In an increasingly mobile-first world, organizations are leveraging mobile devices for a variety of operational needs – making them indispensable tools for business productivity. Whether it’s sales reps using tablets in the field, managers accessing dashboards from their phones, or logistics teams managing and tracking deliveries in real time — mobile devices are the backbone of modern enterprises. However, this reliance introduces a complex set of security, compliance, and management challenges.
The Rising Threat Landscape
According to the Verizon 2024 Mobile Security Index, 28% of all cyberattacks on corporate endpoints targeted mobile devices1, making them the second most attacked category after IoT. India, notably, accounted for 28% of global mobile malware attacks2, and the threat is accelerating — cyberattacks in India’s government sector organizations alone increased by 138% in four years.
Common Challenges Faced by IT Teams
If your organization is issuing mobile devices but not actively managing them, you’re leaving a wide door open for cyber threats, data breaches, and productivity loss. Without a Mobile Device Management platform, IT Admins in an organization also struggle with multiple challenges, including:
Lack of visibility into how and where devices are being used
Compliance headaches, especially in sectors like BFSI and government
Increased risk from data breaches and insider threats
Rising IT overhead from manual device provisioning and support
User resistance due to poor onboarding and restrictive policies
High IT overhead for manual updates and troubleshooting
Productivity losses due to device misuse
Hidden costs from lost, misused, or underutilized devices
These issues not only compromise security but also hamper operational efficiency.
Enter Seqrite Mobile Device Management (MDM): Purpose-Built for Indian Enterprises
Seqrite Mobile Device Management (MDM) is a comprehensive solution designed to manage, secure, and optimize the use of company-owned mobile devices across industries. Seqrite MDM offers a comprehensive solution that empowers IT admins to streamline device management and security with ease. It simplifies device enrolment by automating provisioning and configuration, reducing manual effort and errors. With robust security features like inbuilt antivirus, password complexity enforcement, and remote wipe, organizations can ensure sensitive data remains protected. IT teams can also deploy managed applications consistently across devices, maintaining compliance and control. Furthermore, employees benefit from seamless access to corporate resources such as emails and files, driving greater productivity without compromising security
Seqrite MDM offers full lifecycle device deployment & management for Company Owned Devices with diverse operational modes:
Dedicated Devices Locked down devices for specific tasks or functions managed in kiosk/ launcher mode with only selected apps and features – reducing misuse and maximizing operational efficiency.
Fully Managed Devices Manage all apps, settings, and usage, ensuring complete security, compliance, and a consistent user experience with full administrative control.
Fully Managed Devices with Work Profile Hybrid model, allowing personal use while keeping work data isolated in a secure Android Work Profile – Manage only the work container, ensuring data separation, user privacy, and corporate compliance.
Seqrite MDM has following comprehensive mobile security and anti-theft features, which attribute to advanced differentiators setting it apart as a security-first MDM solution:
Artificial Intelligence based Anti-Virus: Best-in-class, built-in antivirus engine that keeps the devices safe from cyber threats.
Scheduled Scan: Remotely schedule a scan at any time and monitor the status of enrolled devices for security risks and infections.
Incoming Call Blacklisting/Whitelisting: Restricts incoming calls to only approved series or contacts, reducing distractions and preventing unauthorized communication.
Intruder Detection: Captures a photo via the front camera upon repeated failed unlock attempts, alerting users to potential unauthorized access.
Camera/Mic Usage Alerts: Monitors and notifies when the camera or microphone is accessed by any app, ensuring privacy and threat detection.
Data Breach Alerts: Integrates with public breach databases to alert if any enterprise email IDs have been exposed in known breaches.
App Lock for Sensitive Apps: Adds an extra layer of protection by locking selected apps behind additional authentication, safeguarding sensitive data.
Anti-theft: Remotely locate, lock, and wipe data on lost or stolen devices. Block or completely lock the device on SIM change.
Web Security: Comprehensive browsing, phishing, and web protection. Blacklist/ whitelist the URLs or use category/keyword-based blocking. Also, restrict usage of YouTube to control non-work-related content consumption during work hours.
Seqrite MDM goes beyond the basics with advanced features designed to deliver greater control, flexibility, and efficiency for businesses. Its granular app management capability allows IT teams to control apps down to the version level, ensuring only compliant applications are installed across devices. With virtual fencing, policies can be applied based on Wi-Fi, geolocation, or time – making it especially valuable for shift-based teams or sensitive field operations. Real-time analytics provide deep visibility into device health, data usage, and compliance through intuitive dashboards and automated reports. Downtime is further minimized with remote troubleshooting, enabling IT admins to access and support devices instantly. Backed by Seqrite, a Quick Heal company, Seqrite MDM is proudly Made in India, Made for India – delivering modular pricing and unmatched local support tailored to diverse business needs. From BFSI to logistics, education to government services, Seqrite MDM is already powering secure mobility across sectors.
Ready to Take Control of Your Corporate Devices?
Empower your organization with secure, compliant, and efficient mobile operations. Discover how Seqrite Mobile Device Management can transform your mobility strategy:
India has officially entered a new era of digital governance with the enactment of the Digital Personal Data Protection (DPDP) Act, 2023. For businesses, the clock is ticking.
The Act mandates how organizations handle personal data and introduces significant penalties for non-compliance. It’s not just an IT issue anymore; it’s a boardroom concern that cuts across legal, HR, marketing, and product teams.
This blog provides an essential compliance checklist to help Indian businesses understand and align with the DPDP Act before enforcement begins.
Understand What Qualifies as Digital Personal Data
Under the DPDP Act, personal data refers to any data about an identifiable individual. The law applies to data:
Collected digitally, or
Digitized from non-digital sources and then processed.
Whether you’re storing customer details, employee information, or vendor records, it’s covered if it’s personal and digital.
Appoint a Data Protection Officer (DPO)
You’ll need a Data Protection Officer (DPO) if your organization processes large volumes of personal data. This person must:
Act as the point of contact for the Data Protection Board of India.
Ensure compliance across departments.
Handle grievance redressal from data principals (users).
Map and Classify Your Data
Before securing or managing personal data, you must know what you have. Conduct a complete data discovery and classification exercise:
Identify where personal data resides (servers, cloud apps, local drives).
Categorize it by sensitivity and usage.
Tag data to individuals (data principals) and note the purpose of collection.
This is foundational to compliance, enabling you to correctly apply retention, consent, and deletion rules.
Implement Robust Consent Mechanisms
The DPDP Act emphasizes informed, specific, and granular consent. Ensure your systems can:
Capture affirmative user consent before data collection.
Clearly state the purpose for which the data is collected.
Allow easy withdrawal of consent at any time.
Dark patterns, pre-checked boxes, or vague terms won’t cut it anymore.
Enable Data Principal Rights
The Act grants every individual (data principal) the right to:
Know what personal data is being collected.
Access and correct their data.
Request deletion of their data.
Nominate someone to exercise rights posthumously.
You must build systems that can fulfill such requests within a reasonable timeframe. A sluggish or manual process here could result in reputational damage and fines.
Revamp Your Privacy Policy
Your privacy policy must reflect your compliance posture. It should be:
Written in clear, simple language (avoid legalese).
Updated to include new consent practices and rights.
Accessible on all platforms where data is collected.
Transparency builds trust and aligns with the DPDP mandate for fair processing.
Review and Redefine Data Sharing Agreements
If your company works with third parties (vendors, cloud providers, agencies), it’s time to revisit all data processing agreements:
Ensure contracts specify responsibilities and liabilities under the DPDP Act.
Avoid sharing data with parties that cannot ensure compliance.
Include clauses about breach notification and data retention.
Establish a Breach Response Protocol
The law mandates reporting data breaches to the Data Protection Board and affected users. Prepare by:
Setting up a dedicated incident response team.
Creating SOPs for breach detection, containment, and reporting.
Running breach simulation drills for preparedness.
Time is critical; delays in breach reporting can attract harsh penalties.
Train Your Teams
Compliance isn’t just about tools; it’s about people. Conduct mandatory training sessions for all employees, especially those in:
IT and data management
Sales and marketing (who handles customer data)
HR (who manage employee records)
Awareness is your first line of defense against accidental data misuse.
Invest in Technology for Automation and Governance
Manual compliance is error-prone and unsustainable. Consider deploying:
Data Discovery & Classification tools to auto-tag and manage personal data.
Consent Management Platforms (CMPs) to handle user permissions.
Access Control & Encryption solutions to protect data at rest and in transit.
Platforms like Seqrite Data Privacy offer end-to-end visibility and control, ensuring you stay audit-ready and compliant.
The Bottom Line
The DPDP Act is not a one-time checkbox—it demands continuous, demonstrable accountability. Indian businesses must view it as a catalyst for digital transformation, not just a regulatory hurdle.
By acting now, you avoid penalties and earn consumer trust in an era where privacy is a competitive differentiator.
Is your business ready for the DPDP Act? Talk to Seqrite today to explore how our data privacy solutions can streamline your compliance journey.
Seqrite Labs APT team has discovered “Pahalgam Terror Attack” themed documents being used by the Pakistan-linked APT group Transparent Tribe (APT36) to target Indian Government and Defense personnel. The campaign involves both credential phishing and deployment of malicious payloads, with fake domains impersonating Jammu & Kashmir Police and Indian Air Force (IAF) created shortly after the April 22, 2025 attack. This advisory alerts about the phishing PDF and domains used to uncover similar activity along with macro-laced document used to deploy the group’s well-known Crimson RAT.
Analysis
The PDF in question was created on April 24, 2025, with the author listed as “Kalu Badshah”. The names of this phishing document are related to the response measures by the Indian Government regarding the attack.
“Action Points & Response by Govt Regarding Pahalgam Terror Attack .pdf”
“Report Update Regarding Pahalgam Terror Attack.pdf”
Picture 1
The content of the document is masked and the link embedded within the document is the primary vector for the attack. If clicked, it leads to a fake login page which is part of a social engineering effort to lure individuals. The embedded URL triggered is:
The domain mimics the legitimate Jammu & Kasmir Police (jkpolice[.]gov[.]in), an official Indian police website, but the fake one introduces a subdomain kashmirattack[.]exposed.
Picture 2
The addition of “kashmirattack” indicates a thematic connection to the sensitive geopolitical issue, in this case, related to the recent attack in the Kashmir region. Once the government credentials are entered for @gov.in or @nic.in, they are sent directly back to the host. Pivoting on the author’s name, we observed multiple such phishing documents.
Picture 3
Multiple names have been observed for each phishing document related to various government and defence meetings to lure the targets, showcasing how quickly the group crafts lures around ongoing events in the country:
Report & Update Regarding Pahalgam Terror Attack.pdf
Report Update Regarding Pahalgam Terror Attack.pdf
Action Points & Response by Govt Regarding Pahalgam Terror Attack .pdf
J&K Police Letter Dated 17 April 2025.pdf
ROD on Review Meeting held on 10 April 2025 by Secy DRDO.pdf
RECORD OF DISCUSSION TECHNICAL REVIEW MEETING NOTICE, 07 April 2025 (1).pdf
MEETING NOTICE – 13th JWG meeting between India and Nepal.pdf
Agenda Points for Joint Venture Meeting at IHQ MoD on 04 March 2025.pdf
DO Letter Integrated HQ of MoD dated 3 March.pdf
Collegiate Meeting Notice & Action Points MoD 24 March.pdf
Letter to the Raksha Mantri Office Dated 26 Feb 2025.pdf
pdf
Alleged Case of Sexual Harassment by Senior Army Officer.pdf
Agenda Points of Meeting of Dept of Defence held at 11March 25.html
Action Points of Meeting of Dept of Defence held at 10March 25.html
Agenda Points of Meeting of External Affairs Dept 10 March 25.pdf.html
PowerPoint PPAM Dropper
A PowerPoint add-on file with the same name as of the phishing document “Report & Update Regarding Pahalgam Terror Attack.ppam” has been identified which contains malicious macros. It extracts both the embedded files into a hidden directory under user’s profile with a dynamic name, determines the payload based on the Windows version and eventually opens the decoy file with the same phishing URL embedded along with executing the Crimson RAT payload.
Picture 4
The final Crimson RAT dropped has internal name “jnmxrvt hcsm.exe” and dropped as “WEISTT.jpg” with similar PDB convention:
All three RAT payloads have compilation timestamp on 2025-04-21, just before the Pahalgam terror attack. As usual the hardcoded default IP is present as a decoy and the actual C2 after decoding is – 93.127.133[.]58. It supports the following 22 commands for command and control apart from retrieving system and user information.
Commands
Functionality
procl / getavs
Get a list of all processes
endpo
Kill process based on PID
scrsz
Set screen size to capture
cscreen
Get screenshot
dirs
Get all disk drives
stops
Stop screen capture
filsz
Get file information (Name, Creation Time, Size)
dowf
Download the file from C2
cnls
Stop uploading, downloading and screen capture
scren
Get screenshots continuously
thumb
Get a thumbnail of the image as GIF with size ‘of 200×150.’
putsrt
Set persistence via Run registry key
udlt
Download & execute file from C2 with ‘vdhairtn’ name
delt
Delete file
file
Exfiltrate the file to C2
info
Get machine info (Computer name, username, IP, OS name, etc.)
runf
Execute command
afile
Exfiltrate file to C2 with additional information
listf
Search files based on extension
dowr
Download file from C2 (No execution)
fles
Get the list of files in a directory
fldr
Get the list of folders in a directory
Infrastructure and Attribution
The phishing domains identified through hunting have the creation day just one or two days after the documents were created.
Domains
Creation
IP
ASN
jkpolice[.]gov[.]in[.]kashmirattack[.]exposed
2025-04-24
37.221.64.134 78.40.143.189
AS 200019 (Alexhost Srl) AS 45839 (Shinjiru Technology)
This kind of attack is typical in hacktivism, where the goal is to create chaos or spread a political message by exploiting sensitive or emotionally charged issues. In this case, the threat actor is exploiting existing tensions surrounding Kashmir to maximize the impact of their campaign and extract intelligence around these issues.
The suspicious domains are part of a phishing and disinformation infrastructure consistent with tactics previously used by APT36 (Transparent Tribe) that has a long history of targeting:
Indian military personnel
Government agencies
Defense and research organizations
Activists and journalists focused on Kashmir
PPAM for initial access has been used since many years to embed malicious executables as OLE objects. Domain impersonation to create deceptive URLs that mimic Indian government, or military infrastructure has been seen consistently since last year. They often exploit sensitive topics like Kashmir conflict, border skirmishes, and military movements to create lures for spear-phishing campaigns. Hence these campaigns are attributed to APT36 with high confidence, to have involved delivering Crimson RAT, hidden behind fake documents or malicious links embedded in spoofed domains.
Potential Impact: Geopolitical and Cybersecurity Implications
The combination of a geopolitical theme and cybersecurity tactics suggests that this document is part of a broader disinformation campaign. The reference to Kashmir, a region with longstanding political and territorial disputes, indicates the attacker’s intention to exploit sensitive topics to stir unrest or create division.
Additionally, using PDF files as a delivery mechanism for malicious links is a proven technique aiming to influence public perception, spread propaganda, or cause disruptions. Here’s how the impact could manifest:
Disruption of Sensitive Operations: If an official or government worker were to interact with this document, it could compromise their personal or organizational security.
Information Operations: The document could lead to the exposure of sensitive documents or the dissemination of false information, thereby creating confusion and distrust among the public.
Espionage and Data Breaches: The phishing attempt could ultimately lead to the theft of sensitive data or the deployment of malware within the target’s network, paving the way for further exploitation.
Recommendations
Email & Document Screening: Implement advanced threat protection to scan PDFs and attachments for embedded malicious links or payloads.
Restrict Macro Execution: Disable macros by default, especially from untrusted sources, across all endpoints.
Network Segmentation & Access Controls: Limit access to sensitive systems and data; apply the principle of least privilege.
User Awareness & Training: Conduct regular training on recognizing phishing, disinformation, and geopolitical manipulation tactics.
Incident Response Preparedness: Ensure a tested response plan is in place for phishing, disinformation, or suspected nation-state activity.
Threat Intelligence Integration: Leverage geopolitical threat intel to identify targeted campaigns and proactively block indicators of compromise (IOCs).
Monitor for Anomalous Behaviour: Use behavioural analytics to detect unusual access patterns or data exfiltration attempts.
