India’s cybersecurity watchdog, CERT-In, has raised concerns of the nature of modern cyber threats, particularly those driven by artificial intelligence. In its latest advisory, the cybersecurity watchdog has highlighted how frontier AI technologies are reshaping the threat landscape, making cyberattacks faster, more scalable, and far more accessible, even to less skilled attackers. The warning places a special emphasis on Micro, Small, and Medium Enterprises (MSMEs), which are becoming prime targets due to their comparatively weaker security frameworks.  According to CERT-In, the rise of AI-powered tools marks a significant turning point in how cyberattacks are conceived and executed. What once required advanced technical expertise and hours of manual effort can now be accomplished in a fraction of the time through automation. The cybersecurity watchdog noted that modern AI systems are capable of independently scanning large volumes of source code, identifying deeply embedded vulnerabilities, and even launching coordinated, multi-stage cyberattacks. This shift has introduced what the agency describes as an era of “automation and scale” in cybercrime. 

From Manual Intrusion to AI-led Cyberattacks 

CERT-In’s advisory explains that traditional hacking methods involve painstaking manual processes and highly specialized knowledge. Attackers would typically spend hours, if not days, probing systems for weaknesses before exploiting them. However, AI has fundamentally altered this dynamic. Frontier AI systems can now detect “zero-day” vulnerabilities, previously unknown flaws, in mere seconds.  More concerning is the ability of these systems to “chain” multiple vulnerabilities together. By linking weaknesses across different applications or platforms, attackers can orchestrate comprehensive attacks that compromise entire networks from end to end. This level of sophistication was once limited to highly skilled professionals or state-sponsored actors. Today, however, the cybersecurity watchdog warns that such capabilities are accessible, effectively lowering the barrier to entry for cybercriminals. 

MSMEs Under Heightened Risk 

The advisory stresses that MSMEs are particularly vulnerable in this new threat environment. Unlike large enterprises, MSMEs often operate with limited budgets and lack dedicated cybersecurity teams or advanced monitoring systems. This makes it easier for attackers to leverage AI-driven tools.  CERT-In has pointed out that because AI simplifies and automates many aspects of cyberattacks, even individuals with minimal technical expertise can now carry out highly precise and damaging operations. As a result, MSMEs face a disproportionate level of risk. A successful breach could lead to severe consequences, including data theft, operational disruptions, or ransomware attacks that many smaller businesses are ill-prepared to manage.  The cybersecurity watchdog has cautioned that without immediate and meaningful improvements in their security posture, MSMEs could suffer significant financial and reputational damage. The growing accessibility of AI-powered attack tools means that the threat is no longer hypothetical but immediate and widespread. 

Recommended Security Measures 

In response to these emerging risks, CERT-In has outlined several critical steps that organizations, especially MSMEs, should take to strengthen their defenses. One of the primary recommendations is the deployment of robust threat detection systems combined with continuous network monitoring. These measures can help identify unusual activity early and prevent attacks from escalating.  Another key focus area highlighted by the cybersecurity watchdog is patch management. As AI tools enable attackers to quickly identify and exploit unpatched vulnerabilities, delays in updating software can create significant security gaps. CERT-In stresses that the timely application of patches is essential to minimizing exposure.  Additionally, maintaining comprehensive system logs is strongly advised. Detailed logs play a crucial role in forensic investigations, helping organizations understand how an attack occurred and what vulnerabilities were exploited. This information is vital for preventing future incidents and strengthening overall cybersecurity resilience. 

A new Android malware campaign targeting Indian users has been reported by the Indian Computer Emergency Response Team, CERT-In. According to the agency, multiple reports indicate a coordinated effort by cybercriminals to steal sensitive financial and personal data through deceptive mobile applications and phishing techniques.  The ongoing Android malware campaign revolves around fraudulent messages posing as official eChallan or RTO Challan alerts. Victims typically receive SMS notifications claiming that a traffic violation has been recorded against their vehicle. These messages often include alarming language such as legal threats or additional penalties, urging immediate action. 

Android Malware Campaign Exploits eChallan and RTO Challan Trust 

A common message reads: “Your vehicle challan has been generated. Download the receipt from the link below.” The link or attachment leads users to download malicious APK files named “RTO Challan.apk,” “RTO E Challan.apk,” or even “MParivahan.apk.”  As highlighted by CERT-In, these files act as entry points for a multi-stage malware infection. Once installed, the application appears in the app drawer, giving the illusion of legitimacy. However, it is only a dropper component. The actual malicious payload is deployed when users tap on prompts like “Install Update.” 

Multi-Stage Malware and Device Compromise 

Once activated, the malware continues the eChallan theme but becomes invisible to the user by not appearing in the app list. At this stage, it aggressively requests sensitive permissions, including access to SMS messages, phone calls, and background activity.  This level of access allows attackers to maintain persistence on the device without detection. In some cases, the malware also requests permission to establish a VPN connection, enabling threat actors to monitor and intercept internet traffic.  The ultimate goal of this Android malware campaign is financial theft. Fake interfaces resembling legitimate RTO Challan or banking pages are displayed to trick users into entering sensitive information such as card details and login credentials. 

Parallel Rise of Browser-Based eChallan Phishing 

Last year, Cyble Research and Intelligence Labs (CRIL) reported a related surge in browser-based phishing attacks leveraging the eChallan ecosystem. Unlike APK-based threats, this variation does not require users to install any application, significantly lowering the barrier for compromise.  These phishing campaigns begin similarly, with SMS messages targeting Indian vehicle owners. The messages contain deceptive URLs that mimic official eChallan portals. Once clicked, users are redirected to cloned websites that closely replicate government platforms, complete with official insignia and branding.  At the time of investigation, many of these phishing domains remained active, indicating an ongoing and well-maintained operation rather than isolated incidents. 

Anatomy of the Phishing Attack 

The browser-based eChallan fraud follows a structured attack chain: 

• Stage 1: SMS Delivery: Victims receive messages claiming overdue fines, often with threatening language about legal action. The sender appears as a regular mobile number, increasing credibility. 
• Stage 2: Fake Portal Redirection: Clicking the link redirects users to phishing domains hosted on IP addresses such as 101[.]33[.]78[.]145. Interestingly, some pages are originally written in Spanish and translated into English, suggesting reuse of global phishing templates. 
• Stage 3: Fabricated Challan Generation: Users are asked to input details like vehicle number, challan number, or driving license number. Regardless of the input, the system generates a realistic-looking challan, often with a fine amount such as INR 590 and a near-term deadline. This psychological tactic reinforces trust. 
• Stage 4: Financial Data Harvesting: When users proceed to payment, they are directed to a fake payment page that only accepts credit or debit cards. No legitimate payment gateway is used. Instead, sensitive details like CVV, expiry date, and cardholder name are captured directly. Testing revealed that even invalid card entries are accepted, confirming that data is harvested regardless of transaction success. 

Shared Infrastructure and Expanding Threat Landscape 

Investigations revealed that this Android malware campaign and related phishing operations are supported by a shared backend infrastructure. Multiple domains impersonating eChallan, logistics services like DTDC and Delhivery, and financial institutions were hosted on the same IP addresses.  Over 36 phishing domains linked to RTO Challan scams were identified on a single server. Another IP, 43[.]130[.]12[.]41, hosted additional domains mimicking Parivahan services using deceptive naming patterns such as “parizvaihen[.]icu.” 

India’s rapidly expanding space sector has received a major policy push with the release of new space cyber security guidelines aimed at strengthening protection across satellite and ground infrastructure. The framework, jointly developed by the Indian Computer Emergency Response Team (CERT-In) and SatCom Industry Association India (SIA-India), signals a growing recognition that cyber resilience is now as critical to space missions as launch capability itself. The guidelines were unveiled during the DefSat Conference & Expo 2026 held in New Delhi, India, at a time when satellite communication systems are increasingly becoming the backbone of connectivity, navigation, defense operations, and disaster management across the country.

Space Cyber Security Moves from Technical Layer to Strategic Priority

India’s space ecosystem is no longer limited to government-led missions. The rapid rise of private satellite operators, ground station providers, and space-tech startups has significantly expanded the attack surface. As satellite communication networks support everything from banking connectivity in remote regions to military operations, the importance of space cyber security has moved beyond technical discussions into national strategic planning. The new framework acknowledges this shift by outlining security controls across the entire satellite lifecycle, from space assets and ground stations to supply chains and user terminals. It also highlights emerging risks such as signal spoofing, unauthorized command uplinks, firmware manipulation, and ground infrastructure compromise. [caption id="attachment_109838" align="aligncenter" width="602"] Image Source: PIB[/caption] These space cyber security guidelines are advisory in nature but provide a structured baseline for organizations to assess and improve their cyber posture. Importantly, the document pushes stakeholders to adopt risk-based governance rather than reactive compliance.

A Collaborative Model for Space Sector Cyber Resilience

According to Sanjay Bahl, Director General of CERT-In, “CERT-In remains steadfast in strengthening the cyber resilience of all sectors across Bharat. Recognizing the strategic importance of space systems, including satellite communication networks, to India’s technological sovereignty and future growth, these comprehensive guidelines establish a unified and forward-looking framework by considering defense in depth, breadth and height to safeguard satellite networks, ground infrastructure, space related supply chains and space assets against the rapidly evolving and increasingly sophisticated cyber threat landscape.” The emphasis on layered defense reflects a broader industry realization—traditional IT security models are insufficient for space systems, where physical assets in orbit cannot be easily patched or replaced. Subba Rao Pavuluri, President of SIA-India, highlighted the importance of public-private collaboration: “Public Private Partnership and the considered views of industry are fundamental to strengthening cyber resilience across any sector. This joint guideline document issued by CERT-In and SIA India reflect a holistic and collaborative approach, integrating industry perspectives with the deep cyber security expertise of CERT-In. Together, they mark a significant step forward in advancing the cyber security posture of India’s space sector and reinforcing its preparedness against emerging digital threats.” The collaborative approach is particularly relevant as private players now design, launch, and operate critical satellite services.

Rising Threat Landscape Forces a Shift in Security Thinking

The urgency behind strengthening space cyber security becomes clearer when viewed against recent threat activity. Anil Prakash, Director General, SIA-India, highlighted the scale of the challenge, emphasizing that India’s expanding space ecosystem can no longer treat cybersecurity as a technical afterthought. “India’s expanding space ecosystem now requires cybersecurity to evolve from a technical afterthought into a core pillar of mission assurance. The joint framework developed with CERT-In institutionalizes resilience across satellites, ground infrastructure, and supply chains—particularly significant at a time when over 1.5 million cyberattack attempts were recorded during Operation Sindoor and attacks on government networks surged nearly sevenfold,” he said. He further explained, “In this evolving threat landscape, critical infrastructure and industry are equally vulnerable. Importantly, these cyber guidelines are based on an adaptive model and will be periodically refined through structured industry consultation to remain responsive to emerging threats and technological advancements.” Concluding with a call to action for the industry, Prakash noted, “For industry, this is a clear call to adopt secure-by-design architectures and align innovation with national security imperatives.”

Why the Space Cyber Security Framework Matters Now

The release of these space cyber security guidelines marks an important shift in how India approaches digital risk in space. Instead of reacting to incidents, the framework promotes proactive controls such as threat intelligence sharing, supply chain security validation, and governance mechanisms including the appointment of CISOs for satellite operations. More importantly, the framework positions space cyber security as a continuous process rather than a one-time compliance exercise. As satellite constellations grow and commercial launches accelerate, cyber resilience will increasingly determine operational reliability. India’s space ambitions are expanding rapidly—but without secure communication layers, innovation alone cannot sustain trust. The CERT-In and SIA-India framework is a timely reminder that the future of space is not just about reaching orbit—it is about securing it.