Breach Lawsuit
Infosys has settled a $17.5M lawsuit related to a data breach at its subsidiary, Infosys McCamish Systems (IMS), affecting 6.5 million individuals. The breach, linked to third-party vendor eDiscovery, led to class-action lawsuits. While denying liability, Infosys chose settlement to conclude litigation. The incident highlights ongoing risks in vendor security.
Fraudsters Impersonate Clop Ransomware Gang to Extort Businesses
Cybercriminals are posing as the Clop ransomware gang to extort businesses, falsely claiming to have exploited a Cleo file transfer flaw. Using real Clop breaches as references, scammers appear credible. Experts urge firms to verify threats before paying ransoms, as cybercriminals increasingly exploit fear to extract money from businesses.
Denmark Warns of Rising Cyber Espionage in Telecom Sector
Denmark’s cybersecurity agency has raised the cyber espionage threat level to “high,” citing increased state-sponsored attacks on Europe’s telecom industry. The report suggests concerns over China-linked Salt Typhoon hackers. With attribution challenges in Europe, the warning highlights escalating cyber threats in the telecommunications sector.
North Korean KoSpy Malware Targets Android Users for Surveillance
KoSpy, a North Korean malware linked to APT27/ScarCruft, has been spying on Android users since 2022. Masquerading as File Manager and Kakao Security, it steals messages, call logs, and audio recordings. Though removed from Google Play, its presence highlights ongoing nation-state cyber espionage targeting mobile devices.
Coinbase Phishing Scam Tricks Users with Fake Wallet Migration Notice
A Coinbase phishing scam is deceiving users with fake wallet migration emails, claiming regulatory mandates require switching to self-custodial wallets. Victims unknowingly share recovery phrases, giving attackers full access. The scam references a false class-action lawsuit to appear credible. Users must verify official communications before taking action.
