Recent days have witnessed a surge in significant cybersecurity incidents, ranging from legal interventions against domain fraud to sophisticated phishing campaigns and international cybercrime busts. These developments underscore the evolving landscape of digital threats and the measures being taken to combat them.
Judicial and Regulatory Actions Against Domain Fraud
The Delhi High Court issued sweeping directives to curb domain name fraud, targeting non-compliant registrars and registry operators in a landmark ruling. The court’s order, delivered in Dabur India Ltd. v. Ashok Kumar (2025 SCC OnLine Del 9651), mandates:
- Transparency in Registrant Data: Domain Name Registrars (DNRs) must disable default privacy masking for registrant details, offering privacy protection only as an opt-in paid service. Registrant data (including financial/payment information) must be disclosed to law enforcement or courts within 72 hours under India’s IT Rules 2021. Full judgment details.
- Permanent Blocking of Infringing Domains: Domains found violating trademarks or court orders will be permanently blocked and removed from registration pools. Registry operators must enforce this uniformly across all DNRs.
- Dynamic+ Injunctions: Courts can now issue injunctions covering not just exact domain matches but also variants (e.g., alphanumeric changes, different extensions) of well-known trademarks. DNRs are prohibited from suggesting alternative domains post-injunction.
- KYC and Localization Requirements: DNRs must verify registrant details via e-KYC (aligned with CERT-In and NIXI norms) and share data with India’s National Internet Exchange (NIXI). The government is urged to designate NIXI as a central repository for registrant information, accessible to courts and law enforcement under the Digital Personal Data Protection Act (DPDP) 2023.
- Grievance Officers and Compliance: All DNRs must appoint India-based Grievance Officers within one month. Non-compliance risks service blocking under Section 69-A of the IT Act. The court emphasized that privacy laws (e.g., GDPR) cannot override disclosure obligations in fraud cases.
The ruling highlights the role of privacy protection services in enabling cyber fraud, noting that many registrations rely solely on unverified email addresses. The court called for proactive reservation of domain names by government bodies to prevent misuse. Read More.
Phishing and Malware Campaigns
CERT-UA warned of a phishing campaign distributing the AGEWHEEZE malware, targeting Ukrainian state organizations and financial institutions. The campaign, attributed to Cyber Serp, highlights the evolving tactics of threat actors. Additionally, EvilTokens, a Phishing-as-a-Service (PhaaS) toolkit, has been abusing Microsoft’s device code authentication flow to hijack accounts globally.
From March 26–27, 2026, over 1 million emails were sent from spoofed addresses like incidents@cert-ua[.]tech. The emails directed recipients to install a fake “protection tool” that actually installs the AGEWHEEZE remote access trojan (RAT). This Go-based malware communicates via WebSockets and supports file operations, clipboard manipulation, keylogging, and persistence through scheduled tasks or registry modifications.
The campaign, led by the threat actor group UAC-0255, targeted state organizations, medical centers, financial institutions, and educational entities. Although most attacks failed, some devices in educational institutions were compromised. The fake website cert-ua[.]tech was likely AI-generated, containing the signature “С Любовью, КИБЕР СЕРП” (“With Love, CYBER SERP”). The group Cyber Serp claimed responsibility and assured “average Ukrainian citizens” would not be harmed, despite previously breaching Cipher, a Ukrainian cybersecurity firm.
The EvilTokens toolkit, discovered by researchers at Sekoia, has been exploiting Microsoft’s device code authentication flow since mid-February 2026. Victims receive lures prompting them to enter a device code on Microsoft’s legitimate login page. Once authenticated, the attacker gains access tokens valid for 60 minutes, renewable for 90 days. This kit includes features like email harvesting, inbox analysis, and a built-in webmail interface. Operated via Telegram bots, the campaign bypasses traditional phishing detections by leveraging Microsoft’s official domain, avoiding credential interception.
The phishing landscape continues to evolve, with threat actors adopting sophisticated methods to evade detection and compromise sensitive information. For a detailed analysis, refer to the CERT-UA advisory.
Travel Scams and Fake Websites
Cybercriminals created fake websites for luxury resorts in Mysuru, India, defrauding travelers of significant amounts. This scam highlights the importance of verifying website URLs and being cautious of unrealistic discounts. The police urge travelers to be vigilant and report suspicious sites to local cybercrime units. More on the scam can be found in the Indian Express report. This incident underscores the broader trend of scammers exploiting seasonal travel surges by registering domains for well-known hotels, often with vague claims or suspicious payment requests. For more insights into financial fraud and scams, visit the unmasking financial fraud article.
Transnational Cybercrime and Extraditions
Cambodia extradited Li Xiong, former chairman of Huione Group, to China on April 1, 2026. This follows the January extradition of Chen Zhi, founder of Prince Group. Both were linked to transnational scam compounds laundering billions via crypto and online fraud. The US Treasury accused Huione Group of laundering $4 billion (2021–2025) for North Korean cybercriminals and Southeast Asian scam rings. Services included crypto laundering and e-commerce fronts for illicit funds. The extraditions follow the execution-style murder of Lin Ping-wen, a Taiwanese gambling figure, in Sihanoukville on March 23, 2026. Lin was wanted for a $100M+ money laundering case tied to Taiwan’s 88 Lounge. Cambodia pledged to close all scam centers by April 2026, though critics call this window-dressing. The Prince Group was sanctioned by the US/UK for allegedly fronting Asia’s largest cybercrime syndicate, laundering funds via casinos, crypto, and romance scams. Citizenship loopholes allowed Chen and Li to obtain Cambodian citizenship, later revoked. Analysts blame lax background checks for foreigners buying citizenship, fueling Cambodia’s rise as a scam hub alongside Myanmar’s Myawaddy enclave. For more on the extraditions, see the Asia Financial report.
Final words
The recent cybersecurity incidents highlight the need for proactive measures against domain fraud, sophisticated phishing tactics, and transnational cybercrime. Organizations and individuals must remain vigilant and adapt to new threats. Follow the links for detailed advisories and reports. Delhi HC ruling, CERT-UA advisory, EvilTokens PhaaS.