Steakhouse Financial Attacked, Indian Infrastructure Targeted, MEA Shipment Scams
Here are the top 4 cyber incidents from last week that every cyber enthusiast must be aware of. Steakhouse Financial, a crypto platform, was targeted by threat actors. A steep spike in cybersecurity threats against critical infrastructure systems in India is evident. The MEA region is experiencing a rise in fake shipment tracking scams. Meanwhile, the global healthcare industry is on the radar of cybercrooks and is looking forward to the deployment of stringent rules.
Steakhouse Financial targeted by threat actors!
One of the popular crypto platforms, Steakhouse Financial, fell prey to a phishing attack on March 30. They informed the users about the cyber mishap. It was a phishing attack that successfully targeted the Steakhouse Financial frontend.
They issued a statement on X urging Steakhouse users to “not interact with the Steakhouse app until further notice.”
Team Steakhouse has also clarified that the cyberattack did not affect any user deposits or smart contracts. The cyberattack was strictly limited to the frontend interface of Steakhouse Financial. However, this can be bad news for users, because the frontend is essentially the user interface layer. This implies that threat actors can try to compel users into signing malicious financial transactions.
Blockaid, a reputed Blockchain security provider, detected the threat attack on Steakhouse Financial.Blockaid believes that this attack will majorly affect new users of Steakhouse who proceed to interact with the compromised user interface. So, existing deposits may not be at risk currently.
Steakhouse Financial is working closely with authorities and experts, and soon the front-end interface will be restored after eliminating the malicious code. Users have been requested to wait until an all-clear notice is issued by the crypto platform.
Indian critical infrastructure on the radar of cybercrooks!
Crucial infrastructural systems in India, like telecom networks, energy utilities, and financial institutions, are on the radar of threat actors. The Reserve Bank of India, Indian Computer Emergency Response Team (CERT- In), the defence ministry, and Securities and Exchange Board of India have issued advisories for these sectors.
Nation-state actors in Russia, Europe, Southeast Asia, etc., need a consistent supply of data to carry out malicious activities like blackmail. Indian infrastructure is increasingly becoming a favorite pick among hacktivist groups.
What’s most concerning is the fact that the phishing emails closely resemble genuine communications from military departments and ministries. In case malware gets into the system and infects it, everything gets compromised- from policy drafts to messaging data.
Sundareshwar Krishnamurthy from PwC India states that the evolving threat landscape in India is actually becoming a cause of concern for Indian infrastructure and the related enterprises.
Not only India, but APT or Advanced Persistent Threat groups are also taking a keen interest in other nations like Ukraine, Algeria, Mongolia, and even the US. Recently, a group called Handala managed to break into the personal email of the FBI’s director, Kash Patel, and leaked his personal photographs.
False shipment tracking scams across the MEA region
Group IB, the cybersecurity firm, has detected a steep spike in false shipment-tracking scams across the Middle East and Africa. This is an ongoing phishing campaign that targets buyers by abusing parcel tracking messages and delivery notifications.
The campaign has been active since December 2025, and so far, it has affected South Africa and Egypt the most.
Threat actors have been using phishing-as-a-service platforms to carry out large-scale attacks. They send malicious tracking links to gain access to the financial and personal data of consumers who are expecting parcel delivery.
Logistics operators are recommended to implement DMARC, DKIM, and SPF to eliminate email spoofing risks. Companies must come up with verification tools on their official platforms that enable consumers to cross-check the delivery tracking numbers and other associated details.
GhostSocks allow threat actors to go into stealth mode!
A new malware, GhostSocks, is slowly penetrating into the cybersecurity landscape. It helps threat actors to successfully evade detection. GhostSocks does so by turning the compromised systems into residential proxy nodes.
Residential proxies enable threat actors to carry out fraudulent activities through genuine home IP addresses. This detour creates the illusion that traffic originates from random users, thereby raising no suspicion against the threat actors.
With GhostSocks, cybercrooks can easily evade conventional IP-based detection mechanisms, anomaly detection tools, and geographic restrictions.
Researchers at Darktrace have revealed that threat actors have begun relying heavily on GhostSocks and Lumma Stealer to carry out stealthy cyberattacks.
With residential proxy abuse entering the mainstream attack landscape, enterprises can no longer stay lenient against cyberattacks. They need to be more proactive and ruthless. AI-backed defence mechanisms are required to identify any suspicious behavior or anomalies. Traditional defence systems alone are no longer sufficient to combat modern threat attack mechanisms.
