CyberWatch Weekly: Bajaj Auto Ransomware Attack, Iranian Banking Disruption, and Russian Messenger Hacking Campaign

This week’s cybersecurity updates show how attacks are affecting different layers of modern life. A major Indian automaker faced a ransomware incident, Iranian banks had to suspend card-based services after cyberattacks, and Ukrainian and U.S. agencies exposed Russian attempts to hack messaging apps used by officials, military personnel, politicians, and activists. What was common in all of them is that cyberattacks are no longer limited to IT systems. They can affect business continuity, access to banking services, sensitive communication, and public trust.

Bajaj Auto Systems Hit by Ransomware Attack

Bajaj Auto confirmed that a ransomware attack hit systems at the company and its wholly owned tech subsidiary, Bajaj Auto Technology Ltd. According to the company’s regulatory filing, the incident occurred at approximately 8 AM IST on June 23. Bajaj Auto said its technical teams, cybersecurity experts, and management responded quickly and initiated precautionary measures to contain the attack and reduce its impact.

The company also said that, based on the information available so far, the steps taken had so far been effective in mitigating the impact. However, Bajaj Auto did not disclose the extent of the disruption, whether any data had been compromised, or whether manufacturing and business operations were affected. The company also informed CERT-In about the incident.

Ransomware attacks typically enter systems through weak access controls, exposed services, phishing, compromised credentials, or unpatched vulnerabilities. Once inside, they may try to encrypt systems, disrupt operations, or pressure the organization into paying.

For large businesses, ransomware readiness must go beyond backups. Organizations need strong endpoint protection, identity security, network segmentation, incident response playbooks, tested recovery plans, and fast reporting mechanisms. The key is not only to restore systems, but also to limit how far attackers can move once they enter.

Key Takeaway: Ransomware can hit even major brands, making quick containment, response readiness, and operational continuity essential.

Source: The Economic Times

Iranian Banks Suspend Card Services After Cyberattack

Iran’s state-owned banking technology provider said cyberattacks disrupted card-based banking services at Bank Melli, Bank Saderat, Bank Tejarat, and the Export Development Bank of Iran. The disruption led to a temporary suspension of all card-related operations at the three banks to prevent further unauthorized access.

According to the report, ATM services, point-of-sale terminals, and mobile applications linked to card systems were affected. Cybersecurity teams worked to restore normal operations, while the banks temporarily suspended card-related services to prevent further unauthorized access. The report also noted that an earlier disruption on June 14 had affected major banks after a cyberattack targeted a shared communication system. Officials said that the earlier incident had not compromised customer data.

This kind of incident shows how heavily financial services depend on shared digital infrastructure. If attackers disrupt card systems, the impact can quickly reach customers, merchants, ATMs, mobile apps, and payment networks.

Banks and financial institutions need strong monitoring across shared systems, layered fraud detection, network segmentation, backup communication channels, and tested incident response plans. During such attacks, speed matters. Temporarily suspending affected services may help prevent further damage, but long-term resilience depends on identifying weak links before attackers exploit them.

Key Takeaway: Banking cyberattacks affect more than systems. They can interrupt everyday financial access for customers and businesses.

Source: Reuters

SBU and FBI Expose Russian Attempts to Hack Officials’ Messengers

Cybersecurity specialists from Ukraine’s Security Service, together with the FBI, exposed systematic attempts by Russian special services to hack messengers used by officials in Ukraine, Europe, and the United States. The targets included officials, military personnel, politicians, activists, and even personal accounts of Ukrainian citizens.

The goal was to gain access to sensitive military, political, and economic information exchanged through messaging platforms, as well as to steal personal data. According to the SBU, attackers used various methods, including SMS messages pretending to be from “support teams.” These messages were disguised as official bot communication and were often sent during morning hours, when users may be more physically or emotionally vulnerable.

This attack pattern shows that messaging apps have become a major target for espionage. Attackers know that officials and professionals often exchange sensitive information quickly through mobile communication tools. If they can steal passwords, confirmation codes, PINs, or recovery keys, they may gain access without needing to break into a full corporate network.

Users should regularly check active sessions, terminate unknown connections, enable two-factor authentication, use complex PINs, avoid sharing codes or passwords, avoid suspicious links and files, and never scan QR codes from unknown bots or users.

Key Takeaway: Secure communication now depends as much on user awareness and account hygiene as it does on technology.

Source: UNN Report

Final Thoughts This Week

This week’s stories show how cyber threats are spreading across industries, public services, and personal communication channels. Ransomware can disrupt major businesses. Banking cyberattacks can affect everyday transactions. Messenger hacking campaigns can expose sensitive conversations and personal data.

The lesson is never to treat cybersecurity as a back-end IT issue. It must be part of business continuity, financial resilience, employee awareness, and national security readiness.

Strong defenses begin with the basics: secure access, monitoring systems, patching vulnerabilities, user training, testing response plans, and acting quickly when warning signs appear.

Stay vigilant and stay informed with InfosecTrain’s CyberWatch Weekly.