Cyber Review - November 2023
Anurag Sharma, Senior Research Associate, VIF


TEC and IIIT signed a MoU for collaboration in AI systems

On 03 November 2023, the Telecommunication Engineering Centre (TEC), the technical wing of the Department of Telecommunications (DoT) at the Ministry of Communications, and the Indraprastha Institute of Information Technology (IIIT) signed a Memorandum of Understanding (MoU) to work together on trustworthy and responsible Artificial Intelligence (AI) systems. The collaboration will specifically concentrate on addressing biases in AI systems and promoting fairness assessments while nurturing public trust in these technologies, aligning with the government’s objectives.

By bridging the gap between government and academia, the MoU will support rigorous research and advance Bharat’s leadership in AI. The TEC is the acknowledged Standards Setting Organisation (SSO) in the nation's telecommunications and associated ICT industries. It creates standards for the networks, systems, equipment, and services linked to ICT and telecom used in the Bharatiya network. [1]

During September 2021-2023, State-sponsored cyber-attacks against Bharat increased by 278 per cent: Cyfirma report

According to a report entitled “2023 India Threat Landscape” prepared by Singapore-based cyber security firm— Cyfirma, Bharat is the most targeted country globally, facing 13.7 per cent of all cyber-attacks. State-sponsored cyber-attacks against Bharat increased by 278 per cent between September 2021 and 2023, with service companies, including IT and BPO (Business Process Outsourcing) firms. In the same period, targeted cyber-attacks on government agencies increased by 460 per cent, while start-ups and Small and Medium Enterprises (SMEs) saw a steep rise of 508 per cent.

The United States is the second most targeted country, with 9.6 per cent of all attacks. Indonesia and China follow, with 9.3 per cent and 4.5 per cent of all attacks, respectively. “Globally, almost 68 per cent of cyber-attacks in the last three years were state-sponsored. If you look at Bharat’s number, this is a bit higher, at 72 per cent,” said Cyfirma founder and CE Kumar Ritesh. “In 2015-16, 58-59 per cent of cyber-attacks on Bharat were from Pakistani threat actors or operators from West Asia. Today, only 6.4 per cent of threats are from Pakistani actors or their affiliates, while 79% are from China,” added Kumar Ritesh.[2]

The government advised social media intermediaries to identify misinformation and deepfakes

On 07 November 2023, the Government of Bharat issued an advisory to significant social media intermediaries to ensure the following measures against misinformation and deep-fakes:-

  1. Ensure that due diligence is exercised, and reasonable efforts are made to identify misinformation and deepfakes, and
  2. information that violates the provisions of rules and regulations and/or user agreements and,
  3. Such cases are expeditiously actioned against, well within the timeframes stipulated under the IT Rules 2021, and,
  4. Users are caused not to host such information/content/Deepfakes and
  5. Remove any such content when reported within 36 hours of such reporting, and
  6. Ensure expeditious action within the timeframes stipulated under the IT Rules 2021 and restrict access to the content/information.

Any failure to act as per relevant provisions of the IT Act and Rules, social media intermediaries would attract Rule 7 of the IT Rules 2021 and could render the organisation liable to losing the protection available under Section 79(1) of the IT Act, 2000.

Safety and trust of our Digital Nagriks is our unwavering commitment and a top priority for the Narendra Modi Government. Given the significant challenges posed by misinformation and deepfakes, the Ministry of Electronics and Information Technology (MEITY) has issued a second advisory within the last six months, calling upon online platforms to take decisive actions against the spread of deepfakes,” said Rajeev Chandrasekhar, Union Minister of State for Skill Development & Entrepreneurship and Electronics and IT.[3]

“Be conscious of data privacy and cyber security issues”: SBI MD told Micro Finance Institutions

During an address at Sa-Dhan organised national conference on financial inclusion, State Bank of India (SBI)’s Managing Director— Alok Kumar Choudhary,said that MFIs need to pay close attention to data privacy and cyber security issues as they are dealing with large volume of customer-related data. “What is very important is the integration with the evolving regulation, particularly when you have a data privacy law. The enormous amount of data which has been handled by all the MFIs, this particular aspect (data privacy) requires attention and some kind of action plan needs to be in place,” said Choudhary. Under the government’s financial inclusion drive, SBI alone accounted for 36 per cent of total accounts opened under the ‘Pradhan Mantri Jan Dhan Yojna’. Over 50 crore bank accounts have been opened, and the outstanding deposits in these accounts stood at over ₹ 2.03 lakh crore.[4]

“CERT-In handled over 1.39 million cyber security incidents in 2022”: CERT-In’s Annual Report

The Indian Computer Emergency Response Team (CERT-In) responded to over 1.39 million cyber security-related incidents in 2022, including many ransom ware, phishing, DDoS, and malware assaults. This information is highlighted in CERT-In’s “Annual Report for 2022”. CERT-In responded to 3,24,620 unauthorised network scanning or probing and 1,61,757 attacks using viruses or malicious programs. Threat actors employ a scanning attack technique to find holes in a system or network. A substantial number of website defacements, a kind of cyber-attack in which attackers compromise and modify the content of websites, were another cyber-attack that CERT-In had to handle. In 2022, CERT-In recorded 19,793 instances of website defacement. Of 19,793 attacks, 15,702 were on websites with the “.in” domain, and 3,582 involved the “.com” domain.[5]


A cyber-attack exploited a vulnerability in the Japanese Space Agency’s network equipment

The Japan Aerospace Exploration Agency (JAXA) was the target of a cyber-attack on 29 November 2023, which took advantage of vulnerabilities in the agency’s network infrastructure. However, the authorities reassured the public that vital data about rocket and satellite operations was safe. As a result of the information supplied by an outside entity, JAXA was made aware of the possible breach and promptly launched an internal investigation. In a new JAXA fund earlier this month, the Japanese government committed Yen 01 trillion (USD 6.6 billion) to the country’s space industry.[6]

Queensland passed mandatory ‘data breach’ notice laws

Within two months of its introduction, the Information Privacy and Other Legislation (IPOL) Amendment Bill 2023 passed through the Queensland State Parliament. The Bill will require State and local government entities to notify affected individuals and the State’s privacy watchdog of eligible data breaches that would likely result in serious harm. A similar scheme exists at the Commonwealth level through the mandatory Notifiable Data Breaches Scheme, but it does not extend to state agencies, state-owned corporations, or local councils, only federal agencies and parts of the private sector. The Queensland scheme will come into effect for state government entities at the beginning of July 2025, while local governments have been given until July 2026 to prepare for the changes. New South Wales is the only other State or territory to have introduced a mandatory data breach notification scheme, passing legislation for the scheme in November 2022. [7]

Iran-supported hackers attacked a Pennsylvania water treatment facility

Reportedly, a hacker group— “Cyber Av3ngers”, linked to Iran’s Islamic Revolutionary Guard Corps (IRGC)- attacked and gained control of at least a device at the Municipal Water Authority of Aliquippa, PA, in Pennsylvania. The water treatment station regulates pressure for two townships with a population of over 7,000 people. “The agency is “aware” of the intrusion and that they are closely engaged with sector and interagency partners to understand this evolving situation and provide any necessary support or guidance,” said Executive Assistant Director for Cyber Security at the Cybersecurity and Infrastructure Security Agency (CISA).

The hackers did not get access to anything in our actual water treatment plant — or other parts of our system — other than a pump that regulates pressure to elevated areas of our system. The booster station sent an alarm to operators who then took manual control of the station,” said Matthew Mottes, Chairman of the Municipal Water Authority of Aliquippa, PA. The hackers appear to have accessed a Unitronics’ Programmable Logic Controller (PLC) and displayed an image that read: “`You have been hacked. Down with Israel. Every equipment ‘made in Israel’ is a Cyber Av3ngers legal target.” Unitronics is an Israel-based publicly traded company.[8]

Finland aims to become a ‘Metaverse Global Leader’ by 2035

On 29 November 2023, the Finnish government published a strategic report entitled “Metaverse Initiative by the Finnish Ecosystem: Virtual Potential into Real-World Impact”, aiming to become a global leader in the Metaverse industry by 2035. As Japan, the United Kingdom, the United Arab Emirates, and China have already started working on similar strategies, Finland is the first European Union member state to formulate such a strategy. However, the European Commission’s similar strategy published in July this year used the phrase— ‘virtual worlds’— as the Metaverse phrase seems closely associated with Meta company (formerly known as Facebook).

The term [metaverse] has been used to describe various visions of virtual worlds that are immersive and experiential, and that may integrate elements of the physical and digital worlds,” according to the report. “Finland’s definition for the metaverse—and not virtual worlds—helps to clarify rather than confuse key elements of new immersive technology,” said Patrick Grady, editor at policy hub Metaverse EU.[9]


[1]“Telecommunication Engineering Centre and Indraprastha Institute of Information Technology sign MoU for collaboration in the area of trustworthy and responsible artificial intelligence systems”, Press Information Bureau-Ministry of Communications, 03 November 2023, available from:
[2]“State-sponsored cyber attacks against India went up by 278% between 2021 and September 2023: Report”, The Wire, 06 November 2023, available from:
[3]“Union Government issues advisory to social media intermediaries to identify misinformation and deepfakes”, Press Information Bureau- Ministry of Electronics and IT, 07 November 2023, available from:
[4]Srivats, K R. “Be conscious of data privacy and cybersecurity issues, State Bank of India MD Choudhary”, Hindu Business Line, 08 November 2023, available from:
[5]Sur, Aihik. “CERT-In tackled over 1.39 million cyber security incidents in 2022: Annual Report”, Money Control, 15 November 2023, available from:
[6]Brady, Sarah. “Cyberattack targets Japan’s space agency”, Verdict, 29 November 2023, available from:
[7]Hendry, Justin. “Queensland passes mandatory data breach notice laws”, Innovation Aus, 29 November 2023, available from:
[8]Vasquez, Christian and AJ Vicens. “Pennsylvania water facility hit by Iran-linked hackers”, Cyberscoop, 28 November 2023, available from:
[9]Tar, Julia. “Finland seeks to become metaverse global leader by 2035”, Euractiv, 29 November 2023, available from:

Contact Us