What to do if I shared my OTP in a phishing scam?

Immediately contact your bank’s customer service (SBI 1800-11-1109, HDFC 1800-202-6161) to block your account and report the incident.

How do I identify phishing scams targeting me?

Look for signs like poor grammar, unusual sender addresses, and requests for sensitive information that legitimate organizations would never ask for.

How can I report this type of scam in India?

You can report scams by calling the cybercrime helpline at 1930 and visiting cybercrime.gov.in to submit a complaint.

How can I recover money or protect my accounts after this scam?

Notify your bank immediately to freeze your accounts and follow their procedures for fraud disputes. Monitor your accounts closely thereafter.

Chinese APTs Expand Targets, Update Backdoors

INDIA — By BharatSecure Threat Intelligence Team · Updated May 15, 2026

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: phishing

How Chinese APTs Expand Targets, Update Backdoors Works

Chinese Advanced Persistent Threat (APT) groups are broadening their attack scope and updating their malicious tools in recent campaigns. For instance, Salt Typhoon has attacked an energy company in Azerbaijan, while Twill Typhoon has targeted Asian entities with an enhanced Remote Access Trojan (RAT).

How This Scam Works — Detailed Explanation

Chinese Advanced Persistent Threat (APT) groups, particularly those known as Salt Typhoon and Twill Typhoon, are broadening their attack targets, focusing on various sectors including energy and technology. The approach often starts with phishing emails or messages on popular platforms like WhatsApp, wherein scammers disguise themselves as legitimate entities or government organizations. These communications are carefully crafted to look authentic, frequently incorporating local languages or dialects, making them resonate with potential victims in India. For example, a phishing email might appear to originate from NPCI regarding UPI updates, prompting users to click on a malicious link that leads to a fake website designed to harvest personal information.

To gain victims' trust, the scammers utilize social engineering techniques, using urgency or fear-based tactics to compel immediate action. In the case of UPI users, a typical message might falsely warn that their Aadhaar details have been compromised, thereby prompting them to enter sensitive information on a spoofed website. The attackers may also impersonate well-known banks, convincing victims that they must verify their account details or risk losing access. These emotionally charged strategies are designed to exploit vulnerabilities, capitalizing on the fear of financial loss or data theft.

The aftermath for victims can be devastating and complicated. Once a victim submits their information, the scammers typically use it to gain unauthorized access to bank accounts, or in some cases, create counterfeit Aadhar identities to facilitate further scams. There have been numerous reports of individuals losing significant amounts of money through UPI transactions initiated by these scammers. In one notable instance, more than ₹45 crore was reported lost in scams involving fake OTPs sent to unsuspecting victims. Furthermore, reports suggest cases where immediate withdrawals were made using the stolen credentials, leaving victims with little hope of recovery. Victims often despair, realizing too late that the message they believed was from a legitimate source was, in fact, a sophisticated phishing attempt.

The wider implications of these scams are equally alarming. In recent years, the Ministry of Home Affairs (MHA) has reported a surge in cybercrime incidents, with losses attributed to phishing scams totaling several hundred crores in just one year. The increasing sophistication of attacks executed by groups like Salt Typhoon and Twill Typhoon underscores the persistent risk imposed on both individuals and organizations within India. Initiatives by the Reserve Bank of India (RBI) and CERT-In are striving to combat these threats, but the responsibility to stay vigilant largely falls on the potential victims themselves. As these APTs update their tools and target strategies, understanding their methods becomes crucial.

To differentiate these fake communications from legitimate ones, look for obvious mismatches in the sender’s email address or phone number, especially if they seem to be from organizations you usually trust. Legitimate sources will not ask for sensitive information via unsecured channels like WhatsApp or email and will almost always direct you to secure websites. Always double-check the web addresses you are directed to, ensuring that they begin with 'https://' and display a valid SSL certificate. Awareness and skepticism are essential, as scammers continuously adapt to exploit any potential oversight in digital communications.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Chinese APTs Expand Targets, Update Backdoors Target?

General public across India

Red Flags — How to Identify Chinese APTs Expand Targets, Update Backdoors

Chinese APTs
Salt Typhoon
Twill Typhoon
backdoors
RAT
targeted attacks
Azerbaijan
Asian entities

What To Do If You Encounter Chinese APTs Expand Targets, Update Backdoors

Report suspicious messages to the cybercrime helpline at 1930 or visit cybercrime.gov.in.
Enable two-factor authentication on your bank accounts and UPI apps to add an extra layer of security.
Regularly monitor your bank statements for any unauthorized transactions and report them immediately.
Be cautious with sharing your Aadhaar details; only share it on official platforms when absolutely necessary.
Use official bank apps and verify URLs before entering sensitive information.
Educate family and friends about phishing scams to raise awareness in your community.

How to Report Chinese APTs Expand Targets, Update Backdoors in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a phishing scam?: Immediately contact your bank’s customer service (SBI 1800-11-1109, HDFC 1800-202-6161) to block your account and report the incident.
How do I identify phishing scams targeting me?: Look for signs like poor grammar, unusual sender addresses, and requests for sensitive information that legitimate organizations would never ask for.
How can I report this type of scam in India?: You can report scams by calling the cybercrime helpline at 1930 and visiting cybercrime.gov.in to submit a complaint.
How can I recover money or protect my accounts after this scam?: Notify your bank immediately to freeze your accounts and follow their procedures for fraud disputes. Monitor your accounts closely thereafter.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.