0% found this document useful (0 votes)

22 views174 pages

Advisory 290924 Sunday

Munitions India Limited has issued multiple advisories regarding the rising threats of cyber security attacks, including ransomware and fraudulent activities by foreign entities. The advisories emphasize the importance of conducting comprehensive cyber security audits, implementing best practices, and educating employees on safe online behavior. All units are urged to take these threats seriously and ensure strict compliance with the recommended measures to protect sensitive information.

Uploaded by

notwebtopper

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOC, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

22 views174 pages

Advisory 290924 Sunday

Uploaded by

notwebtopper

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOC, PDF, TXT or read online on Scribd

You are on page 1/ 174

MUNITIONS INDIA LIMITED

म्यूनिशंस इंडिया
लिमिटेड A GOVT. OF INDIA ENTERPRISE

भारत सरकार का
उद्यम MINISTRY OF DEFENCE

रक्षा मंत्रालय
No. MIL/CYBERSECURITY/HR/IT URGENT Dt. 03/02/2023

To,
The General Manager/Head of Units
All Units under MIL

Sub: Sensitizing on recent cyber security attacks and proactive measures

***
As you are aware, cyber security has become a major concern for all organizations,
especially for those involved in sensitive and critical operations such as ours. Recently, few
defence organizations and government institutions have suffered from cyber security
attacks, causing significant harm to the nation's security and economy. In light of these
events, it is imperative that we take all necessary steps to prevent similar attacks on our
factories/units.
To ensure the highest level of security, It is strongly advised to conduct a
comprehensive cyber security audit of your IT infrastructure, policies and procedures from
CERT-In certified firms. Those Fys/units who has not completed third party cyber security
audit are requested to go for the conduction of the same as early as possible.
In addition to the audit, it is suggested to implement the following measures:
 Regular software updates and patch management to address known vulnerabilities.
 Regular training for all employees on cyber security best practices and safe online
behaviour.
 Implementing multi-factor authentication for all systems and networks.
 Regular backups of all important data and systems.
 Review of existing security protocols and identification of any vulnerabilities.
 Implementation of strong passwords and regular password changes.
 Monitoring of all systems for any suspicious activities and prompt reporting of any
such incidents.
 An Air gap to be maintained between Internet and Comnet
 Only whitelisted Pen drives to be used.
The responsibility of cyber security of unit is with General Manager & Local Cyber
Security officer. It is of parament importance that all factories/units take this matter
seriously and take all necessary measures to protect sensitive information and data of unit.

This is for strict compliance please.

(Deepak U. Deshmukh)
General Manager
Chief Information Security Officers (CISO)
For CMD/MIL, Pune

म्यूनिशंस इंडिया
MUNITIONS INDIA LIMITED
लिमिटेड
भारत सरकार का A GOVT. OF INDIA ENTERPRISE
उद्यम
रक्षा मंत्रालय MINISTRY OF DEFENCE

No. MIL/CYBERSECURITY/HR/IT Dt. 27/02/2023

To,
The General Manager
Ammunition Factory Khadki (AFK)

Sub: ATTEMPTS BY PIOs OF GET DETAILS OF SWAMP DRONES BEING PROCURED

BY THE INDIAN DEFENCE FORCES
***
Cyber security has become a major concern for all organizations, especially for those
involved in sensitive and critical operations such as ours.

Reliable inputs have been received about consistent efforts being made by Pak
Intelligence Officers (PIOs) to obtain details regarding procurement/induction of swarm
drones into Indian Armed forces and Border Guarding Forces. The PIOs have been making
pseudonymous calls, not only to the personnel of armed forces/ BG forces, but have also
been approaching employees of drone manufacturing companies to get information
regarding specifications, procurement processes, status of procurement, etc.

In this regard, all units are requested to sensitize their personnel, especially those
engaged in procurement of equipment, including drones, about attempts by PIOs to extract
sensitive information and to ensure that such sensitive information is not shared in any
manner without confirmation about the identity of the caller. it is suggested to implement
the following measures:
 Regular software updates and patch management to address known vulnerabilities.
 Regular training for all employees on cyber security best practices and safe online
behaviour.
 Implementing multi-factor authentication for all systems and networks.
 Regular backups of all important data and systems.
 Review of existing security protocols and identification of any vulnerabilities.
 Implementation of strong passwords and regular password changes.
 Monitoring of all systems for any suspicious activities and prompt reporting of any
such incidents.
 An Air gap to be maintained between Internet and Comnet
This is for strict compliance please.

(Deepak U. Deshmukh)
General Manager & CISO
For CMD/MIL, Pune

म्यूनिशंस इंडिया
MUNITIONS INDIA LIMITED
लिमिटेड
भारत सरकार का A GOVT. OF INDIA ENTERPRISE
उद्यम
रक्षा मंत्रालय MINISTRY OF DEFENCE
म्यूनिशंस इंडिया
MUNITIONS INDIA LIMITED
लिमिटेड
भारत सरकार का A GOVT. OF INDIA ENTERPRISE
उद्यम
रक्षा मंत्रालय MINISTRY OF DEFENCE

No. MIL/CYBERSECURITY/HR/IT Dt.

29/03/2023

To,
The Sr. General Manager/General Manager/Head of Units

__________________

Sub: Fraudulent activities carried out by Chinese Companies

Ref: CSG-DDP Letter No. 6203/CSG/STD/DDP/Advisory dt.13-Mar-2023

***

Vide reference above, CSG-DDP has come to notice that a complex network,
involving Chinese companies has been carrying out illegal activities such as financial frauds
against unsuspecting Indians.

The Chinese Companies has been involved in cross-border scams that have affected
people in different parts of the country. We believe that it is important to take a proactive
stance on this issue and to make sure that our employees are aware of these fraudulent
activities. It is requested to educate our all employees about such scams and to provide
them with the necessary information to protect themselves from such incidents.

All employees to be vigilant and to report any suspicious activities or incidents that
they come across. It is also requested that all employees remain cautious while dealing with
any external parties and verify their identities before sharing any sensitive information or
making any financial transactions. It is important for us to work together to protect our
customers and our brand.

A copy is enclosed herewith stating four di fferent cases explaining how the Chinese
companies are carrying out illegal activities. It is requested to take necessary action for
enhancing the awareness among the officers and staff.

(D.U. DESHMUKH)
General Manager & CISO
For CMD/MIL, Pune

No. MIL/HR/IT/CYBER-SECURITY Dt. 06/03/2023

To,
The General Manager/Head of Units
All Units under MIL

Sub: Mobile based Malware methods and countermeasures

Ref: DDP-Letter No. 6203/CSG/STDN/DDP/Advisory dt.10-Feb-2023

***
Cyber security has become a major concern for all organizations, especially for those
involved in sensitive and critical operations such as ours. Proliferation of mobile devices for
web browsing and computing has increased manifold in recent times. As per estimates
intimated, mobile devices account for more than 50 percent of internet traffic worldwide.
This has resulted in considerable increase in attack surface. A sweeping change in types and
methods of attacks is also observed. The aim of this advisory is sensitize the organisations
under DDP, on the modus operandi of such mobile based malware and to take precautionary
measures as advised. Details are enumerated in appendix enclosed.

This is for necessary action for enhancing the awareness among the officers and staff
in the Factories/Units. It is of parament importance that all factories/units take this matter
seriously and take all necessary measures to protect sensitive information and data of unit.

This is for strict compliance please.

(Deepak U. Deshmukh)
General Manager & CISO
For CMD/MIL, Pune

No. MIL/HR/IT/CYBER-SECURITY Dt. 06/03/2023

To,
The General Manager/Head of Units
All Units under MIL

Sub: Responding to ransomware attacks

Ref: DDP-Letter No. 6258/CSG/STDN/DDP/Advisory dt.20-Feb-2023

***

This is to bring to your attention that the rising threat of ransomware attacks and to
sensitize all employees of your unit to take necessary precautions to protect the data and
systems. Ransomware is a type of malicious software that is designed to block access to a
computer system or data until a sum of money is paid to the attacker. These attacks can be
devastating for businesses, as they can cause data loss, financial damage, and reputational
harm.
DDP-Cyber security group has issued important instruction/guideline on
Ransomware attacks and how to protect the system against it.

Remember that cybercriminals are always looking for new ways to attack and exploit
vulnerabilities in our systems. By following best practices, we can protect ourselves and our
company from the devastating effects of ransomware attacks.

(Deepak U. Deshmukh)
General Manager & CISO
For CMD/MIL, Pune
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : mil-pune@munitionsindia.in
निगमित कार्यालय पता: दूसरी मंजिल, न्याति यूनिट्री, नगर रोड, येरवडा, पुणे - 411 006
Regd. Address: Ammunition Factory, Khadki, Pune, Maharashtra – 411 003.
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in

No. MIL/HR/IT/CYBER-SECURITY Dt. 20/03/2023

To,
The General Manager/Head of Units
All Units under MIL

Sub: Details for Cyber Crisis Management Plan sake

Ref: DDP email dtd 07-March-2023

***

No. MIL/HR/IT/CYBER-SECURITY Dt. 21/04/2023

To,
The General Manager/Head of Units
All Units under MIL

( Kind Attn : Local Cyber Security Officer )

Sub: Cyber Security Advisories – Implementation of

Ref: DDP letter No. 6203/CSG/STDN/DDP/Advisory dt 05-April-2023

***

This is to bring to your attention the cybersecurity guidelines that MIL has
received from the DDP. As we all are aware, there has been a significant increase in
cyber incidents globally, and it is crucial that we take all necessary measures to
protect ourselves from cyber-attacks.

It is requested to implement these guidelines and ensure their promulgation

at all levels. A cyber-attack can cause irreparable damage to our organization,
including data loss, financial losses, and loss of reputation. Therefore, it is crucial that
we take all necessary measures to safeguard our systems and data from potential
threats.
These guidelines will provide us with essential information on how to identify
potential vulnerabilities, assess risks, and take measures to address them.

It is requested to review the attached sheet of cybersecurity guidelines and

implement them immediately. Please ensure that all employees are aware of these
guidelines and that they are implemented at all levels of your unit.

This is for strict compliance please.

(Md. Shahir
Farooqui)
Dy. General
Manager/HR
For CMD, MIL, Pune

No. MIL/HR/IT/CYBER-SECURITY Dt. 10/06/2023

To,
The General Manager/Head of Units
All Units under MIL

( Kind Attn : Local Cyber Security Officer )

Sub: Advisory on Security Best Practices for CHATGPT – Implementation of

Ref: DDP letter No. 6203/CSG/STDN/DDP/Advisory/G-5/Vol-III dt 24-05-2023
***
This is to bring to your attention the cyber security guidelines that MIL has
received from the DDP on the subject matter. The aim of the advisory is to sensitise
the environment on the potentials and concerns emerging from the introduction of
such technologies. ChatGPT has promising prospects but also opens up all new threat
landscape. This advisory intends to caution and suggest the precautionary measures
for use of ChatGPT.

It is requested to implement these guidelines and ensure their promulgation

It is requested to review the attached sheet of cybersecurity guidelines and

implement them immediately. Please ensure that all employees are aware of these
guidelines and that they are implemented at all levels of your unit.

This is for strict compliance please.

(Deepak U. Deshmukh)
General Manager & CISO
For CMD/MIL, Pune

No. MIL/HR/IT/CYBER-SECURITY Dt. 16/06/2023

To,
The General Manager/Head of Units
All Units under MIL

( Kind Attn : Local Cyber Security Officer )

Sub: Advisory- A new wave of cyber-attacks on Indian IT infrastructure China
based
cyber threat actors– Implementation of
Ref: CIRA Advisory (Cyber)/SLOD/2023/101 dt 18/04/2023
***
This is to bring to your attention the cyber security guidelines that MIL has
received from the Cyber Information Research Agency (CIRA) on the on the subject
matter. It has been observed that cyber threat actors are targeting prominent Indian
organisations. Cyber incident Response (IR) was conducted and found that only pen
drives were infected with malware. The number of infection occurs only due to use
of USB pen drives for data transaction between Internet and Intranet computers. The
malware infection is likely to increase in govt. organisations in the near future, as
currently no anti-virus is able to detect these malicious filed. The IOCs associated
with this malware compaign are enclosed as Annexure.

It is requested to review the attached sheet of advisory and implement them

immediately. Please ensure that all employees are aware of these guidelines and
that they are implemented at all levels of your unit.

This is for strict compliance please.

(Deepak U. Deshmukh)
General Manager & CISO
For CMD/MIL, Pune

No. MIL/HR/IT/CYBER-SECURITY Dt. 16/06/2023

To,
The Sr. General Manager/General Manager
All Units under MIL

( Kind Attn : Local Cyber Security Officer )

Sub: Advisory- A new wave of cyber-attacks on Indian IT infrastructure China

based
cyber threat actors– Implementation of
Ref: CIRA Advisory (Cyber)/SLOD/2023/101 dt 18/04/2023
***
This is to bring to your attention the cyber security guidelines that MIL has
received from the Cyber Information Research Agency (CIRA) on the on the subject
matter. It has been observed that cyber threat actors are targeting prominent Indian
organisations. Cyber incident Response (IR) was conducted and found that only pen
drives were infected with malware. The number of infection occurs only due to use
of USB pen drives for data transaction between Internet and Intranet computers. The
malware infection is likely to increase in govt. organisations in the near future, as
currently no anti-virus is able to detect these malicious filed. The IOCs associated
with this malware compaign are enclosed as Annexure.

It is requested to review the attached sheet of advisory and implement them

immediately. Please ensure that all employees are aware of these guidelines and
that they are implemented at all levels of your unit.

This is for strict compliance please.

(Deepak U. Deshmukh)
General Manager & CISO
For CMD/MIL, Pune

No. MIL/HR/IT/CYBER-SECURITY Dt. 19/06/2023

To,
The General Manager/Head of Units
All Units under MIL

Subject: Classification of Documents – Implementation of

To prevent a spy or an enemy agent from access to classified information/equipment

to help in investigations into cases of leakage and spying and to implement the
theory of security based on the principle of need to know, need to take and need to
retain. Besides, classified documents should be kept in such a secure place, where
only authorized officials should have access.

The competent authority has to approved the following for classification of

information
a. The originator of the document will be authorised to classify the document as per
the SOP.
b. Sr. Officer of originator shall authorise to upgrade/downgrade the classification of
the information
c. It is the responsibility of the originator that care is taken of such documents so
that the same do not fall in the wrong hands.
d. The overall responsibility of safeguarding classified documents will be of the
originator who shall take all necessary precautions/audits/review mechanisms as
deemed fit.
e. The levels of officer in the Fy/Unit to initiate/handle classification of classified
documents (Top Secret, Secret , Confidential & Restricted) are designated as:
i. TOP SECRET : Officer of the rank of AGM/GM and above
ii. SECRET : Officer of the rank of WM and above
iii. CONFIDENTIAL & RESTRICTED : Officer of the rank of JWM and above
f. For Physical storage of the classified document DDP/MoD Security Manual for
Licensed Defence Industries will be followed.
g. General Guidelines for classification of the documents mentioned in annexure-I
h. Document originator at Fy/Unit shall print the highlighted (bold) words TOP
SECRET, SECRET, CONFIDENTIAL & RESTRICTED in a tabular box format in
a letter as mentioned below and will tick on the appropriate classification box.

[ ] TOP SECRET [ ] SECRET [ ] CONFIDENTIAL [ ] RESTRICTED [ ]UNCLASSIFED

All the units under MIL are requested to implement the same while
preparation and handling the documents.

(Md. Shahir
Farooqui)
Dy. General
Manager
For CMD/MIL,
Pune
म्यूनिशंस इंडिया
MUNITIONS INDIA LIMITED
लिमिटेड
भारत सरकार का A GOVT. OF INDIA ENTERPRISE
उद्यम
रक्षा मंत्रालय MINISTRY OF DEFENCE

No. MIL/HR/IT/CYBER-SECURITY Dt. 19/06/2023

To,
The General Manager/Head of Units
All Units under MIL

Subject: Implementation of CSG-DDP Advisories –Confirmation of

This is to bring to your attention the cybersecurity Advisories received from

CERT-In/CSG-DDP that MIL forwards on regular basis to protect our IT infracture for
cyber attacks which includes instructions to block IPs, Domains,Hash values which
are harfull and can increase the risk of cyber attack. As we all are aware, there has
been a significant increase in cyber incidents globally, and it is crucial that we take all
necessary measures to protect ourselves from cyber-attacks.

It is requested to implement these advisories properly in the Systems like

Fireqall/UTM and ensure their promulgation at all levels. A cyber-attack can cause
irreparable damage to our organization, including data loss, financial losses, and loss
of reputation. Therefore, it is crucial that we take all necessary measures to
safeguard our systems and data from potential threats.
It is requested to send the confirmation report of each and every advisory to
MIL for forward submition to CIRA/CSG-DDP on regular basis. Please ensure that all
employees are aware of these guidelines and that they are implemented at all levels
of your unit.

This is for strict compliance please.

(Md. Shahir
Farooqui)
Dy. General
Manager/HR
For CMD, MIL, Pune

To prevent a spy or an enemy agent from access to classified information/equipment

to help CCSO in investigations into cases of leakage and spying and to implement
the theory of security based on the principle of need to know, need to take and need
to retain. Besides, classified documents should be kept in such a secure place,
where only authorized officials should have access.

The competent authority has to approved the following for classification of

information
i. The originator of the document will be authorised to classify the document as per
the SOP.
j. Sr. Officer of originator shall authorise to upgrade/downgrade the classification of
the information
k. It is the responsibility of the originator that care is taken of such documents so
that the same do not fall in the wrong hands.
l. The overall responsibility of safeguarding classified documents will be of the
originator who shall take all necessary precautions/audits/review mechanisms as
deemed fit.
m. The levels of officer in the Fy/Unit to initiate/handle classification of classified
documents (Top Secret, Secret , Confidential & Restricted) are designated as:
i. TOP SECRET : Officer of the rank of AGM/GM and above
ii. SECRET : Officer of the rank of WM and above
iii. CONFIDENTIAL & RESTRICTED : Officer of the rank of JWM and above
n. For Physical storage of the classified document DDP/MoD Security Manual for
Licensed Defence Industries will be followed.
o. General Guidelines for classification of the documents mentioned in annexure-I
p. Document originator at Fy/Unit shall print the highlighted (bold) words TOP
SECRET, SECRET, CONFIDENTIAL & RESTRICTED in a tabular box format in
a letter as mentioned below and will tick on the appropriate classification box.
[ ] TOP SECRET [ ] SECRET [ ] CONFIDENTIAL [ ] RESTRICTED [ ]UNCLASSIFED

All the units under MIL are requested to implement the same while
preparation and handling the documents.

(Md. Shahir
Farooqui)
Dy. General
Manager
For CMD/MIL,
Pune

No. MIL/2021-22/HR/IT Dt. 14/10/2022

To,
The Sr. General Manager/General Manager/Head of Units
MIL Group of Factories

Sub: Cyber Security Preparedness -Compliance of

Ref: 6258/CSG/STDN/DDP dt.13/09/2022
***

This has a reference to the letter referred above vide which factories/units are
requested to take the necessary measures immediately to enhance the cyber security
preparedness in the areas as mentioned in the attached letter of Cyber Security Group -DDP.

The concerned LCSOs (local Cyber Security Officers of the units are hereby requested
to work on the points as mentioned in the attached letter of DDP and submit the compliance
to MILHQ latest by 24/10/2022 on it-mil@minitionsindia.in without fail.

This may please be accorded due priority

(Md. Shahir Farooqui)

Dy. General Manager
Sectoral Cyber Security Officer(SCSO)
For CMD/MIL, Pune
म्यूनिशंस इंडिया
MUNITIONS INDIA LIMITED
लिमिटेड
भारत सरकार का A GOVT. OF INDIA ENTERPRISE
उद्यम
रक्षा मंत्रालय MINISTRY OF DEFENCE

No. MIL/HR/IT/CYBER-SECURITY Dt. 16/06/2023

To,
The General Manager/Head of Units
All Units under MIL

( Kind Attn : Local Cyber Security Officer )

Sub: Advisory- A new wave of cyber-attacks on Indian IT infrastructure China

It is requested to review the attached sheet of advisory and implement them

immediately. Please ensure that all employees are aware of these guidelines and
that they are implemented at all levels of your unit.

This is for strict compliance please.

(Deepak U. Deshmukh)
General Manager & CISO
For CMD/MIL, Pune

To,
The General Manager/Head of Units
All Units under MIL

( Kind Attn : IT Officer )

Sub: Advisory- MUTHIC C2 FRAMEWORK– Implementation of

Ref: CIRA Advisory : 6203/CSG/STDN/DDP/Advisory/G-5/Vol-III dt 31-July-2023
***
This is to bring to your attention the cyber security guidelines that MIL has
received from the Cyber Information Research Agency (CIRA) on the on the subject
matter. Mythic is attractive to threat actors of varying skill sets, for low skilled actor
the ‘plug-n-play’ capabilities mean that they can use the framework very easily and
effectively. Mythic framework is being used to target diplomatic, defence, research
organisations in Indian Govt. and the Indian Armed Forces or related assets in India
by unknown threat actors. Malicious files try to establish communication with C2
server and upon successful connection, the malicious payload gets dropped to the
victim’s computer and get access of the victim’s computer. The remote access
Trojans can leak info, take screenshots and record webcam streams.

It is requested to review the attached sheet of advisory and implement them

immediately. Please ensure that all employees are aware of these guidelines and
that they are implemented at all levels of your unit.

This is for strict compliance please.

N.O.O.

(Deepak U. Deshmukh) (Md. Shahir Farooqui)

General Manager & CISO Dy.General Manager & SCSO
For CMD/MIL, Pune

To,
The General Manager/Head of Units
All Units under MIL

( Kind Attn : IT Officer )

Sub: Cyber Security Advisories – Implementation of
1)Phishing email with MoD
2)Phishing campaign by Cyber Threat Actors
3)Remedial Measures to avoid compromise of e-mail accounts of sensitive
Government Department
Ref: 1) CSG-DDP Adv: 6203/CSG/STDN/DDP/Advisory/G-5/Vol-IV dt 20-7-2023
2) CSG-DDP Adv: 6203/CSG/STDN/DDP/Advisory/G-5/Vol-II dt 13-7-2023
3) CSG-DDP Adv: 6203/CSG/STDN/DDP/Advisory/G-73/Vol-II dt 24-7-2023
***
Vide ref (1), the phishing emails being received within the email IDs of MoD
personnel. The list of cyber security best practices pertaining to the prevention of cyber
incidents due to phishing mails detailing all the precautions to be followed to safeguard has
been prepared and is enclosed herwith to sensitize all the employees of fy/unit.

Vide ref (2), the phishing URL

https://drdo.gov.in.cyberdefenceexercise.cyou/cyberdefenceexercise.htm mimicking website
of Defence Research and Development Organisation (DRDO) is in the mass circulation since
03-Jun-2023 within various sensitive government organisation including defence
establishments and the email ID mkjaiswal@ord.gov.in is compromised. Take the immediate
action to block the suspicious URLs and the IPs mentioned in the advisory and Sensitise all
employees.
Vide ref(3), Remedial Measures to avoid compromise of e-mail accounts of sensitive
Government Department are given and requested to implement all the remedial measures
immediately.
It is requested to review the attached sheet of advisories and implement them
immediately. Please ensure that all employees are aware of these guidelines and that they
are implemented at all levels of your unit.

This is for strict compliance please.

(D.U. DESHMUKH)
General Manager & CISO
For CMD/MIL, Pune
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय
No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 11/09/2023

To,
The General Manager/Head of Units
All Units under MIL

( Kind Attn : IT Officer )

Sub: Cyber Security Advisories – Implementation of

1)Suspected Calls/emails to DoDP/DRDO establishments
2)Usage of Watermarks in Classified Documents
3)Scrutiny Mechanism for companies belonging to Countries sharing land
border with India
Ref: 1) CSG-DDP Adv: 6258/CSG/STDN/DDP/PIO-13/Advisory dt 04-08-2023
2) CSG-DDP Adv: 6203/CSG/STDN/DDP/Advisory/G-5/Vol-III dt 21-08-2023
3) CSG-DDP Adv: 6258/CSG/STDN/DDP/Advisory/G-12 dt 21-08-2023
***

Vide ref(1), SOP is prepared for safeguarding against calls by Pakistan Intelligence Operative
(PIO). It is requested to sensitize all employees regarding suspected calls/emails.

Vide ref(2), for all sensitive documents, appropriate classification & water marking of
printed documents is recommended as a standard practice. Watermarking keeps the
uniqueness of the copies of printed documents as well as identifies the owner of the
document, thus enhancing info security and accountability. The watermark should be in the
name of the intended recipient/Department and can be easily traced back to the owner of
the document.

Vide ref(3), Scrutiny Mechanism for companies belonging to Countries sharing land border
with India is highlighted. All units are requested to identify investment footprint of China
Foundation for Peace and Development (CFPD) and its office bearers Jiang Zhaobai and
related company Shanghai Penxing (Group) Company Ltd in India.

It is requested to review the attached sheet of advisories and implement them

immediately. Please ensure that all employees are aware of these guidelines and that they
are implemented at all levels of your unit.

This is for strict compliance please.

N.O.O.

(Deepak U. Deshmukh) (Md. Shahir Farooqui)

General Manager & CISO Dy.General Manager & SCSO
For CMD/MIL, Pune

N.O.O.

(Deepak U. Deshmukh) (Md. Shahir Farooqui)

General Manager & CISO Dy.General Manager & SCSO
For CMD/MIL, Pune
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय
No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 15/09/2023

To,
The General Manager/Head of Units
All Units under MIL

( Kind Attn : IT Officer )

Sub: STANDARD OPERATING PROCEDURE (SOP) FOR INTERNET USERS –

Implementation of
Ref: CSG-DDP Adv: 6203/CSG/STDN/DDP/Advisory/G-5/Vol-IV dt 29-8-2023

***
Cyber Security has become a major concern for all organizations, especially for those
involved in sensitive and critical operations such as ours. Due to increase of cyber threats
and compromise incidents, a need for Standard Operating Procedure (SOP) for endpoint
users is prepared in order to improve cyber posture of the units under MIL and to enable all
users to have a guideline and checklist for cyber security.

It is requested to review the attached SOP and implement it immediately. Please

ensure that all employees are aware of these guidelines and that they are implemented at
all levels of your unit.

This is for strict compliance please.

N.O.O.

(Deepak U. Deshmukh) (Md. Shahir Farooqui)

General Manager & CISO Dy.General Manager & SCSO
For CMD/MIL, Pune

STANDARD OPERATING PROCEDURE (SOP) FOR MODNET/INTERNET USERS

(a) Use hardened Linux or Maya –OS along with Chakra agent, in all the internet –facing
PCs/Laptops
(b) No data processing or transmission of classified data, confidential and above should be done
on Internet endpoints/PCs, separate non-Internet connected work PCs to be used by all
units.
1) Use COMNET email system for Internal /Intra units communication
2) Do not keep any classified data on Internet PC, Keep desktop clean
3) Use air gap between Internet and COMNET PC
4) Use whitelisted USB drive only and maintain the record of the same.
(c) All the officials/staff while receiving mail with attachment should due diligently cross verify
the credentials of the sender before downloading the attachment/clicking on any link.
1) Use @munitionsindia.in/@gov.in email only with kavach authentication
2) Do not use personal email in office PCs
3) Always scan files for virus before sending and receiving
(d) In case any call is received pertaining to any mail attachment or password thereof, the
credibility of the caller should be ascertained by giving a call back to the calling number. Only
landline numbers should be accepted for such verification.
(e) COMNET Intranet (Air-gapped network) to be used for data transmission/official work in
Inter-Unit / Inter-DPSUs.
(f) Usage of smartphones to be restricted and non-approved officials/staff should not be
allowed access of smartphone at work place
1) Use of Smartphone inside the Factory shall be restricted.
2) All units shall prepare the list of officers/staff who will use smartphone (Preferably non-
smartphone) duly approved by General Manager.
3) The record of the approved list to be maintained for audit purpose
4) No data shall be transmitted through any social media from smartphone
5) No Smartphone shall be connected to PCs/Laptop through Wi-Fi/Hotspot
6) Do not charge Mobile device from USB port of PC/Laptop
(g) Ensure that no Internet dongles/Mobile Devices/Wi-fi/USB storage devices are plugged into
Intranet (Air-gapped Network) System/COMNET
(h) MEITY guidelines on the usage of Operating System to be followed in respect of standalone/
Internet PCs /System. It should be ensured that operating systems are kept up to date with
latest authentic patch releases.
(i) Use latest Antivirus for all PCs/Laptops separately for Internet and COMNET. Maintain the log
register for daily virus scan status of all PCs /Laptops

*****
N.O.O.

(Deepak U. Deshmukh) (Md. Shahir Farooqui)

General Manager & CISO Dy.General Manager & SCSO
For CMD/MIL, Pune

N.O.O.

(Deepak U. Deshmukh) (Md. Shahir Farooqui)

To,
The General Manager/Head of Units
All Units under MIL

( Kind Attn : IT Officer )

Sub: Advisory on Handling of Phishing e-Mail Attacks – Implementation of
Ref: CSG-DDP Adv: 6203/CSG/STDN/DDP/Advisory/G-5/Vol-IV dt 31-8-2023
***
Vide ref above, the phishing emails being received within the email IDs of MoD
personnel. The list of cyber security best practices pertaining to the prevention of cyber
incidents due to phishing mails detailing all the precautions to be followed to safeguard has
been prepared and is enclosed herewith to sensitize all the employees of fy/unit.

In order to avoid falling prey to the Phishing e-mail attacks, please not the following
point of special signature:-
“DO NOT (Repeat) DO NOT click on any Link in the body of the e-mail”

All employees to be vigilant and to report any suspicious activities or incidents that
they come across. It is also requested that all employees remain cautious while downloading
any link given in email.

It is requested implement the guidelines given in the attached sheet immediately.

Please ensure that all employees are aware of these guidelines and that they are
implemented at all levels of your unit.

This is for strict compliance please.

(D.U. DESHMUKH)
General Manager & CISO
For CMD/MIL, Pune

STANDARD OPERATING PROCEDURE (SOP)

FOR MILHQ COMNET/INTERNET USERS

a) No data processing or transmission of classified data, confidential and above should

be done on Internet endpoints/PCs, separate non-Internet connected work PCs to be
used by all users
1. Use COMNET email system for Internal /Intra units communication
2. Do not keep any classified data on Internet PC
3. Use 3 Layer Password to protect your System
4. Keep PC desktop clean
5. Do not store data/files on C: drive
6. Set Screen-Saver with Password
7. Use air gap between Internet and COMNET PC
8. Use whitelisted USB drive only
b) While receiving mail with attachment should due diligently cross verify the credentials
of the sender before downloading the attachment/clicking on any link.
1. Use @munitionsindia.in/@gov.in email only with kavach authentication
2. Do not use personal email in office PCs
3. Always scan files for virus before sending and receiving
c) In case any call is received pertaining to any mail attachment or password thereof,
the credibility of the caller should be ascertained by giving a call back to the calling
number. Only landline numbers should be accepted for such verification.
d) COMNET Intranet (Air-gapped network) to be used for data transmission/official work
in Inter-Unit / Inter-DPSUs.
e) While using smartphones, following care should be taken :
1. Do not send any official data through any social media from smartphone
2. Do not connect smartphone to PCs/Laptop through Wi-Fi/Hotspot
3. Do not charge Mobile device from USB port of PC/Laptop
4. Do not download unknown apps like Toop App and CASHe Personal Loan App
etc
f) Ensure that no Internet dongles/Mobile Devices/Wi-fi/USB storage devices are
plugged into Intranet (Air-gapped Network) System/COMNET
g) It should be ensured that operating systems and browsers are kept up to date with
latest authentic patch releases.
h) Do not install any unauthorised software like Any desk, Team viewer etc, use only
whitelisted softwares.
i) Ensure that your PC/Laptop is updated with latest Virus database and scan the PC
daily
j) Regularly read and implement the Cyber Security Advisories and vulnerability
reports available in LAN portal https://172.25.100.10/milpis
k) Implement all the Cyber Security guidelines/SOPs issued from time to time
LCSO/MILHQ

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय
No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 27/09/2023

To,
The Sr. General Manager/ General Manager/Head of Units
All Units under MIL

Sub: A predatory Lending Apps on Google Play Store – reg.

Ref: CIRA Adv: Advisory (cyber)/S(01)/2023/558 dt 14-Sep-2023
***
Vide ref above, CIRA has received inputs from reliable sources that personnel
deployed in entities involved in Defence R&D and Defence Production have been targeted by
foreign agents using unidentified Pakistani and Indian numbers for sharing workplace
contacts. It has been seen that the Indian Personnel has downloaded loan apps from Google
Play Store on their mobiles and had shared their credentials while registering with these
apps. The agents gained access to the data stored in the mobiles, including contact details,
data, etc and started calling these personnel extorting money and threatening them to
provide workplace contact details etc.

The apps that were downloaded by these personnel include Toop App and CASHe
Personal Loan App. Availability of such suspicious apps on Google Play Store is a matter of
serious security concern. There is a possibility of misuse of contact details, passwords and
other data particularly to those handling defence/security work. Therefore , it is requested
to take appropriate action to prevent misuse of such apps. The officials may be appropriately
sensitised to avoid falling prey to spurious apps/sites and they should avoid downloading
such apps on their mobile devices.

All employees to be vigilant and remain cautious while downloading any such fake
app. Please ensure that all employees are aware of these guidelines and that they are
implemented at all levels of your unit.

This is for strict compliance please.

(KUMAR VAIBHAV GAUR)

General Manager & CISO
For CMD/MIL, Pune
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : mil-pune@munitionsindia.in
निगमित कार्यालय पता: दूसरी मंजिल, न्याति यूनिट्री, नगर रोड, येरवडा, पुणे - 411 006
Regd. Address: Ammunition Factory, Khadki, Pune, Maharashtra – 411 003.
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय
No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 04/10/2023

To,
The Sr. General Manager/ General Manager/Head of Units
All Units under MIL

Sub: Checklist of compliance status for effective implementation of NISPG

Ref: CSG-DDP Letter No. 6211/CSG/STDN/DDP/NISPG/83 dt 06-Sep-2023

***

In this regard, checklist of compliance status for implementation of National

Information Security Policy and Guidelines (NISPG) is forwarded herewith. You are requested
to forward the checklist to MILCO on it-mil@munitionsindia.in latest by 15-10-2023
positively for forward submission to CSG-DDP.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

To,
The Sr. General Manager/ General Manager/Head of Units
All Units under MIL

Sub: Phishing Campaing By Foreign Based Cyber Threat Actors

Ref: CSG-DDP Letter No. 6258/CSG/STDN/DDP/Advisory-12 dt 06-Sep-2023

***

Vide ref above, Information has been received from MoD Cyber Cell that Foreign
based cyber threat actors were hosting phishing log-in page
(samedaywalkintub.ca/mail/gov.in) for Indian Defence Officials. The phishing page was used
to carry out malicious activities related to credential harvesting.

Further, analysis of the phishing domain revealed that various defence personnel
have access the phishing website. It is suspected that the credentials of these users might
have been stolen by the cyber threat actors thus compromising their official NIC mail
accounts.

In this regard, it is requested to sensitize all employees of your Factory/unit regarding

phishing campaign. Further, an advisory on Cyber Security Guidelines is enclosed as
Annexure. Please ensure that all employees are aware of these guidelines and that they
are implemented at all levels of your unit. It is requested to forward the compliance report
to MILCO on it-mil@munitionsindia.in
This is for strict compliance please.

(KUMAR VAIBHAV GAUR)

General Manager & CISO
For CMD/MIL, Pune

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

To,
The Sr. General Manager/ General Manager/Head of Units
All Units under MIL

Sub: Suspected PIO Calls in Ordnance Factory (OF) , Dehu Road, Pune.
Ref: CSG-DDP Letter no. 6258/CSG/STDN/DDP/Advisory/G-12/Vol-III
***
Vide ref above, Reliable inputs have been received that there have been continuous
attempts by PIO to particularly target officials posted in sensitive organisations by honey
trapping them over social media (WhatsApp, Facebook, Instagram etc) to gather information
of Strategic Importance.
2 A matter has come to light wherein the suspected PIO caller(s) demanded extortion,
details of the employees of OF, Dehu Road and threatened an employee of serious
consequences.
3 Said employee had registered himself for an instant loan from his mobile through a
‘CASHe Personal Loan App’ from Google play Store by submitting his credentials but didn’t
proceed to avail the loan. Subsequently, he started receiving WhatsApp voice messages from
unidentified Pakistani numbers demanding money as the repayment of a loan, which he
reported never applied for. The callers/extortionists also gained access to employees
Facebook account and phone contact list and downloaded photos of his family members,
morphed them with objectionable photos and threatened to circulate them to his contacts if
he failed to repay through UPI.
4 Incidentally, the employee also started receiving threatening calls from multiple
Indian numbers, when he refused to comply with the instructions of callers. One of such
callers goaded the fireman to cooperate with him by sharing the workplace contacts and
assured that they will let him go if he starts working at their behest.
5 This is not an isolated case but a similar matter has been reported earlier.
6 In view of above, the Cyber Security Best Practices is enclosed herewith at Annexure-
I and Annexure-II respectively for strict adherence. You are requested to appropriately
sensitize all personnel in your unit under your control to avoid falling prey to the spurious
Apps/sites. Besides, they may be advised to remain vigilant and not reveal sensitive
information to any person over phone call or install malicious applications that would
compromise their systems.

7. This is for strict compliance please.

(Kumar Vaibhav Gaur)

General Manager & CISO
For CMD/MIL, Pune

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का उद्यम MINISTRY OF DEFENCE
रक्षा मंत्रालय
No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 05/10/2023

To,
The Sr. General Manager/ General Manager/Head of Units
All Units under MIL

Sub: Sensitization of Officials on the Silent Provisions of Official Secrets Act-1923

Ref: CSG-DDP Letter no. 6203/CSG/STDN/DDP/Advisory-III
***

1. In the recent past, there have been a number of incidents of leakage or

unauthorized disclosure of official information which are in violation of the
provisions contained in Official Secrets Act-1923 and Rule 11 of Central Civil
Services (Conduct) Rules-1964. The Official Secrets Act-1923 and CCS (Conduct)
Rule-1964 are available in public domain.

2. In view of the above , a gist of the relevant provisions of Official Secrets Act, 1923
and Rule 11 of Central civil Services (Conduct) Rules-1964, is enclosed herewith a
request to sensitize all the officials under your control.

3. Please ensure that all employees are aware of the Official Secrets Act, 1923 and
Rule 11 of Central civil Services (Conduct) Rules-1964.
4. This is for your information and necessary action, please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का उद्यम MINISTRY OF DEFENCE
रक्षा मंत्रालय
No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 05/10/2023

To,
The Sr. General Manager/ General Manager/Head of Units
All Units under MIL

Sub: Advisory: Domains Registered by PAK malicious Actors

Ref: CSG-DDP Letter no. 6203/CSG/STDN/DDP/G-5/Vol-V dt. 18-Sep-23
***
It has been observed that few websites have been registered under “.in”
domain which is originally hosted by Pack based malicious actors. These websites are
hosted to trap Indian Defence Personnel. The list of websites identified till date are as under:
S.No. Malicious Domain
(a) Coorddesk.in
(b) Ksboards.in
(c) Dopt.ccordsec.in
(d) Ksb.cs1.in
(e) Rsb.cs1.in
(f) Cgda.cs1.in
(g) Adminbr.in
(h) Coordbranch.in
(i) Coordbr.in
(j) e-admin.in
(k) Admindesk.in
(l) Ksbpanel.in
2. Further research at national level is in progress to identify more such domains. These
domains can be used to launch spear phishing attacks against Armed Forces.
3. In view of the above, the following actions are to be taken immediately to contain spread of
these campaigns:-
(a) Block the malicious URLs mentioned at para 1 above at perimeter security devices
(b) Sensitise all personnel regarding these phishing campaigns originating from these
phishing domains and download applications only from trusted websites.
(c) Sensitise persons to not enter their NIC login credentials when redirected login page
appears.
(d) Forward any suspicious emails to DCyA e-mail ID (soc.ids@gov.in) without clicking on any
link/opening any attachments/enter credentials for analysis and further guidelines.
(e) Post forwarding to DCyA, delete phishing emails from the inbox and trash folders of all
the recipients.
4. Forwarded for your information and necessary action, please

(Kumar Vaibhav Gaur)

General Manager & CISO
For CMD/MIL, Pune

To,
The Sr. General Manager/ General Manager/Head of Units
All Units under MIL

Sub: Guidelines for Secure Application Design, Development, Implementation &

Operation – Reg.
Ref: CIRA- Advisor (Cyber)/S(01)/2023/586 dt. 18-Sep-23
***

Recent inputs received vide the above reference indicate that one of the key
reasons for vulnerable applications is lack of secure application, design and
deployment by Developer organisations & Government entities.
2. In this matter, it is expected from user entity to ensure that security is inbuilt
feature of the application and should not only rely on the post-development
audit by the auditing organisation.
3. CERT-In has prepared guidelines for secure application design, development,
implementation & operations for Government user organisation, development
organisation and CERT-In empanelled auditing organisation.
4. It is also shared that the guidelines will also be circulated as advise to CERT-In
empanelled auditors to not conduct assessment of applications, if applications
are not developed with security into consideration and declare such
applications as unsafe to host and operate.
5. Guideline document is enclosed for your kind consideration and necessary
action please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय
No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 30/10/2023

To,
The Sr. General Manager/ General Manager/Head of Units
All Units under MIL

Sub: Phishing Campaign Targeting Defence Personnel with Malicious APK on

WhatsApp
Ref: CSG-DDP Adv: 6203/CSG/DDP/Advisory/G-5/Vol-III dt 18-10-2023
***
A recent incident pertaining to circulation of WhatsApp messages with malicious APK
titled “Aadhar Card Verification.apk” (MDF: a59c4c4fcd471c621c0cfead61e2380) file
mimicking UIDAI website has been discovered. The attacker tries to convince the
user to install the APK file on their android mobile phones.
2. Technical Analysis of the APK installer revealed that this installer package is
forwarded by the attacker using WhatsApp message with the title “Updation of
Aadhar Details by Defence Personnel”. With this message, the attacker also tries to
convince the user to install the APK file on android mobile phones for “mandatory”
updating their Aadhar Details. Detailed technical analysis of the malicious APK file is
attached at Annexure-I.
3. Recommendation:
a) It is recommended that all personnel in your unit be sensitized with the Modus
Operandi of the campaign and advised to refrain from installing the application.
Further, the personnel must report receipt of similar messages to their
respective cyber security cell. Generally, the risk involved in opening of
suspicious/phishing URL or installing application from untrusted sources be
reiterated and personnel be advised to exercise due caution.
(a) The C2 Server IP 167.86.98.190 to be included in the firewall/perimeter security
devices block lists.
(b) Users be advised to install MKavach-2 application and sanitise the android
mobile phones (Developer: CDAC Hyderabad).
4. Forwarded for your kind information and necessary action please.

(Kumar Vaibhav Gaur)

General Manager & CISO
For CMD/MIL

(Kumar Vaibhav Gaur)

General Manager & CISO
For CMD/MIL
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 11/12/2023

To,
The General Manager/Head of Units
All Units under MIL

Sub: ADVISORY ON APT BLACKTECH’S EXPLOITATION OF ROUTER FIRMWARE

VULNERABILITIES TO ESTABLISH PERSISTENCE IN NETWORKS
Ref: CSG-DDP Adv: 6203/CSG/STDN/DDP/Advisory/G-5/Vol-IV dt 15-11-2023

***
Cyber Security has become a major concern for all organizations, especially for those
involved in sensitive and critical operations such as ours. BlackTech a state-sponsored APT
group linked with China and specifically has been discovered hacking into network edge
devices, exploiting firmware vulnerabilities to maintain a concealed presence in the
corporate network of US and Japanese multinational companies. BlackTech actors have
targeted government, industrial technology, media, electronics and telecommunication
sectors, including entities that support the militaries of the U.S and Japan. Indian ICT
infrastructure is equally susceptible to such threats.
2. All stake holder/users should remain vigilant and ensure that no network device is
compromised by the emergent threat.
3. Forwarded the advisory for your information and further necessary action, please.

(Kumar Vaibhav Gaur)

General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

MOST-URGENT
(Reminder-IV)

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 22/12/2023

To,
The Sr. General Manager/ General Manager/Head of Units

Sub: Checklist of compliance status for effective implementation of NISPG –

Forwarding of
Ref: 1) CSG-DDP Letter No. 6211/CSG/STDN/DDP/NISPG/83 dt 06-Sep-2023
2) MIL Letter No. MIL/HR/IT/CYBER-SECURITY/ADVISORY dt 04-10-2023
3) MIL reminder emails dt 16-10-23,01-11-23,06-11-23
***

Vide ref above, MHA has prepared National Information Security Policy and
Guidelines (NISPG) in order to prevent information security breaches/Cyber intrusions in ICT
infrastructure. MHA advised to take appropriate steps to strengthen information security
controls as per NISPG for strengthening Information Security and preventing information
security breaches.
In this regard, checklist of compliance status for implementation of National
Information Security Policy and Guidelines (NISPG) is forwarded herewith. It was requested
to forward the checklist to MILCO on it-mil@munitionsindia.in latest by 15-10-2023, but it is
regretted to inform that after good number of reminders, till the report in awaited from your
unit.
Therefore, it is once again requested to submit the report (As per the enclosed
format –point no 12 to 27) positively by 26-12-2023 for forward submission to CSG-DDP.

(Md. Shahir Farooqui)

Dy.General Manager & SCSO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 11/12/2023

To,
The General Manager/Head of Units
All Units under MIL

Sub: ADVISORY ON APT BLACKTECH’S EXPLOITATION OF ROUTER FIRMWARE

VULNERABILITIES TO ESTABLISH PERSISTENCE IN NETWORKS
Ref: CSG-DDP Adv: 6203/CSG/STDN/DDP/Advisory/G-5/Vol-IV dt 15-11-2023
***
Cyber Security has become a major concern for all organizations, especially for those
involved in sensitive and critical operations such as ours. BlackTech a state-sponsored APT
group linked with China and specifically has been discovered hacking into network edge
devices, exploiting firmware vulnerabilities to maintain a concealed presence in the
corporate network of US and Japanese multinational companies. BlackTech actors have
targeted government, industrial technology, media, electronics and telecommunication
sectors, including entities that support the militaries of the U.S and Japan. Indian ICT
infrastructure is equally susceptible to such threats.
2. All stake holder/users should remain vigilant and ensure that no network device is
compromised by the emergent threat.
3. Forwarded the advisory for your information and further necessary action, please.

(Kumar Vaibhav Gaur)

General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 02/01/2024

To,
The General Manager/Head of Units
All Units under MIL

Sub: Guidelines on Information Security Practices for Government Entities

Ref: CSG-DDP Adv: 6258/CSG/STDN/DDP/Advisory-IV dt 18-Dec-2023

***
Cyber Security has become a major concern for all organizations, especially for those
involved in sensitive and critical operations such as ours. To protect against cyber threats,
Computer Emergency Response Team (CERT-In) has prepared guidelines relating to
information security practices, procedures, prevention and response to all Offices. The
guidelines are available on website of Ministry of Electronics & Information Technology
(MeitY) and CERT-In through the following URLS :
https://www.cert-in.org.in/PDF/guidelinesgovtentities.pdf

2. These guidelines cover best practices segregated in different security domains such
as Network Security, Application Security, Data Security, auditing, Third Party Outsourcing.
3. It is requested to download the Guidelines on Information Security Practices and
ensure that all employees are aware of these guidelines and that they are implemented at
all levels of your unit.
4. Forwarded the advisory for your information and further necessary action, please.

(Kumar Vaibhav Gaur)

General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 02/01/2024

To,
The General Manager/Head of Units
All Units under MIL

Sub: ADVISORY- NEW MODUS OPERANDI TARGETING DEFENCE PERSONNEL

VISHING AND PHISHING
Ref: CSG-DDP Adv: 6202/CSG/STDN/DDP/Advisory-III dt 18-Dec-2023

***

A new modus operandi for social engineering is being used by the adversary to
target Defence Personnel. The adversary is using phone calls (vishing) as a tactic to
trick individuals into opening spear phishing emails sent on their NIC email, further
leading to downloading of malicious files or credential harvesting.
The detailed Modus Operandi of BlackTech and preventive measures are
attached herewith for further necessary action, please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय
No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 02/01/2024

To,
The General Manager/Head of Units
All Units under MIL

Sub: HOSTING OF MOBILE APPS FOR THE CITIZEN CENTRIC SERVICES ON “DIGITAL
INDIA APPSTORE”
Ref: CSG-DDP Adv: 6203/CSG/STDN/DDP/Advisory/G-5/Bol-V dt 15-Dec-2023

***
“Digital India m-Seva AppStore”, is India’s indigenous app store launched by
Ministry of Electronics & Information Technology (MeitY) under AatmaNirbhar Bharat
Mission and developed by C-DAC, Mumbai for the hosting of mobile apps for the
citizen-centric services. The app store (https://apps.mgov.in) is currently 1650+ apps
of various domains & categories hosting and downloading of apps on the app store is
convenient and free of cost. Only verified and signed APK files can be hosted on this
app store.
2. Departments/PSU/CPSEs/Govt entities can host their own apps on this
platform and avail of its services. By on boarding the digital India m-Seva AppStore
platform, Government departments would not only be benefited by availing a
channel for authentic mobile apps but would also get the security testing of their
mobile apps done as measure to safeguard the data and privacy of users and prevent
them from any potential threats.
3. A guiding document for the on boarding of the apps on the Digital India m-
Seva AppStore in Annexed herewith.
4. Forwarded for your information and necessary action please.

(Kumar Vaibhav Gaur)

General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 11/01/2024

To,
The General Manager/Head of Units
All Units under MIL

Sub: MALICIOUS ACTIVITIES BY PAKISTAN BASED CYBER THREAT ACTOR SIDECOPY

Ref: CSG-DDP Adv: 6258/CSG/STDN/DDP/Advisory/G-12/Vol-II dt 01-Jan-2024

***
Information has been received from MoD Cyber Cell that Sidecopy, a Pakistan-
linked Cyber threat actor is leveraging the recent WinRAR security vulnerability (CVE-
2023-38831) in its phishing attacks targeting Indian Government entities to deliver
various Remote Access Trojans such as AlloKore RAT, Ares RAT and Drat. Copy of the
vulnerability report is placed at Annexure.
2. In this regard, it is requested to take suitable measures regarding the phishing
campaign using the WinRAR vulnerability, wherein WinRAR before 6.23 allows the
attacker to execute arbitrary code, when a user attempts to view a benign file within
a ZIP archive.
3. It is highly recommended to remove the application WinRAR prior to version
6.23 and upgrade WinRAR to the latest version at the earliest to avoid any future
exploitation of the vulnerability.
4. This is for your information and necessary action, please.

(Kumar Vaibhav Gaur)

General Manager & CISO
For CMD/MIL

Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : mil-pune@munitionsindia.in
निगमित कार्यालय पता: दूसरी मंजिल, न्याति यूनिट्री, नगर रोड, येरवडा, पुणे - 411 006
Regd. Address: Ammunition Factory, Khadki, Pune, Maharashtra – 411 003.
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in
Information has been received from MoD Cyber Cell that Sidecopy, a Pakistan-
linked Cyber threat actor is leveraging the recent WinRAR security vulnerability (CVE-
2023-38831) in its phishing attacks targeting Indian Government entities to deliver
various Remote Access Trojans such as AlloKore RAT, Ares RAT and Drat. Copy of the
vulnerability report is placed at Annexure.
2. In this regard, it is requested to take suitable measures regarding the phishing
campaign using the WinRAR vulnerability, wherein WinRAR before 6.23 allows the
attacker to execute arbitrary code, when a user attempts to view a benign file within
a ZIP archive.
In this regard, it I requested to take suitable measures regarding the phishing
campaign using thr WinRAR vulnerability, wherein WinRAR
3. It is highly recommended to remove the application WinRAR prior to version
6.23 and upgrade WinRAR to the latest version at the earliest to avoid any future
exploitation of the vulnerability.
4. This is for your information and necessary action, please.
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 23/01/2024

To,
The General Manager/Head of Units
All Units under MIL

Sub: ADVISORY- CYBER SECURITY GUIDELINES

Ref: CSG-DDP Adv: 6202/CSG/STDN/DDP/G-5/Vol-V dt 02-Jan-2024

***

This is to bring to your attention the cyber security guidelines on Password

Management, Internet browsing Security, e-Mail Security, Social Media Security are
received from CSG-DDP. As we all are aware, there has been a significant increase in
cyber incidents globally, and it is crucial that we take all necessary measures to
protect ourselves from cyber-attacks.

2. The guidelines are to be adhered by all Internet & Intranet users, including
outsourced/contractual/temporary employees who work in your unit.

3. It is requested to review the attached sheet of cyber security guidelines and

implement them immediately. Please ensure that all employees are aware of these
guidelines and that they are implemented at all levels of your unit.

4. This is for strict compliance please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

MOST-URGENT

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 09/02/2024

To,
The Chief General Manager
All Units under MIL

Sub: FEEDBACK ON ACTION TAKEN REPORT REGARDING MEASURES TO COUNTER

CYBER ATTACK ATTEMPT AT MOD BY PIO
Ref: CSG-DDP Letter No: 6258/CSG/STDN/DDP/PIO-3 dt 16-Jan-2024
***
1.MoD Cyber Cell received information from cyber and Information Security
Division (CIS-III), regarding cyber-attack attempt at MoD by PIOs.
2.In this context, Cyber and Information Security division (CIS-III), MHA has
informed that PIOs based in Pakistan and elsewhere, continues to ferret
out strategic, sensitive and tactical information using pseudonymous
calls as modus operandi. They have stepped up efforts to mount cyber-
attacks on various sensitive installations/Departments of Govt. of India,
by sending malicious files through e-mail. The files disguised as
legitimate documents contain embedded malware.
3.In this regard, CSG-DDP has undertaken following measures:
(a) A webinar by JS(DIP & P&C) & CISO-DDP was conducted for all entities
of DDP and Defence License Industries on 25 Jul 2022.
(b) SOP dated 27 Jul 2022 and 27 Sep 2022 for safe guarding from PIO
calls and phishing emails has been issued on to all Units. Copy of both
the letters containing SOP for safeguarding for PIO calls are enclosed
herewith for ready reference.
4. In this regard, it is requested to share feedback on the measures
undertaken to ward off such threats by PIOs and to provide Action Taken
Report positively by 12-02-2024 to MILCO on it-mil@munitionsindia.in
for onward submission to CSG-DDP
(Md. Shahir Farooqui)
Dy.General Manager & SCSO
For CMD/MIL
Enclosures : As stated

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 15/02/2024

To,
The Chief General Manager
All Units under MIL

Sub: FORWARDING OF DOCUMENT OF NISPG, MoDSI 2022 AND BEST CYBER

PRACTICES
Ref: CSG-DDP Letter No: 6202/CSG/STDN/DDP/Advisory-III dt 30-Jan-2024
***
1. 01 x DVD containing important documents is being forwarded to your unit for
information and further dissemination to all concern. The DVD contains
following documents –
(a) Best Cyber Practices
(b) Manual of Departmental Security Instructions (MoDSI) 2022
(c) National Information Security Policy and Guidelines (NISPG)

2. Password of the DVD will be shared separately via official e-mail.

3. Please acknowledge receipt.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

Enclosure : As stated (01 x DVD)

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 07/03/2024

To,
The Chief General Manager
All Units under MIL

Sub: INFORMATION SECURITY AUDITING RELATED ADVISORY FOR GOVERNMENT

ORGANISATIONS
Ref: CSG-DDP Adv: 6215/CSG/STDN/DDP/Advisory/C-10 dt 01-Feb-2024

***
This is to bring to your attention the cyber security guidelines while hiring
Audit Agencies for CERT-In Audit. The Indian Computer Emergency Response Team
(CERTI-In) under Ministry of Electronics & Information Technology (MeitY), has
created a panel of “Information Security Auditing Organisations” for auditing. The list
is available on https://www.cert-in.org.in

2. All units are requested to ensure that the audit engagement process is
secure and does not pose any threat to sensitive information belonging to
Government and critical sector.

3. In light of the above, it is requested to put in place an appropriate

mechanism to ensure compliance to the attached advisories at the time of engaging
CERT-In empanelled organisations, in interest of security of sensitive information
belonging to the government and critical sector.

4. This is for strict compliance please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 07/03/2024

To,
The Chief General Manager
All Units under MIL

Sub: CLARIFICATION ON ROLES AND RESPONSIBILITIES OF STQC AND CERT-IN FOR

CYBER AUDITING AND HARDWARE TESTING OF IOT DEVICES CCTV CAMERAS
Ref: CSG-DDP Adv: 6258/CSG/STDN/DDP/Advisory-IV dt 19-Feb-2024
***

Please refer Ministry of Electronics and Information Technology (IPHQ Division) Letter
No. W-43/ 6 /2020-IPHQ dt 12th Feb 2024.

2. An advisory has been received from MeitY (Ministry of Electronics and

Information Technology) regarding clarification on Roles and Responsibilities of STQC
and CERT-In for Cyber Auditing and Hardware Testing of IoT Devices/CCTV Cameras.

3. The same advisory is disseminated to all units through this letter for
information and necessary action, please.

N.O.O.
(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)
Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 07/03/2024

To,
The Chief General Manager
All Units under MIL

Sub: PICTORIAL ADVISORIES : CYBER ATTACKS/BREACHES AND PIO CALLS

Ref: 1) CSG-DDP Adv: 6258/CSG/STDN/DDP/Advisory-IV dt 02-Feb-2024

2) CIRA Adv: Advisory (cyber)/S(01)/2023/558 dt 14-Sep-2023
3) CSG-DDP Letter no. 6258/CSG/STDN/DDP/Advisory/G-12/Vol-III
***

Vide references above, CIRA has received inputs from reliable sources that
personnel deployed in entities involved in Defence R&D and Defence Production have
been targeted by foreign agents using unidentified Pakistani and Indian numbers for
sharing workplace contacts. It has been seen that the Indian Personnel has
downloaded loan apps from Google Play Store on their mobiles and had shared their
credentials while registering with these apps. The agents gained access to the data
stored in the mobiles, including contact details, data, etc and started calling these
personnel extorting money and threatening them to provide workplace contact
details etc.
2. Also, in the wake of recent spate of phishing emails being received through the
email IDs of MoD personnel, it is felt that officials need to be aware and sensitive of
phishing mails and resultant incidents.

3. Hence, to bring about awareness among personnel, pictorial advisories

booklet containing following topics is being circulated:-
(a) Fraud through Email
(b) Fraud through Phishing Links
(c) Fraud using Screen Sharing app
(d) Impersonation through Social Media
(e) Vishing Calls

…2

-2-

4. Copy of this booklet is enclosed with this letter and is to be disseminated to all
the sections/personnel in your unit.

5. Further, it is requested to sensitize all officials to be cautious while handling

any suspicious email/link so that cyber security posture of our organisation may not
be compromised.

6. Forwarded for your information and further necessary action, please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 07/03/2024

Sub: ENGAGEMENT OF CONTRACTUAL EMPLOYEES AT WORKPLACE

Ref: CSG-DDP Adv: 6215/CSG/STDN/DDP/Advisory/C-10 dt 08-Feb-2024

***

Recent inputs from reliable sources indicate continued attempts by PIOs to

target contractual employees of sensitive organisations over social media
applications like Facebook, Whatsapp, etc., particularly those likely to provide
information of strategic importance. The cases also highlight violation of
security guidelines.
2. In this regard, Manual of Security Instructions (MSI), 2018 of MoD – para
2(c) of chapter 10, Manual of Departmental Security Instructions (MoDSI) of
MHA para 12.9 (iii) and separate order No. 31013/2/2008/D(Vig) dt 24.10.2013
and 28.10.2013 has already identified certain sections and divisions as
sensitive.
3. In view of the above, the attached guidelines may be ensured while
engaging and deployment of contractual employees in your unit.
4. Forwarded for your information and strict compliance, please
.O.

(Md. Shahir Farooqui) (Md. Shahir Farooqui)

Dy.General Manager & SCSO Dy.General Manager & LCSO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/Manpower Dt. 15/03/2024

To,
The Chief General Manager
All Units under MIL

Sub: CLARIFICATION ON ROLES AND RESPONSIBILITIES OF STQC AND CERT-IN FOR

CYBER AUDITING AND HARDWARE TESTING OF IOT DEVICES CCTV CAMERAS
Ref: CSG-DDP Adv: 6258/CSG/STDN/DDP/Advisory-IV dt 19-Feb-2024
***

Please refer Ministry of Electronics and Information Technology (IPHQ Division) Letter
No. W-43/ 6 /2020-IPHQ dt 12th Feb 2024.
2. An advisory has been received from MeitY (Ministry of Electronics and
Information Technology) regarding clarification on Roles and Responsibilities of STQC
and CERT-In for Cyber Auditing and Hardware Testing of IoT Devices/CCTV Cameras.

3. The same advisory is disseminated to all units through this letter for
information and necessary action, please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/Manpower Dt. 15/03/2024

To,
The Chief General Manager
All Units under MIL

Sub: Hiring Manpower from NICSI - Regarding

***

This is to emphasize the critical importance of bolstering our organization's cyber security
measures and to outline the necessary steps to ensure our digital assets remain secure and resilient.
In today's interconnected world, cyber security is paramount to safeguarding our
organization's sensitive data, preserving operational continuity, and protecting our reputation. As all
the units under MIL are increasingly rely on digital technologies to carry out our mission, the risk of
cyber threats such as data breaches, malware attacks, and unauthorized access becomes ever more
pronounced. Therefore, it is imperative that the units prioritize cyber security as a fundamental
aspect of our organizational strategy.

To effectively address the escalating cyber security challenges, it is imperative that all units
adhere strictly to the guidelines established by regulatory bodies such as the MHA, CERT-In, CSG-
DDP, NISPG. Compliance with these guidelines ensures that our cyber security measures align with
industry best practices and regulatory standards.

In order to meet the growing demand for cyber security expertise within our organization,
the units should first explore the possibility of posting individuals who possess relevant experience
and qualifications in the field of cyber security. By leveraging internal talent, we can capitalize on
existing knowledge and skills while minimizing recruitment costs.

Should units find themselves lacking individuals with sufficient experience and qualifications
in cyber security, it is recommended to seek assistance from reputable external agencies specializing
in Cyber security and Network administration. These agencies can provide access to seasoned
professionals with the expertise necessary to bolster our cyber security defenses effectively.

Before engaging the services of external cyber security experts or agencies, it is imperative
that units thoroughly review and adhere to the cyber security guidelines issued periodically.
Additionally, units must reference our organization's Cyber Security Policy and Standard Operating
Procedures (SOPs) to ensure alignment with our overarching cyber security framework.

In conclusion, I urge all units to prioritize the enhancement of our cyber security measures and to
take proactive steps to mitigate potential threats. By fostering a culture of cyber security awareness
and resilience, we can safeguard our organization's interests and uphold the trust placed in us by our
stakeholders.

Thank you for your attention to this matter. Should you require any further clarification or assistance,
please do not hesitate to contact me.

Sincerely,

(Md. Shahir Farooqui) (Md.Shahir Farooqui)

Dy.General Manager & SCSO Dy. General Manager/HR
For CMD/MIL

As we continue to navigate the ever-evolving landscape of technology and

information security, it has become increasingly evident that our manpower in the
field of cyber security is insufficient to effectively combat emerging threats and
safeguard our valuable assets.
In light of this critical shortfall, it is strongly urge unit within MIL to prioritize
the engagement of skilled cyber security experts in the field of Cyber Security,
DBA, Network, whose expertise and insights could prove invaluable in
strengthening our cyber posture and mitigating potential risks.
Furthermore, it is imperative that all units should adhere strictly to the
guidelines set forth by the DOE, CVC and Procurement Manual and other relevant
regular bodies. If units are having experts with cyber security qualification and
experience, they may be engaged in Cyber Security Cell.
MILCO has also taken started engagement of IT experts from National
Informatics centre Services Inc. (NICSI), on the same line, It is requested to take
proactive measures in addressing this critical need for cyber security expertise and
to expedite the recruitment process accordingly.
While hiring manpower from NICSI, all units are requested to visit NICSI
website, also refer NICSI Office Order No.26112021 dt 24.12.2021 for more
details.
Subject: Urgent Attention: Strengthening Cyber Security Measures

Dear [AAA Unit Head/Team],

[Your Name]

म्यूनिशंस इंडिया
MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CSA-Meeting Dt. 25/06/2024

To,
The Chief General Manager
All Units under MIL

Sub: 2nd Quarterly Cyber Security Audit Review Meeting - Regarding

***
This is to inform that an upcoming 1st Quarterly Cyber Security Audit Review
Meeting chaired by CISO/MIL which is scheduled to be held on -July-2024 at
15:00 Hrs. This meeting is imperative for all units under MIL, and it is crucial for
Local Cyber Security Officer (LCSO), Officers & staff working in Local Cyber
Security Cell and Officers & staff working in IT Section.

The purpose of this meeting is to conduct a comprehensive audit review and

discuss matters pertinent to Cyber Security. The following points shall be
discussed in this meeting:

1. Status of implementation of all Observations/Gaps recoded in Internal/

Inter-Unit/CERT-In/CSG-DDP Audit and IB-MHA Inspection.
2. Status of implementation of all Vulnerabilities & Advisories.
3. Incident, if any

The minutes of this meeting shall be submitted to CMD/MIL by CISO along with
copy to all concerned units.

Therefore, it is requested to make it convenient to attend this review meeting

through VC.

The link of the VC shall be shared one day before.

(Md. Shahir Farooqui)

Dy.General Manager & SCSO

No. MIL/HR/IT/Manpower Dt. 01/04/2024

Sub: Hiring IT/Cyber Security Manpower from outside agencies - Regarding

***

This is to emphasize the critical importance of bolstering our organization's cyber

security measures and to outline the necessary steps to ensure our digital assets remain
secure and resilient.
In today's interconnected world, cyber security is paramount to safeguarding our
organization's sensitive data, preserving operational continuity, and protecting our
reputation. As all the units under MIL are increasingly rely on digital technologies to carry
out our mission, the risk of cyber threats such as data breaches, malware attacks, and
unauthorized access becomes ever more pronounced. Therefore, it is imperative that the
units prioritize cyber security as a fundamental aspect of our organizational strategy.
To effectively address the escalating cyber security challenges, it is imperative that all
units adhere strictly to the guidelines established by regulatory bodies such as the MHA,
CERT-In, CSG-DDP, NISPG. Compliance with these guidelines ensures that our cyber security
measures align with industry best practices and regulatory standards.
In order to meet the growing demand for cyber security expertise, the units should
first explore the possibility of posting individuals who possess relevant experience and
qualifications in the field of cyber security. By leveraging internal talent, we can capitalize on
existing knowledge and skills while minimizing recruitment costs.
Should units find themselves lacking individuals with sufficient experience and
qualifications in cyber security, it is proposed to seek assistance from reputable external
agencies specializing in Cyber security and Network administration. These agencies can
provide access to seasoned professionals with the expertise necessary to bolster our cyber
security defenses effectively.
MILCO is in process of engaging IT experts in the field of Cyber Security & Networking
from NICSI. Before engaging the services of external cyber security experts or agencies, it is
imperative that units thoroughly review and adhere to the cyber security guidelines issued
periodically. Additionally, units must reference our organization's Cyber Security Policy and
Standard Operating Procedures (SOPs) to ensure alignment with our overarching cyber
security framework.
Submitted for Director/HR’s kind information and directives regarding engagement of
IT/Cyber Security experts from outside agencies by units. If approved, the same shall be
intimated to units.

ED/Mod & ERP GM/BD(CISO) FGM/HR(LCSO) JWM/HR/IT

DIRECTOR/HR

Restricted
ADVISORY
No. MIL/CYBERSECURITY/HR/IT 01st April 2024

Sub: PREVENTIVE MEASURES AGAINST (PIO) CALLS

First, ask the caller to give his office landline number, email-id and website
name, after receiving the landline number, check its authenticity. Check
whether the email-id is real or not. Generally email-ids hosted on @gov.in,
@nic.in belongs to Govt. organisations. Website starting with https:// are
secure websites.
(b) Be Skeptical : Be cautious of unsolicited calls, especially those requesting
immediate action. Don’t rush to open emails or follow instructions from
unverified callers.
(c) Check Email Sources: Examine email sender details and be wary of
unexpected emails with attachments or links.
(d) Use Security Software: Ensure devices are protected with updated
antivirus and anti-malware software.
(e) Regular Backup: Regular backups of all important data and systems. Do not
store any official data on Internet Facing PC.
(f) Strong Password: Implementation of strong passwords and regular
password changes.
(g) Report the incident: If any vishing call or phishing mail is received, the
same needs to be reported to CISO/MILCO immediately.
(h) Do not open/send emails to unknown email ids, also do not use personal
emai-id for official communication.

This is for strict compliance please.

(Avinash Tarhawadkar)
General Manager/HR

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय
No. MIL/HR/IT/Cyber-Security/Advisory Dt. 04/04/2024

To,
The Chief General Manager
All Units under MIL

Sub: ADVISORY: Compliance to Guidelines for Indian Government Websites

(GIGW) 3.0
Ref: CSG-DDP Adv: 6258/CSG/STDN/DDP/Advisory-VI dt 13-Mar-2024
***

Please refer MeitY DO letter No. N-33/1/2023-eGov dated 14 Feb 2024 (Copy
attached).
2. In light of the increasing significance of digital governance emphasizing the
accessibility of digital platforms, it is informed that Standardisation Testing and
Quality Certification (STQC) an attached office under MeitY has recently launched
Guidelines for Indian Government Websites (GIGW) 3.0 which is aimed at enhancing
the security and accessibility of digital platforms for citizens (available at
https://guidelines.india.gov.in)
3. GIGW 3.0 serves as a crucial tool in addressing the issues such as cyber
security and accessibility to the citizens. It aligns with the directives of Supreme Court
and its implementation is paramount to fostering a secure and inclusive digital
environment.
4. In this regard, MeitY has urged all Ministries, Departments and other bodies
under Government of India to initiate the certification process for their websites.
5. In view of the above, it is requested that all websites within the jurisdiction
may be certified in accordance /compliance with the Guidelines stipulated by GIGW
3.0
6. Forwarded for your information and further necessary action, please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

To,
The Chief General Manager
All Units under MIL

Sub: TIMELY REPORTING AND PROCESSING OF CYBER BREACH CASES OF DDP

ORGANISATIONS
Ref: CSG-DDP Letter No. 6258/CSG/STDN/DDP/G-88 dt 13-Mar-2024
***

In light of increasing Cyber Security breach cases in DDP Organisations, review

meetings on Cyber Security chaired by Senior Functionaries of Ministry of Defence
are being conducted regularly. During these meetings, it has been emphasized that
processing of Cyber breach cases are getting delayed.

2. In this regard, it is requested to strictly ensure timely reporting and processing

of Cyber Security incidents in your unit.

3. Forwarded for your information & further necessary action please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय
No. MIL/HR/IT/Cyber-Security/Advisory Dt. 04/04/2024
To,
The Chief General Manager
All Units under MIL

Sub: FAKE WEBSITE : PCDA ALLAHABAD

Ref: CSG-DDP Letter No. 6203/CSG/STDN/DDP/G-5/Vol-V dt 12-Mar-2024
***

Please refer MoD Cyber Cell letter No. S/52786/MoD Cyber

Cell/Advisory/2024/7CA/80 dt 01 Mar 2024 (copy enclosed)
2. An advisory has been received from MoD Cyber Cell regarding fake website of
PCDA Allahabad.
3. The advisory is being disseminated herewith for information and necessary
action, please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

Sub: PREVENTIVE MEASURES AGAINST (PIO) CALLS

***
Security has become a major concern for all organizations, especially for those
involved in sensitive and critical operations such as ours.
A new modus operandi is being used by the adversary to target Defence
Personnel. The adversary is using phone calls (vishing) and showing their identity as a
high level officer. They are targeting Defence Personnel for getting information on
Defence Operations, Dispatches, Production etc.
The following preventive measures are to be undertaken by all the personnel:
(i) Verify Callers Identity : Always verify the caller’s identity through
independent means, such as calling the organisation’s official number.
Hang up and contact the organisation using official channels. Always refrain
from sharing any information outside official communication channels.
First, ask the caller to give his office landline number, email-id and website
name, after receiving the landline number, check its authenticity. Check
whether the email-id is real or not. Generally email-ids hosted on @gov.in,
@nic.in belongs to Govt. organisations. Website starting with https:// are
secure websites.
(j) Be Skeptical : Be cautious of unsolicited calls, especially those requesting
immediate action. Don’t rush to open emails or follow instructions from
unverified callers.
(k) Check Email Sources: Examine email sender details and be wary of
unexpected emails with attachments or links.
(l) Use Security Software: Ensure devices are protected with updated
antivirus and anti-malware software.
(m)Regular Backup: Regular backups of all important data and systems. Do not
store any official data on Internet Facing PC.
(n) Strong Password: Implementation of strong passwords and regular
password changes.
(o) Report the incident: If any vishing call or phishing mail is received, the
same needs to be reported to CISO/MILCO immediately.
(p) Do not open/send emails to unknown email ids, also do not use personal
emai-id for official communication.
(q) Do not click on any link received in email.
(r) For VC link, always use meeting ID & Password to open the VC, Do not
click on any hyperlink received for VC

This is for strict compliance please.

(Md. Shahir Farooqui)

Dy. General Manager & SCSO

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय
No. MIL/HR/IT/Cyber-Security/Advisory Dt. 11/04/2024

To,
The Chief General Manager
All Units under MIL

Sub: ADVISORY ON THE THREAT OF INFORMATION LEAKAGE THROUGH CCTV/

VIDEO SURVEILLANCE SYSTEM (VSS)/DIGITAL VIDEO RECORDERS/NETWORK
VIDEO RECORDERS
Ref: CSG-DDP Letter No. 6203/CSG/STDN/DDP/Advisory/G-5-Vol-V-27-Mar-2024
***

It has been intimated by Ministry of Electronics & Information Technology (MeitY)

that concerns have been raised by various Ministries/Departments regarding the
security implications associated with the deployment of Closed-Circuit Television
(CCTV) Cameras and the conduct of cyber auditing and testing of hardware pertaining
to CCTV cameras and other Internet of Things (IoT) devices. In this regard, MeitY has
formulated comprehensive security guidelines for CCTV cameras which is placed at
Annexure-‘A’.
2. In light of these concerns, it is strongly advised to adhere to the guidelines
outlined within the ambit of the Public Procurement Orders to safeguard the overall
security and integrity of CCTV Cameras and IoT Devices.
3. The same advisory is disseminated to all units through this letter for
information and necessary action, please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

To
The Chief General Manager
All units under MIL

Sub : Deployment of Maya O.S.– regarding

Ref : 1)CIRA Letter No.Advisor(Cyber)/S(01)/2024/158 dt 11-Mar-2024

2)CSG-DDP Letter No.6258/CSG/STDN/DDP/G-98 dt 28-Mar-2024
***
CIRA developed homegrown Maya OS, a Linux based Operating System, which
brings together the familiarity of windows, dependability of Linux, security and
flexibility of open-source and the indigeneity of the cyber ecosystem.
2. Maya OS is a hardened Linux OS with several advanced security
implementations in place, to reduce the probability of impact in dire eventuality of a
compromise. To help the users reluctant to use Linux due to unfamiliarity with the
User Interface (UI), Maya OS has been customized to mirror the UI and basic
functionalities of Windows OS, to the maximum extent possible, such as Microsoft
Office Suit, menu layouts, folder formats and layouts, user actions, login screen,
mouse actions etc.
3. Directions from Hon’ble RM during Chintan Shivir held on 06 July 2023 ,for
deployment of Maya O.S. and Chakravyuh in all units of MoD.
4. In view of the above, it is requested to provide the details regarding internet
facing PCs of your unit in the enclosed proforma (Annexure-A) to
it-mil@munitionsindia.in positive by 15-April-2024 for onward submission to CIRA for
smooth migration from Windows to Maya O.S.
4. Your kind support and cooperation is highly solicited to strength cyber-posture
and protect the Defence Cyber Landscape.
5. Submitted for necessary action please.

O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Details of Internet Facing End-Points

Unit Name :

Total No of No. of No. of PC No.of PC List of Specific

Internet Computers connected to connected to Printers/Scanners requirements of
Facing Migrated to Internet is Internet is (Make, Model) the
Computers Maya OS directly to through organisation, if
Standalone Centralised any#
Broadband Internet
Gateway

#Specific requirements include usage of digital signature token, organisation specific software (in-
house and proprietary), usage of non-Linux compatible applications, PC based Biometric attendance
system, any specialised IT/OT system on the Internet Network , etc

NOTE: Please send .xls file as an attachment

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय
No. MIL/CYBERSECURITY/HR/IT Dt.
31/01/2024
To
The General Manager
Ordnance Factory, Khamaria
Jabalpur
Sub : MAYA Operating System with Chakravyuh – regarding
Ref : OFK email dt 02-Jan-2024
***
Maya operating system developed by the Indian Defence Research and
Development Organisation. It is powered by an end point detection and
protection system called "Chakravyuh" to act as barrier against online
threats. Maya OS can defend itself from cyber-attacks originating from both
– inside and outside of the organisation where it has been deployed in. State-
of-the-art Endpoint Monitoring and Vulnerability Detection System
(Chakravyuh) is also an integral part of the OS. The agent monitors the
system’s integrity constantly. Maya OS has inbuilt application package like
Office (Word, Excel, Powerpoint)
2. Vide reference above it is understood that OFK IT team has
successfully installed this new operating system (MAYA) on more than 20
PCs. It is appreciated such accomplishments are a testament to the
dedication and expertise of OFK IT team.
3. MIL is keen to understand the experience with MAYA O.S.
specifically, in gathering feedback on the new features, benefits, and any
challenges faced during the post-installation phase. Kindly provide insights
into the following aspects:
a)Cybersecurity Features
b)Whether this Operating System is user friendly or not
c)How easily user can adopt the applications like Word, Excel,
PowerPoint
d)Printer/Scanner drivers and Installation issue, if any
e)Connectivity with Informix Modules through Putty or PowerTerm
Tools
f)Scanner Connectivity issue
g)CCTV Connectivity issue
h)Video Conferencing issue
i)Biometric Connectivity issue
j)COMNET and Internet Speed
k)GeM Portal Connectivity
l)Drawings Software like AutoCAD,Unigraphics etc.,
m) PDF support to open any downloaded document
n)TV/Projector Connectivity
o)Any other issues raised during installation of third party whitelisted
software
4. MIL value your feedback, and your insights will be instrumental in
optimizing our own experience with MAYA O.S. This will aid in addressing
any concerns and maximizing the benefits of this new operating system
across our organization.
5. The feedback on the above points may be submitted to MILCO on
it-mil@munitionsindia.in earliest please.

(Md.
Shahir Farooqui)
Dy. General
Manager & SCSO
For
CMD/MIL

MUNITIONS INDIA LIMITED

म्यूनिशंस इंडिया
A GOVT. OF INDIA ENTERPRISE
लिमिटेड
MINISTRY OF DEFENCE
भारत सरकार का
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBERSECURITY/MAYA Dt. 27/03/2024

To
The Chief General Manager
All Units under MIL

Sub : Implementation of Maya Operating System- Regarding

Ref : MIL/Cyber Security/HR/IT dt 15-12-2023
***
Vide reference above, it has come to notice that all units under MIL are still using
Windows 7/8/8.1. It would like to bring to your attention a crucial update regarding the
discontinuation of Windows 7/8/8.1 operating systems on our PCs (both LAN and internet
environment). This decision is driven by outcome of cyber security audits assessment on
current IT infrastructure in MILCO and Units and aligns with our commitment to enhancing
security, efficiency, and compatibility within our work environment.
As aware, Microsoft ended support for Windows 7 in January 2020 & 8/8.1 in January
2023. This means the operating system no longer receives critical security updates and
patches, leaving it vulnerable to known and newly discovered threats. This makes Windows
7/8/8.1 PCs increasingly vulnerable to cybersecurity threats, as they lack the essential updates
required to protect against evolving security risks.
Considering above elucidated attributes and to safeguard our organization's data and
infrastructure, all head of units is hereby instructed to initiating the discontinuation of
Windows 7/8/8.1 on all internal PCs with Maya OS. CIRA developed homegrown Maya OS.
It is powered by an end point detection and protection system called "Chakravyuh" to act as
barrier against online threats. Maya OS is envisaged to cater to the following functional
requirements:
 Provide secure Linux-based OS to Internet -facing user endpoints.
 Help hassle-free user migration from Windows to Linux environment by providing
custom Windows themes
 Provide a homogenous secured environment for Chakravyuh end-point deployment
 Provide non-admin privileged user accounts to a user with pre-defined set of software
packages to eradicate attack surface
 Provide a certain level of system hardening to users in such a way that a balance between
workability, user experience and functionality is maintained.
Maya OS includes the implementation of several security tools and relevant hardening
that will reduce the impact and probability of a system compromise. The hardening of the
underlying base makes Maya OS stronger than general Linux distributions.

….2

Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in
निगमित कार्यालय पता: दूसरी मंजिल, न्याति यूनिट्री, नगर रोड, येरवडा, पुणे - 411 006
Regd. Address: Ammunition Factory, Khadki, Pune, Maharashtra – 411 003.
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in

-2-

Maya OS can defend itself from cyber-attacks originating from both – inside and outside
of the organisation where it has been deployed in. State-of-the-art Endpoint Monitoring and
Vulnerability Detection System (Chakravyuh) is also an integral part of the OS. The agent
monitors the system’s integrity constantly. Maya OS has inbuilt application package like
Office (Word, Excel, Powerpoint)
To help user not familiar with Linux, the UI of the OS has been modified to appear
similar to Windows Environment. The menu layouts, folder formats and layouts, inbuilt
office suit, user actions, logging screen, mouse actions etc. all have been customized with
Windows users in mind to make the adaptation and migration swift and convenient.
Maya OS requires minimum requirement of 4GB of RAM and 64-bit compatible
processor (Dual core-2GHz or more) along with minimum of 25GB Hard Drive free space for
installation, storage with at least 1024x768 resolution of display. The detailed configurations
is enclosed as Annexure-I
It is requested to collect the copy of Maya OS along with installation guide from MILCO.
It is understood that the change can be disruptive, and HOD of units are requested to instruct
IT division should commit to making this transition as smooth as possible on or before
15-May-2024.
The action status and compliance report may be submitted to MILCO on or before
15-April-2024

(Md. Shahir Farooqui)

Dy. General Manager & SCSO
For CMD/MIL
म्यूनिशंस इंडिया
MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय
No. MIL/CYBERSECURITY/HR/IT Dt. 15/12/2023

To
The Sr. General Manager /General Manager/Head of Units
All Units under MIL

Sub : Status of different Operating Systems with their version.

It is requested to furnish the current status of different versions of Operating Systems like
Windows, Linux etc in the following format for further analysis and future planning. It is
assumed that all the versions are licenced.

[ STATUS OF DIFFERENT OPERATING SYSTEMS IN UNIT _____ ]

Sr. Name of O.S. Version Installed in PC used for
No. (Windows/Linux etc) No. of PCs COMNET/Internet

The compliance report may be submitted to MILCO on it-mil@munitionsindia.in latest by

22/12/2023.

(Md. Shahir Farooqui)

Dy. General Manager & SCSO
For CMD/MIL

MUNITIONS INDIA LIMITED

No. MIL/CYBERSECURITY/HR/IT Dt. 04/01/2024

To
The Sr. General Manager /General Manager/Head of Units
All Units under MIL

Sub : Discontinuation / Replacement of Windows 7,8 & 8.1 PCs – Regarding

***
It would like to bring to your attention a crucial update regarding the discontinuation
of Windows 7/8/8.1 operating systems on our PCs (both LAN and internet environment).
This decision is driven by outcome of cyber security audits assessment on current IT
infrastructure in MILCO and Units and aligns with our commitment to enhancing security,
efficiency, and compatibility within our work environment.
As aware, Microsoft ended support for Windows 7 in January 2020 & 8/8.1 in
January 2023. This means the operating system no longer receives critical security updates
and patches, leaving it vulnerable to known and newly discovered threats. This makes
Windows 7/8/8.1 PCs increasingly vulnerable to cybersecurity threats, as they lack the
essential updates required to protect against evolving security risks.
The following are major risks associated with continuing to use Windows 7/8/8.1 after its
end-of-life.
1. Non availability of Security Updates Hackers actively targets unsupported systems,
making Windows 7/8/8.1 susceptible to malware, ransomware, and other cyber
threats.
2. Impact on Network Security, Windows 7/8/8.1 devices connected to a network can
pose a security risk to the entire infrastructure. Any compromise of a Windows
7/8/8.1 system may lead to unauthorized access to other network resources,
potentially affecting the entire organization.
3. Unpatched System Weaknesses Over time, security researchers may discover new
vulnerabilities or weaknesses in Windows 7/8/8.1. Without updates, these issues
remain unaddressed, creating potential backdoors for attackers to exploit and gain
unauthorized access.
4. Outdated Internet Explorer, Windows 7/8/8.1 comes with Internet Explorer 11 as the
latest version of its default browser. However, Microsoft has shifted focus to Microsoft
Edge. Using an outdated browser can expose users to security vulnerabilities while
browsing the internet, increasing the risk of malware infections through malicious
websites.
5. Failure to Meet Compliance Standards, Various industries and regulatory bodies
mandate the use of secure and supported systems to protect sensitive information.
Continuing to use Windows 7/8/8.1 may result in non-compliance with these
standards, leading to legal repercussions and damage to an organization's
reputation.
….2

-2-

6. Increased Risk of Data Breach With the lack of security updates, Windows 7/8/8.1 is
more vulnerable to attacks that could compromise sensitive data. This poses a
significant risk to personal information, business data, and any confidential
information stored on devices running Windows 7/8/8.1.
7. Target for Malicious Actors due to Unsupported operating systems become prime
targets for cybercriminals. Malicious actors can exploit known vulnerabilities, leading
to unauthorized access, data manipulation, or the installation of malware. This puts
both personal and organizational data at risk.
8. Inadequate Security Solutions As result of security software providers update their
solutions to address the latest threats, they may phase out support for older
operating systems. This leaves Windows 7/8/8.1 users with outdated antivirus and
endpoint protection, making it harder to defend against evolving cyber threats.
9. Lack of Official Assistance Microsoft no longer provides technical support for
Windows 7/8/8.1. This absence of official assistance makes it challenging to resolve
issues, receive guidance on security best practices, or get help with system
optimization.
10. Additionally, Windows 7/8/8.1 compatibility with newer software and hardware is
limited, potentially hindering your ability to perform your tasks effectively.

Considering above elucidated attributes and to safeguard our organization's data and
infrastructure, all head of units is hereby instructed to initiating the discontinuation of
Windows 7/8/8.1 on all internal PCs on or before 31/03/2024. This transition is imperative to
ensure that our systems remain resilient against potential cyber threats and adhere to
industry best practices.
While discontinuation of windows 7/8/8.1 operating based PC’s, The PC’s which are
having support / upgrade compatibility of windows 10/11 OS must be considered for upgrade
otherwise the PC should be discontinued and replaced with latest Hardware and OS like
windows 10/11. It is to be noted that only Windows 10 or higher versions to be used in all
PCs (Comnet & Internet).

It is understood that the change can be disruptive, and HOD of units are requested to
instruct IT division Sections should commit to making this transition as smooth as possible
on or before 31/03/2024.

The action status and compliance report may be submitted to MILCO on or before
29/02/2024

(Md. Shahir Farooqui)

Dy. General Manager & SCSO
For CMD/MIL

म्यूनिशंस MUNITIONS INDIA LIMITED

इंडिया लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE

उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/Advisory Dt.

18/03/2024

To,
The Chief General Manager
All Units under MIL

Sub: Follow-up meeting at NSCS regarding increase in PIO cases and

Delay in Resolution of Cases of DPSUs within MoD
Ref: CSG-DDP Letter No.6258/CSG/STDN/DDP/PIO-23(3) dt.05-03-2024

***

A meeting was held at NSCS under the chairmanship of AS(NSCS) with officials of
MoD on 19 Jan 2024 regarding increase of PIO cases in MoD. In this regard the
following actions are to be carried out:
a) All units under MIL initiate immediate action on being notified of such cases
through email or phone.
b) All units to Comply with the relevant guidelines pertaining to both physical and
cyber security guidelines issued by GoI from time-to-time including w.r.t.
guidelines on contractual employees.
c) The list of blacklisted employees (regular/contractual may be shared with all
DPSUs and their units.
d) All units are to prepare a list of blacklisted employees from their units and forward
the updated list to MILCO on quarterly basis (by 10 th of Jan, 10th of April, 10th of
Jul & 10th of Oct every year).
2. To sensitize all the employees of MIL units, a special lecture on “Measures To
Counter Cyber Attack Attempt By PIO” is scheduled on 22/03/2024 from 14:30 Hrs
to 16:30 Hrs. It is requested to make it convenient to attend the lecture as per the
schedule.
3. Forwarded for your information and necessary, please

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस MUNITIONS INDIA LIMITED

इंडिया लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE

उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/Advisory Dt.

18/03/2024

To,
The Chief General Manager
All Units under MIL

Sub: ADVISORY : PHISHING EMAIL WITHIN MoD

Ref: CSG-DDP Letter No.6202/CSG/STDN/DDP/G-5/Vol-V dt.05-03-2024

***
In the wake of recent spate of phishing emails being received by MoD personnel, it is
reiterated that all personnel within the units need to be aware of and sensitive to
phishing mails and how to prevent cyber incidents arising due to it.

2. The list of cyber security best practices pertaining to the prevention of cyber
incidents due to phishing mails detailing the precautions to be followed to safeguard
against these threats is enclosed as Annexure-I.

3. It is requested to personally sensitize all officials in your unit while handling

any suspicious email/link so that cyber security posture of the unit may not be
compromised.

4. This is for strict compliance please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस MUNITIONS INDIA LIMITED

इंडिया लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE

उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY Dt. 18/03/2023

To,
The Chief General Manager
All Units under MIL

Sub: Implementation of “Best Cyber Practices” & SOPs –Confirmation of

Ref: 1) MIL Letter No.MIL/HR/IT/CYBER-SECURITY/ADVISORY dt.15-Feb-24
2) 6258/CSG/STDN/Advisory/G-12/Vol-III dt 05-Mar 2024
Vide reference (1) above; MILCO has transmitted a collection of "Best Cyber
Practices" received from CSG-DDP on 15-Feb-2024. These practices encompass
valuable insights on:
1. General Computer Usage
2. General Internet Browsing
3. Malware defense
4. USB storage device (Pen Drive/External Hard disk etc)
5. Smart device
6. Social Networking
7. Email Communication
8. Wi-Fi Device
9. Password
10.Social Engineering
2. Vide reference (2) above, Standard operating procedure (SOP) on Cyber
Security for Government employees is attached herewith. These SOPs encompass
valuable insights on:
1. Desktop/Laptop/Thin-Client/Workstation and Printer Security
2. Password Management
3. Internet Browsing Security
4. Mobile Security
5. Email Security
6. Removable Media Security
7. Social Media Security
8. Online Video Calls and conferencing
9. Malware Defense Related
10.Internet Connection Control
12.Honey Trapping and Social Engineering
13.Security Advisory and Incident Reporting
14.Cyber Security Resources
..2
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : mil-pune@munitionsindia.in
निगमित कार्यालय पता: दूसरी मंजिल, न्याति यूनिट्री, नगर रोड, येरवडा, पुणे - 411 006
Regd. Address: Ammunition Factory, Khadki, Pune, Maharashtra – 411 003.
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in

-2-

3. It is requested to implement these best practices and SOPs at all levels. A

cyber-attack can cause irreparable damage to our organization, including data loss,
financial losses, and loss of reputation. Therefore, it is crucial that we take all
necessary measures to safeguard our systems and data from potential threats.

4. It is requested to send the confirmation report/Progress report by 10 th of

every month till implementation of all the guidelines/SOPs in your unit
5. Please ensure that all employees are aware of these “Best Cyber Practices &
SOPs” and that they are implemented at all levels of your unit.

6. This is for strict compliance please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस MUNITIONS INDIA LIMITED

इंडिया लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE

उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY Dt. 18/03/2023

To,
The Chief General Manager
All Units under MIL
Sub: Implementation of CSG-DDP Advisories –Confirmation of
Ref: MIL Letter No.MIL/HR/IT/CYBER-SECURITY DT 19/06/2023

This is to bring to your attention that the cybersecurity Advisories received

from CERT-In/CSG-DDP that MIL forwards on regular basis to protect our IT
infrastructure for cyber-attacks which includes instructions to block IPs, Domains,
Hash values which are harmful and can increase the risk of cyber-attack. As we all are
aware, there has been a significant increase in cyber incidents globally, and it is
crucial that we take all necessary measures to protect ourselves from cyber-attacks.

It is requested to implement these advisories properly in the Systems like

Firewall/UTM and ensure their promulgation at all levels. A cyber-attack can cause
irreparable damage to our organization, including data loss, financial losses, and loss
of reputation. Therefore, it is crucial that we take all necessary measures to
safeguard our systems and data from potential threats.

It is requested to send the confirmation report (monthly) of each and every

advisory to MIL for forward submission to CSG-DDP on monthly basis. Please ensure
that all employees are aware of these guidelines and that they are implemented at
all levels of your unit.

This is for strict compliance please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस MUNITIONS INDIA LIMITED

इंडिया लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE

उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/EMP Dt.

18/03/2024

To,
The Chief General Manager
All Units under MIL

Sub: Advisory- New Modus Operandi Targeting Defence Personnel

Vishing and Phishing
Ref: Advisor(Cyber)/S(010/IR/2024/146 dt 04-03-2024

***
Safeguarding tangible and intangible assets of national interest is of paramount
importance and the objective of the attached advisory is to increase awareness of all
the official employed in MIL units towards warding off social engineering techniques
performed by threat actors.

2. A new modus operandi for social engineering is being used to target Defence
Personnel has been observed in the environment. The adversaries are using a
combination of Vishing and Phishing techniques wherein the adversary is using
phone calls (vishing) as a manipulative tactic to trick their victims into opening spear
phishing emails sent on their NIC email, further leading to downloading of malicious
files or credential harvesting.

3. The detailed Modus Operandi to target defence personnel is attached

herewith. It is requested to implement the guidelines/preventive measures given in
the attached sheet immediately. Please ensure that all employees are aware of
these guidelines/ preventive measures and that they are implemented at all levels of
your unit.

4. This is for strict compliance please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस MUNITIONS INDIA LIMITED

इंडिया लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE

उद्यम
रक्षा मंत्रालय
No. MIL/HR/IT/CYBER-SECURITY/EMP Dt. 18/03/2024

To,
The Chief General Manager
All Units under MIL

Subject: Strengthening Cyber Security Measures - regarding

***

Cyber security has become a major concern for all organizations, especially for
those involved in sensitive and critical operations such as ours. Cyber security is
paramount to safeguarding organization's sensitive data, preserving operational
continuity, and protecting the reputation. The risk of cyber threats such as data
breaches, malware attacks, and unauthorized access becomes ever more
pronounced today. Therefore, it is imperative that all units prioritize cyber security as
a fundamental aspect of organizational strategy.

2. To effectively address the escalating cyber security challenges, it is imperative

that the units shall adhere strictly to the guidelines established by regulatory bodies
such as the CERT-In, MHA, CSG-DDP, NISPG, CVC. Compliance with these
guidelines ensures that our cyber security measures align with industry best
practices and regulatory standards.

3. In order to meet the growing demand for cyber security expertise within the
organization, it is requested to all units to first explore the possibility of posting
individuals who possess relevant experience and qualifications in the field of cyber
security. By leveraging internal talent, we can capitalize on existing knowledge and
skills while minimizing recruitment costs.

4. If there are no such individuals with sufficient experience and qualifications in

cyber security, it is recommend seeking assistance from reputable external agencies
specializing in Cyber Security, Network Security and System Administration. These
agencies can provide access to seasoned professionals with the expertise
necessary to bolster cyber security defenses effectively.

5. Before engaging the services of external cyber security experts or agencies, it

is imperative that units thoroughly review and adhere to the cyber security guidelines
issued periodically. Additionally, units must reference MIL Cyber Security Policy and
Standard Operating Procedures (SOPs) to ensure alignment with our overarching
cyber security framework.

-2-
6. In view of the above, it is requested to prioritize the enhancement of Cyber
Security measures and to take proactive steps to mitigate potential threats. By
fostering a culture of cyber security awareness and resilience, we can safeguard our
organization's interests and uphold the trust placed in us by our stakeholders.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस MUNITIONS INDIA LIMITED

इंडिया लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/PIS2.0 Dt. 22/04/2024

To,
The Chief General Manager
All Units under MIL

Sub: PIS 2.0 Personnel Information System- Verification of PIS with

Payroll

Ref : DoO(C&S) Letter No. 700/PIS/IT dt 04/04/2024

***

This has a reference to Personnel Information System- PIS 2.0 launched on

01/09/2023 . PIS 2.0 data as received from factories/units is frozen w.e.f. 01/02/2024
and amendment module is available through Change Management as
communicated vide letter No. MIL/HR/2024/PIS2.0 dt 11/03/2024 &
MIL/HR/IT/COMNET dt 05/03/2024

2. In order to verify the existing PIS 2.0 data, the exercise of verification of PIS data
w.r.t. Payroll was carried out for all units in Sep 2023 over VC sessions. In this
regard, all units are not carrying out the exercise every month. Hence a final round of
payroll verification shall be carried out on 24-04-2024 at 11.30 am. The Single Point
of Contact is Shri. Niranjan Kumar/JWM/DoO(C&S) Mobile Number: 7987196755.

3. The handholding support for carrying out this verification shall be extended
through VC on Comnet (Link for meeting shall be shared 1 hr in advance in PIS 2.0
Portal Dashboard)

4. Before attending the VC ,

a) 100 % availability of nodal officer of the unit for VC session is must.
b) Readiness of .CSV file required for payroll verification.

5. A demo of linking of service book with employee record shall also be given. In
view of the above, all units are requested to be prepared for this VC on scheduled
date and time with payroll .csv file.

(Md. Shahir Farooqui)

Dy. General Manager /HR
For CMD/MIL

उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBERSECURITY/MAYA Dt. 14/05/2024

To,
The Chief General Manager
All Units under MIL

Sub : Status of deployment of Maya O.S.– regarding

Ref : 1) CIRA Letter No.Advisor(Cyber)/S(01)/2024/158 dt 11.03.24

2) MIL Letter No. MIL/HR/IT/CYBERSECURITY/MAYA DT 27.03.24
***
CIRA developed homegrown Maya OS, a Linux based Operating System, which
brings together the familiarity of windows, dependability of Linux, security and
flexibility of open-source and the indigeneity of the cyber ecosystem. Directions
issued from Hon’ble RM during Chintan Shivir held on 06 July 2023, for deployment
of Maya O.S. and Chakravyuh in all units of MoD.
Vide reference (2) above, It was requested to all units to Install Maya Operating
System in all Internet Facing PCs and complete this task on or before 15-May- 2024
It is requested to send the status report on Maya Installation in following format
urgently by 16-May-2024 for forward submission to CIRA.
Maya O.S. Installation Status Report as on 15th May 2024
Unit Total Nor of No. of PCs No. of PCs Reason for
Name Internet PCs migrated to Maya NOT migrated NOT
OS as on 15th to Maya OS as migration to
May 2024 on 15th May Maya OS
2024

Your kind support and cooperation is highly solicited to strength cyber-posture and
protect the Defence Cyber Landscape.

(Md. Shahir Farooqui)

Dy.General Manager & SCSO

म्यूनिशंस MUNITIONS INDIA LIMITED

इंडिया लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE

उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBERSECURITY Dt. 15/05/2024

To
The Chief General Manager
All Units under MIL

Sub : Data/Information of IT Network of Organisations in DDP, MoD

***

Data/Information on IT Network (Intranet as well as Internet) of all units under

Munitions India Ltd are required to be compiled and put up to Competent Authority
by CSG, DDP.

In view of the above, it is requested that data/information on IT networks

(Intranet/Comnet as well as Internet) of your unit in the format as per Appendix ‘A’ &
Appendix ‘B’ along with network diagram and topology be forwarded to MILHQ on
it-mil@munitionsindia.in by 17th May 2024 positively. It is requested to send the .xls
file of both the tables along with email.

(Md. Shahir Farooqui)

Dy. General Manager & SCSO
For CMD/MIL
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in
निगमित कार्यालय पता: दूसरी मंजिल, न्याति यूनिट्री, नगर रोड, येरवडा, पुणे - 411 006
Regd. Address: Ammunition Factory, Khadki, Pune, Maharashtra – 411 003.
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 17/05/2024

To,
The Chief General Manager/General Manager
All Units under MIL

Sub: Advisory on Vulnerabilities -Regarding

1)Indicators of Compromise (IoCs)- Crimson RAT and Allakore RAT
2)APT36 Campaign- Side Copy Malware Latest IOCs sharing
3)Indicators of Compromise (IoCs)- GavaRAT
4)IOCs sharing for Improved Detection
5)Phishing Domain Mimicking –Department of Defence
Ref: 1) CIRA ID No. Advisor(Cyber)/S(01)/IR/2024/238 dt 08-May-2024
2) CIRA ID No. Advisor(Cyber)/S(01)/IR/2024/210 dt 15-Apr-2024
3) CIRA ID No. Advisor(Cyber)/S(01)/IR/2024/244 dt 08-May-2024
4) CIRA ID No. Advisor(Cyber)/S(01)/IR/2024/243 dt 08-May-2024
5) S/52786/MoD Cyber Cell/Advisory/2024/7CB/944 dt 16-Apr-2024
***
Vide references above; CIRA has communicated advisories on vulnerabilities to
be implemented urgently to safeguard our IT infras,tructure from any type of
cyber threats.
2. It is requested to do the necessary action to block C&C domain and IP s
associated with the malware, Hashes etc in Firewall to protect the IT
infrastructure from cyber-attack.
3. All stake holder/users should remain vigilant and ensure that no network
device is compromised by the emergent threat.
4. It is requested that appropriate remedial action on the alert mentioned in the
advisories may be taken immediately and Action Taken Report (ATR) may be
sent to it-mil@munitionsindia.in at the earliest

(Md. Shahir
Farooqui)
Dy. General Manager & SCSO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY Dt. 17-05-

2024

To,
The Chief General Manager/General Manager
All Units under MIL

Subject: Strengthening Cyber Security Measures - regarding

***
Cyber security has become a major concern for all organizations, especially for
those involved in sensitive and critical operations. Cyber security is paramount to
safeguarding organization's sensitive data, preserving operational continuity, and
protecting the reputation. The risk of cyber threats such as data breaches, malware
attacks, and unauthorized access becomes ever more pronounced today. Therefore,
it is imperative that all units prioritize cyber security as a fundamental aspect of
organizational strategy.

To effectively address the escalating cyber security challenges, it is imperative that

the units shall adhere strictly to the guidelines established by regulatory bodies such
as the CERT-In, MHA, CSG-DDP, NISPG, CVC. Compliance with these guidelines
ensures that our cyber security measures align with industry best practices and
regulatory standards.

In order to meet the growing demand for cyber security expertise within the
organization, all units under MIL to first explore the possibility of posting individuals
who possess relevant experience and qualifications in the field of cyber security. By
leveraging internal talent, we can capitalize on existing knowledge and skills while
minimizing recruitment costs.
If there are no such individuals with sufficient experience and qualifications in cyber
security, it is recommend seeking assistance from reputable external agencies
specializing in Cyber Security, Network Security and System Administration. These
agencies can provide access to seasoned professionals with the expertise
necessary to bolster cyber security defences effectively. MILCO is also hiring experts
from NISCI empanelled vendors.
…2
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : mil-pune@munitionsindia.in
निगमित कार्यालय पता: दूसरी मंजिल, न्याति यूनिट्री, नगर रोड, येरवडा, पुणे - 411 006
Regd. Address: Ammunition Factory, Khadki, Pune, Maharashtra – 411 003.
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in

-2-

Before engaging the services of external cyber security experts or agencies, it is

imperative that units thoroughly review and adhere to the cyber security guidelines
issued periodically. Additionally, units must reference MIL Cyber Security Policy and
Standard Operating Procedures (SOPs) to ensure alignment with our overarching
cyber security framework

In view of the above, all units are requested to prioritize the enhancement of Cyber
Security measures and take proactive steps to mitigate potential threats. By fostering
a culture of cyber security awareness and resilience, we can safeguard our
organization's interests and uphold the trust placed in us by our stakeholders.

(Md. Shahir
Farooqui)
Dy. General Manager & SCSO
For CMD/MIL
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 04/06/2024

To,
The Chief General Manager/General Manager
All Units under MIL

Sub: Advisory on Vulnerabilities -Regarding

1)Indicators of Compromise (IoCs)- GavaRAT
2)APT36 Campaign- Side Copy Malware Latest IOCs sharing
Ref: 1) CSG-DDP Letter No.6258/CSG/STDN/DDP/Advisory/G-12/Vol-III dt 17.05.24
2) CSG-DDP Letter No.6258/CSG/STDN/DDP/G-12/Vol-IV dt 17.05.24
***
Vide references (1) above; CIRA has communicated advisories on Indicators of
Compromise (IoCs)- FavaRAT which is targeting both Windows and Linux based
systems. The malware has the following capabilities:
a) File exfiltration from disk and portable media
b) Remote Desktop
c) C & C communication for further payload deployment
2. Enforce blocking to restrict access to identified malicious IPs and Domains
as mentioned in attachment letter. Also, enhance employee awareness and
training programs to educate staff about the risk associated with interacting
with suspicious emails, links or attachments.
3. Vide references (2) above; CIRA intimated that Pakistan based APT26 actors
have been primarily targeting Indian military and government personnel as a
part of its espionage activities. Multiple RAT malwares namely Crimson RAT
and Allokore RAT associated with APT-36, allow the attackers to gain control
over the infected systems. This control can include, but is not limited to,
stealing sensitive information, executing commands, downloading additional
payloads, and conducting surveillance on the victims.
4. Enforce blocking to restrict access to the identified malicious IPs and
domains as mentioned in attachment letter. Also, enhance employee
awareness and training programs to educate staff about the risk associated
with interacting with suspicious emails, links or attachments.
5. It is requested that appropriate remedial action on the alert mentioned in
the advisories may be taken immediately and Action Taken Report (ATR) may
be sent to it-mil@munitionsindia.in at the earliest

(Md. Shahir
Farooqui)
Dy. General Manager & SCSO
For CMD/MIL

No. MIL/HR/IT/CYBER-SECURITY/87 Dt.

13/06/2024

To,
The Chief General Manager
All Units under MIL

Sub: ADVISORY ON CYBER SECURITY: ATTACK AND MITIGATION IN DPSUs

Ref: 6203/CSG/STDN/DDP/Advisory/G-5/Vol-VI dt 22-May-2024

This is to bring to your attention that the Cyber Security Advisories received
from CERT-In/CSG-DDP that MIL forwards on regular basis to protect our IT
infrastructure.

2. In order to enhance the overall Cyber Security Posture in Department of

Defence Production, a ready reckoner document title “Cyber Security : attack
and mitigation in DPSUs” delineating the attack vectors, precautions and
incident management steps is enclosed herewith.
3. In this regard, it requested to disseminate the attached document to the
offices/sections of your unit under Area of Responsibility (AOR) to implement
these to enhance Cyber Security Posture of Organisation and DPSUs.

4. Please ensure that all employees are aware of these guidelines and that they
are implemented at all levels of your unit.

5. This is for strict compliance please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस MUNITIONS INDIA LIMITED

इंडिया लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/88 Dt.

12/06/2024

To,
The Chief General Manager
All Units under MIL

Sub: ADVISORY ON DESCRIPTION OF JOB PROFILE ON SOCIAL MEDIA-

ACCOUNTS OF EMPLOYEES OF VITAL INSTALLATIONS

Ref: 6258/CSG/STDN/DDP/Advisory/G-12/Vol-II dt 24-May-2024

Recent inputs received from reliable sources have revealed that many
permanent/contractual employees of a DPSU have posted details viz.
organisation, rank, branch and nature of work as part of their profile on their
social media accounts (Facebook, Twitter and Instagram). Recently, some
employees of the organisation were investigated / arrested for sharing sensitive
information with one Pak Intelligence Operative (PIO).

2. In this regard, it is imperative for personnel employed in your unit to be

sensitized regularly to avoid posting their job description, on social media
accounts. The social media related guidelines provided under the Manual of
Departmental Security Instructions 2022, especially Appendix V pertaining to
‘Dos and Don’ts for social media is attached herewith for your ready reference.

3. Please ensure that all employees are aware of these guidelines and that they
are implemented at all levels of your unit.

4. This is for strict compliance please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस MUNITIONS INDIA LIMITED

इंडिया लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/90 Dt.

13/06/2024

To,
The Chief General Manager
All Units under MIL

Sub: PIOs ELICIT INFORMATION USING PSEUDONYMOUS CALLS

Ref: 6258/CSG/STDN/DDP/G-12/Vol-III dt 24-May-2024

Inputs from reliable Government Agencies indicate that PIOs continue to gather
strategic, sensitive & tactical security related information through
pseudonymous phone calls.

2. In many communications, PIOs are seeking numbers of colleagues, junior and

senior officers. PIOs are using these numbers to target them in future. PIOs
continue to seek sensitive information, posing as GoI functionaries. The
concerned officers may be briefed accordingly to establish genuineness at calling
end before sharing any information. Additionally, sharing sensitive information
over open telephone calls may be avoided.

3. In this regard, it is requested to:

(a) Sensitize all critical/sensitive sections regarding above mentioned

pseudonymous phone calls.

(b)Immediately issue an advisory to all employees/officers under your AOR

sensitizing them about recent spoofed phone calls and advise them to
avoid sharing sensitive information over phone calls.

4. This is for strict compliance please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

म्यूनिशंस MUNITIONS INDIA LIMITED

इंडिया लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/93 Dt.

13/06/2024

To,
The Chief General Manager
All Units under MIL

Sub: CYBER ADVISORY BASED ON REVIEW OF CYBER INCIDENTS AND

BREACH CASES OF DDP DIVISIONS AND ORGANISATIONS
Ref: 6258/CSG/STDN/DDP/G-86 dt 05-June-2024
***
A review of cyber incidents/breach cases of DDP Divisions & Organisations
including DPSUs was chaired by JS(P&C) on 22 May 2024

2. Based on the review, certain critical issues pertaining to cyber security have
emerged which are required to be implemented strictly in respective DDP
Divisions & organisations including DPSUs. The critical issued which require
immediate attention are as follows:

(a) Direct Broadband Internet connection in office premises/organisation is

not permitted. All internet connections in office premises /organisation
should be centralized and through adequate security controls such as
firewall (or UTM) (Ref to MoDNET policy Vr.1.0, Page Bo.37, Section
(10.4)). Organisations are required to follow this guideline strictly.

(b) Only static IP address is to be allocated to internet facing PC. In case of

cyber breach case, this would help to identify the suspected PC uniquely.

(c) No WIFI is allowed within premises of organisations (Ref to MoDNET

policy Vr. 1.0, Page No.37, Section (10.4)).

(d) Organisations are to approach concerned ISP (such as BSNL) to provide

required logs of breach cases. Contract terms with ISP are to be invoked if
there is any difficulty in this regard. Organisations are to ensure that
terms and conditions are to be included in contracts of internet services
for sharing of required logs by the ISP.

…2

(e) In case of PIO cases, whether reported by CIRA or not, evidence need to be
deposited to CIRA for forensic analysis. If PIO reporting agency is IB-MHA
and forensic analysis has already been conducted by IB, then there may
not be any requirement to deposit evidence to CIRA, however in such
cases DPSU concerned will ensure the forensic report is collcted from IB-
MHA and the same is to be intimated to CSG-DDP and CIRA.
(f) Forwarded for information, further dissemination and necessary action
please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/89,91 Dt.

13/06/2024
To,
The Chief General Manager
All Units under MIL

Sub: Advisory on Vulnerabilities –Regarding

1) IOCs SHARING FOR IMPROVED DETECTION-CMTX-I-021032024,
CMTX-I-025032024 AND XMTX-I-587032024-REG
2) INDICATORS OF COMPROMISE (IoCs)-CRIMSON RAT AND
ALLAKORE RAT
Ref:1) CSG-DDP Letter No.6258/CSG/STDN/DDP/Advisory/G-12/Vol-IV
dt 24.05.24
2) CSG-DDP Letter No.6258/CSG/STDN/DDP/G-12/Vol-V dt 30.05.24
***
Vide references (1) above; CIRA has communicated advisories on IoCs
Sharing For Improved Detection-CMTX-I-021032024, CMTX-I-025032024
AND XMTX-I-587032024. Pakistan based APTY-36 threat actors deployed
Mythic malware, AresRAT malware and side copy malware in Indian cyber
space has been noticed.

2. Vide references (2) above; MoD Cyber Cell have intimated that Pakistan
based APT-36 actors have been primarily targeting Indian military and
government personnel as a part of its espionage activities. Multiple
Remote Access Trojan (RAT) malwares namely Crimson RAT and Allakore
RAT associated with APT-36, allow the attackers to gain control over the
infected systems. This control can include, nut is not limited to, stealing
sensitive information, executing commands, downloading additional
payloads, and conducting surveillance on the victims.

3. It is recommended to undertake following actions with immediate effect

for improved detection and protection across the unit:
(a) Enforce blocking to restrict access to the identified malicious IPs and
domains. Additionally, perform comprehensive examinations of
network logs and security alerts to detect any potential indicators of
compromise.

…2

-2-

(b)Enhance employee awareness and training programs to educate staff

about the risk associated with interacting with suspicious emails, links
or attachments.
(c) It is recommended to disseminate this alert among all stakeholders
within your area of responsibility for early detection and swift
response measures.

4. It is requested that appropriate remedial action on the alert mentioned

in the advisories may be taken immediately and Action Taken Report
(ATR) may be sent to it-mil@munitionsindia.in positively by 20-June-2024

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY Dt. 27/06/2024

Subject: Fraud/impersonation of Mobile WhatsApp Message

It is to intimate that a fraud/impersonation of mobile WhatsApp message has been

received in the name of Shri. Debashish Banerjee , CMD , Munitions India Limited a
Unit of Govt. of India, Ministry of Defence from the unknown phone number from
+94 76 688 8670.
The screen shot is attached for your ready reference:

To : info@cert-in.org.in, incident@cert-in.org.in

Name Kumar Vaishav Gaur

Designation CISO
Organisation Name Munitions India Limited
Office Address 2nd Floor, Nyati Unitree
Yerawada, Pune- 411006
Email ID it-mil@munitionsindia.in
Mobile No. 9013763678
Office Phone 020-67080400
Office Fax NIL

This is for information and further necessary action please

(Md. Shahir Farooqui)

Dy.General Manager
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY Dt. 27/06/2024

To,
The Chief General Manager
All Units under MIL

Sub : Fraud/impersonation of Mobile WhatsApp Message in the name of CMD/MIL

***
It is to intimate that a fraud/impersonation of Mobile WhatsApp Message has been
received in the name of Shri. Debashish Banerjee , CMD , Munitions India Limited a
Unit of Govt.of India, Ministry of Defence from the unknown phone number from +94
76 688 8670, +94 741965632 or any other unknown number.

Following steps need to be followed in case of such fraud/impersonation calls are

received on the mobile phone.

1. Never respond to emails/embedded links/calls asking you to provide any

personal or confidential information.
2. Never provide your identity proof to anyone without any genuine reason.
3. Scan the mobile by using latest anti-virus.
4. Regularly download the mobile phone updates from authorised source only.
5. The “Do Not Disturb” feature is available on most smartphones and can be
used to silence incoming calls.
6. Some smartphones also offer a call screening service. By making use of this
feature, you can see who is calling.
7. Enable the built-in call-blocking feature that allows you to block specific
numbers.
8. For any kind of Cyber incidence, Submit your complaint to :
(incident@cert-in.org.in and info@certi-in.org.in)

It is therefore, requested to give wide publicity among all employees.

(Md. Shahir Farooqui)

Dy.General Manager
Copy to: All Employees of MILHQ

The screen shot is attached for your ready reference:

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/MAYA Dt. 01/07/2024

To
The Chief General Manager
All units under MIL

Sub : Deployment of CHAKRAVYUH STUB SERVER

Ref : 1)CSG Letter No.6258/CSG/STDN/DDP/ADVISORY/Vol-IV dt 28-Jun-24
2)CSG Letter No.6258/CSG/STDN/DDP/ADVISORY/Vol-IV dt 20-Mar-24
**
Cyber breach cases and incidents in the Defence Industry is a cause of concern. In
order to enhance the Cyber Security posture, establishment of Cyber Security
Operation Centre (CSOC) for Defence Industry is being planned for implementation
on priority byb the Ministry of Defence.
2. Vide ref (1), a coordination meeting was held on 27 Jun 2024 under the Chair of
Additional Secretary, Department of Defence MoD with participation of JS(P&C)
DDP, ADG CIRA, officials of CSG-DDP, DIP Wing of DDP, MoD Cyber Cell , and
representatives of 18 Defence Industries, who are planned to be on-boarded in
Phase-I of the CSOC.
3. Vide ref (2) above, CIRA has shared details of minimum required configuration for
chakravyuh stub server and endpoints. The specifications have been made
considering support of up to 500 active agent connections per server. The
minimum/recommended system requirements are as provided below:
Parameter Minimum Recommended
Processor Xeon or Equivalent multi Xeon or Equivalent multi
core CPU core CPU
Cores 64 96
RAM 128 GB 256 GB
Hard Disk Free Space for 800 GB 2 TB
Installation
Hard Disk (Usable) 4 TB (Preferably SSD for 10 TB (Preferably SSD for
Data partition) Data partition)
Active Wired Network Connectivity (preferably optical)- Min 1 Gigabit
Either a DVD Drive (Internal/External) or USB port for Installer Media
Compatible with debian Linux installation and supports virtualization
4. Server for Chakravyuh is required to be procured and installed by respected unit
as per specifications given above. As this point is to be completed by 07th July 2024,
therefore it is requested to speed up the procurement of Hardware.
5. All units are to ensure that all Internet-facing systems in their premises are
installed with Maya O.S. as per MoD/DDP directions.
N.O.O.
(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)
Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

Maya OS is a hardened Linux OS with several advanced security implementations in

place, to reduce the probability of impact in dire eventuality of a compromise. To help
the users reluctant to use Linux due to unfamiliarity with the User Interface (UI),
Maya OS has been customized to mirror the UI and basic functionalities of Windows
OS, to the maximum extent possible, such as Microsoft Office Suit, menu layouts,
folder formats and layouts, user actions, login screen, mouse actions etc.
3. Directions from Hon’ble RM during Chintan Shivir held on 06 July 2023 ,for
deployment of Maya O.S. and Chakravyuh in all units of MoD.
4. In view of the above, it is requested to provide the details regarding internet
facing PCs of your unit in the enclosed proforma (Annexure-A) to
it-mil@munitionsindia.in positive by 15-April-2024 for onward submission to CIRA for
smooth migration from Windows to Maya O.S.
4. Your kind support and cooperation is highly solicited to strength cyber-posture
and protect the Defence Cyber Landscape.
5. Submitted for necessary action please.

O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

No. MIL/HR/IT/CYBERSECURITY/Chakravyuh Dt. 01/07/2024

To
The Chief General Manager/General Managers,
(All units under MIL)

Sub : Deployment of Maya O.S. & Chakravyuh Stub Server

***
As we continue to navigate the digital landscape, it’s imperative that we remain vigilant
and proactive in safeguarding our company’s assets and information, implementation of
very secure Operating System: Maya and Chakravyuh Stub Server to protect our
Internet facing PCs against cyber vulnerabilities is very essential to be completed in a
give schedule.

2. Cyber breach cases and incidents in the Defence Industry is a cause of concern. In
order to enhance the Cyber Security posture, establishment of Cyber Security Operation
Centre (CSOC) for Defence Industry is being planned for implementation on priority by
the Ministry of Defence.

3. CIRA developed homegrown Maya OS, a Linux based Operating System, which
brings together the familiarity of windows, dependability of Linux, security and
flexibility of open-source and the indigeneity of the cyber ecosystem.

5. Directions from Hon’ble RM during Chintan Shivir held on 06 July 2023, for
deployment of Maya O.S. and Chakravyuh in all units of MoD.

6. In this context, a coordination meeting was held on 27 Jun 2024 under the Chair
of Additional Secretary, Department of Defence MoD with participation of JS(P&C) DDP,
ADG CIRA, officials of CSG-DDP, DIP Wing of DDP, MoD Cyber Cell , and representatives
of 18 Defence Industries, who are planned to be on-boarded in Phase-I of the CSOC.

7. MIL has already shared details of minimum required configuration for

chakravyuh stub server and endpoints on 27-March-2024, 11-April-2024 and good
number of reminders to complete the installation of maya operating system on all
internet facing systems by 15-May-2024. It is regretted to inform that the progress of
implementation of Maya is very slow and units are not following the schedule to
complete this task.

8. Server for Chakravyuh is required to be procured and installed by respected unit

as per specifications given above. As this point is to be completed by 07th July 2024,
therefore it is requested to speed up the procurement of Hardware.
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in
निगमित कार्यालय पता: दूसरी मंजिल, न्याति यूनिट्री, नगर रोड, येरवडा, पुणे - 411 006
Regd. Address: Ammunition Factory, Khadki, Pune, Maharashtra – 411 003.
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in

-2-

9. All Chief General Managers of units have to ensure that all Internet-facing
systems in their premises are installed with Maya O.S. by 07th July 2024 positively.

10. The responsibility of cyber security of unit is with Chief General Manager. It is of
paramount importance that all factories/units take this matter seriously and take all
necessary measures to protect sensitive information and data of unit.

11. It is once again requested to take all necessary steps to implement Maya O.S. in
all internet facing systems & Chakravyuh Stub Server in stipulated schedule only.

12. This issues with the approval of the competent authority.

) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL
The specifications have been made considering support of up to 500 active agent
connections per server. The minimum/recommended system requirements are as
provided below:

Parameter Minimum Recommended

Processor Xeon or Equivalent multi Xeon or Equivalent multi
core CPU core CPU
Cores 64 96
RAM 128 GB 256 GB
Hard Disk Free Space for 800 GB 2 TB
Installation
Hard Disk (Usable) 4 TB (Preferably SSD for 10 TB (Preferably SSD for
Data partition) Data partition)
Active Wired Network Connectivity (preferably optical)- Min 1 Gigabit
Either a DVD Drive (Internal/External) or USB port for Installer Media
Compatible with debian Linux installation and supports virtualization

8.
4. Maya OS is a hardened Linux OS with several advanced security implementations
in place, to reduce the probability of impact in dire eventuality of a compromise. To help
the users reluctant to use Linux due to unfamiliarity with the User Interface (UI), Maya
OS has been customized to mirror the UI and basic functionalities of Windows OS, to the
maximum extent possible, such as Microsoft Office Suit, menu layouts, folder formats
and layouts, user actions, login screen, mouse actions etc.

4. In view of the above, it is requested to provide the details regarding internet

facing PCs of your unit in the enclosed proforma (Annexure-A) to
it-mil@munitionsindia.in positive by 15-April-2024 for onward submission to CIRA for
smooth migration from Windows to Maya O.S.

4. Your kind support and cooperation is highly solicited to strength cyber-posture

and protect the Defence Cyber Landscape.

5. Submitted for necessary action please.

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBERSECURITY Dt. 02/07/2024

To
The Chief General Manager/General Managers,
(All units under MIL)

Sub: Security Mechanism for Companies belong to countries sharing

land border with India
***

As per inputs received in Ministry of Defence that many Chinese

nationals/proxies, Chines shell companies and Apps are frequently active in India
and same are involved in malicious unethical financial activities like blackmailing
customers through WhatsApp, loans , betting etc.
2. In view of above, it is advised to keep vigil and exercise due diligence with
respect to said Chinese nationals/proxies, companies and apps.
3. Based on these communications, an advisory has been prepared on the modus
operandi of various cyber-attacks, cyber breach/compromise incidents and
related counter measures.
4. It is requested to follow this Advisory in full letter and spirit to maintain cyber-
safe environment through out the unit.
5. Please ensure that all employees are aware of these advisories and that they
are implemented at all levels of your unit.

6. This is for strict compliance please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

ADVISORY ON
MODUS OPERANDI OF VARIOUS CYBER ATTACKS AND COUNTERMEASURES

(A) PIO CALLS:

Pak Intelligence Operatives (PIOs) are making “spoofed” phone calls to the personnel
from Defence Establishments and Defence Private Industries to extract information
from them.

These calls are most often disguised as an enquiry from a High Ranking Officer from
Ministry or some other Government Agencies. In some cases, PIOs may even give out
some basic information on some specific matter to gain trust and then ask for further
details from the target official or seek contact information of concerned officer dealing
with the matter. They may also coerce the target official to open/click on a phishing
email link or attachment by creating a sense of urgency.

These modus operandi have been adopted by the PIOs to gather sensitive information
such as status of projects, materials, movement of officers etc. or coercing to click on
phishing links to compromise email or installing malwares or stealing data etc.

* Countermeasures:
1. Do not provide any information without establishing the identity of the caller
2. Take down the caller’s contact number and seek time to revert back
3. If any suspicion arises during the call, cancel the call immediately
4. Don’t disclose any sensitive or confidential information over phone to anyone
5. Don’t share login/OTP/password details with anyone
6. Don’t click on any suspicious email links or attachments
7. Be wary of any unsolicited emails received from any sender
8. Before clicking on any link ensure that the link starts with https://
9. For official communications use official NIC email only
10. Keep Operating System, Antivirus, Browser etc. updated at all time.
11. If any email is suspected to have been received from PIO, immediately contact
LCSO of your unit.
12. Report any incident regarding PIOs to incident@cert-in.org , info@cert-in.org.in
and register your complaint on https://cybercrime.gov.in

(B) HONEY TRAPPING :

Honey trapping is a cunning tactic used by individuals, with malicious intent, to entice
and deceive others for personal gain. It typically involves creating emotional or romantic
connections to manipulate the target.

Honey traps are often used for espionage, extortion, blackmail, or gaining access to
sensitive information.

* Countermeasures:
1. Don’t be tricked into giving away any private/confidential information
2. Be cautious if someone is manipulating your emotions to gain your trust or get
you to disclose information or perform certain actions.
3. Refrain from having information about your department and work on your
personal social media accounts
4. Don’t share contact details through social media
5. Lock your social media profiles
6. Don’t accept friend request from any unknown person or without being sure of
the identity of the sender
7. Don’t visit unknown dating sites or other shady sites
8. Don’t trust generous offers too good to be true
9. Before adding any member to any social media groups like in WhatsApp or
Telegram, be sure about the identity of the individual
10. Don’t accept any calls especially Video Calls from any unknown number
11. Don’t publish or post or share any internal official documents or information on
social media.
12. Don’t allow screen sharing.
13. Never open/click unsolicited attachment/URL
14. Use NIC email only for official communications
15. Don’t keep any official documents in personal devices
16. Don’t trust Urgent/Threatening/Promotional calls
17. Don’t fall prey to any blackmail
18. Report any such incident to incident@cert-in.org , info@cert-in.org.in and
register your complaint on https://cybercrime.gov.in

(C) PHISHING EMAILS AND URLS

Phishing is a form of social engineering attack where attackers deceive people into
revealing sensitive information or installing malware such as ransomware.

This is usually done by including a phishing link in email that is either sent by a
compromised email id or appears to be from a legitimate source, for example-
senior/colleague from workplace, bank, recruiter, credit card company etc. Sometimes
phishing URLs can also be delivered through SMS or Social Media apps. By pretending to
be a person or organization you trust, they can more easily infect you with malware or
steal information. In other words, these social engineering schemes “bait” you with trust
to get your valuable information.
Following are the signs through which phishing emails/messages can be identified:
 Poor Grammar
 Embedded links for unsolicited downloads
 Embedded Short URLs
 Sense of Urgency created by the Sender
 Lucrative offers
 Panic inducing language
* Countermeasures:
1. Be sure of the sender’s identity before responding
2. Don’t respond to emails from unknown source or click on suspicious links
3. Don’t give in to threatening/demanding emails/messages trying to create a sense
of urgency
4. Report and block the doubtful sender
5. Look for ‘https://’ and a lock icon in the address bar before clicking.
6. Don’t click on the links from google search without checking the actual URL
7. Before clicking short web-links hover mouse over the link to check full URL
8. Don’t download unsolicited attachments.
9. Don’t enter login credentials in redirected login pages
10. For official communications use official NIC email only
11. Enable two-factor authentication
12. Be skeptical and never share private information in popup window.
13. Don’t trust offers too good to be true.
14. Keep Operating System, Antivirus, Browser and all other software/apps updated
at all time.
15. Report any such incident to incident@cert-in.org , info@cert-in.org.in and
register your complaint on https://cybercrime.gov.in

(D) COMMAND AND CONTROL (C2) SERVER :

A Command and Control (C2) server is the infrastructure used by threat actors to
manage and coordinate malicious activities. C2 servers are used to target unsuspecting
computers/mobiles and once compromised, control and use them to steal data or carry
out malicious activities. One of the most common methods employed by a C2 server to
target government officials is emails containing phishing links, on opening of which the
system gets infected/compromised.
* Countermeasures:
1. Uninstall unpatched softwares from systems
2. Keep Operating System, Antivirus, Browser and all other software/apps updated
at all time.
3. Never open/click unexpected attachment/URL
4. Use strong passwords and use two-factor authentication
5. Deactivate Remember Password and Remote Access features.
6. Don’t use 3rd party toolbars (e.g. download manager etc.)
7. Don’t use unauthorized email services for office works.
8. Don’t send classified files over email.
9. Always type site’s domain name/URL manually
10. Don’t use same password in multiple services/apps
(E) CASHe PERSONAL LOAN APP / TOOP APP :
Cyber Criminals launch malicious apps to trap defence officials to ferret out organization
information of strategic importance.
* Countermeasures:
1. Be skeptical
2. Think twice if loan is offered with poor CIBIL scores
3. Be wary of loans offered without proper documentation
4. Don’t trust offers too good to be true.
5. Download Apps from trusted sites only.
6. Check terms and conditions
7. Don’t allow access to features usually not required by that App.
8. Don’t allow screen sharing App.
9. Deactivate Remember Password and Remote Access features.
10.Don’t use 3rd party toolbars (e.g. download manager etc.)
11.Don’t enter login credentials in redirected login pages
12.Look for ‘https://’ and a lock icon in the address bar before clicking.
13.Before clicking short web-links hover mouse over the link to check full URL
14.Don’t share login/OTP/password details with anyone
15.Scan the system/mobile on regular basis
16.Access ‘Digital India m-Seva AppStore’ (https://apps.mgov.in) being managed
and governed by MeitY.

(F) MORPHING AND DEEPFAKE (IMAGE/VOICE/VIDEO) :

Cyber criminals can alter or change pictures of individuals using morphing tools
available online and use these morphed pictures for various malicious purposes,
including blackmail, creating fake profiles, sexting, and more.

Now, with the advent of Deepfakes, these attacks have become more sophisticated.
Deepfakes are manipulated images, videos or audio recordings created using artificial
intelligence (AI) techniques. They can convincingly alter someone’s appearance, voice,
or actions, often leading to misinformation, fraud, or blackmail. Deepfake can generate a
convincing video from just a few sample images and voice sample of a target.
* Countermeasures:
1. Educate Yourself: Learn about Deepfakes and their impact. Knowledge is essential
for recognizing potential threats.
2. Watch What You Share: Be cautious about sharing personal information online.
Refrain from sharing personal pictures online publicly on social media platforms.
3. Adjust Privacy Settings: Review and tighten privacy settings on social media
platforms and other online accounts.
4. Beware of Account Takeovers: Be vigilant against phishing attempts and
unauthorized access to your accounts. Don’t enter login credentials in redirected
login pages
5. Understand Trusted Sources: Verify the authenticity of videos and audio from
reliable sources.
6. Use Watermarks on Photos: Add watermarks to your images to prevent misuse.
7. Use Two-Factor Authentication: Enable two-factor authentication for added
security.
8. Seek Help from Trusted Family and Friends: Don’t suffer in silence; reach out to
trusted family and friends if you face any issues.
9. Save Evidence and Report the incident: If you encounter any suspicious activity,
take screenshots and save evidence and report immediately.

*****
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBERSECURITY Dt. 02/07/2024

To
The Chief General Manager/General Managers,
(All units under MIL)

Sub: Publishing of Information on Critical Assignments/Projects

Ref: CSG-DDP Letter No.6258/CSG/STDN/DDP/Advisory/Vol-V dt 13.06.24

***
Inputs from the reliable Government Agencies have brought out the continuous
attempts by Pakistan Intelligence Operatives (PIOs) to particulars target officials
posted in sensitive organisations through social media (WhatsApp, Facebook,
Instagram etc.) to gather information of strategic information. It has been noticed
that PIOs are using identities including posing as defence
correspondence/officials of the Ministries and are using spoofed numbers to gain
trust of the individuals in key appointments to gather sensitive information.

2. In view of the above, it is requested to sensitize all concerned to remain

vigilant and not to reveal sensitive information, in any form, in official, personal
or institutional capacity, that could compromise information security and ensure
strict adherence to the provisions of the Official Secrets, Act 1923 so that no
sensitive information is propagated beyond the authorized quarters. Any far
reaching (great influence on many people or things) publication containing
unique, sensitive information related to Defence has to get approved through
DoD, prior to publication.

3. The above is based on the directions of Hon’ble RM.

4. Forwarded for your information and necessary action, please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/98-100,102 Dt. 05/07/2024

To,
The Chief General Manager
All Units under MIL
Sub: Advisory on Vulnerabilities –Regarding
1) IOCs Sharing- Malicious Domains and Subdomains
2) IOCs Sharing for Improved Detection
3) IOCs sharing for Improved Detection
4) IOCs sharing for Improved Detection
Ref: 1) CIRA Advisor(Cyber)/S(01)/IR/2024/313 dt 13-06-2024
2) CIRA Advisor(Cyber)/S(01)/IR/2024/317 dt 13-06-2024
3) CIRA Advisor(Cyber)/S(01)/IR/2024/318 dt 13-06-2024
4) CIRA Advisor(Cyber)/S(01)/IR/2024/320 dt 13-06-2024
***
Vide references (1) to (4) above; CIRA has communicated advisories on
Malicious Domains and Subdomains which are registered by Pakistan based
threat actors, to target personnel belonging to government organisations. Some
of the domains observed are enclosed as Annexure-A.

2. The following actions are to be undertaken with immediate effect for

improved detection and protection across the unit.
a. Enforce blocking or filtering protocols to restrict access to the identified
malicious domains. Additionally, perform comprehensive examinations of
network logs and security alerts to detect any potential indicators of
compromise.
b. Enhance employee awareness and training programs to educate staff
about the risk associated with interacting with suspicious emails, links or
attachments.
c. You are encouraged to disseminate this alert among pertinent
stakeholders within your area of responsibility for early detection and
swift response measures.

3. It is requested that appropriate remedial action on the alert mentioned in the

Annexure-A may be taken immediately and Action Taken Report (ATR) may be
sent to it-mil@munitionsindia.in positively by 12-July-2024

N.O.O.
(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)
Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

IoCs Sharing For Improved Detection-CMTX-I-021032024, CMTX-I-

025032024 AND XMTX-I-587032024. Pakistan based APTY-36 threat
actors deployed Mythic malware, AresRAT malware and side copy malware
in Indian cyber space has been noticed.

3. It is recommended to undertake following actions with immediate effect

for improved detection and protection across the unit:
(d)Enforce blocking to restrict access to the identified malicious IPs and
domains. Additionally, perform comprehensive examinations of
network logs and security alerts to detect any potential indicators of
compromise.

…2

-2-
(e) Enhance employee awareness and training programs to educate staff
about the risk associated with interacting with suspicious emails, links
or attachments.
(f) It is recommended to disseminate this alert among all stakeholders
within your area of responsibility for early detection and swift
response measures.

6)
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/101 Dt. 05/07/2024

To,
The Chief General Manager
All Units under MIL
Sub: Advisory on Vulnerabilities –Regarding
IOCs Sharing for Improved Detection and Protection-Personal Devices
Ref: CIRA Advisor(Cyber)/S(01)/IR/2024/319 dt 13-06-2024
***
Vide references above; Pakistan based threat actors have been primarily
targeting Indian military and government personnel as part of its espionage
activities. Android RAT, SpyNote malware associated with these threat actors,
are a Remote Access Trojans (RAT) that allows the attackers to gain control over
the infected devices. This control can include, but is not limited to, exfiltrate data
(contacts, images, documents) on device, record audio/video, download
malicious updates payloads, and conducting surveillance on the victims. Recent
C&C IPs and IOCs associated with these malwares is enclosed as Annexure-A.
2. The following actions are recommended for improved detection and
protection of personal mobile devices:
a. Regularly update your Android operating system to ensure you have the
latest security patches and bug fixes.
b. Use Google Play Store to minimize the risk of downloading malicious apps.
Avoid sideloading apps from unknown sources.
c. Pay attention to the permissions requested by apps during installation.
Grant only the necessary permissions that are required for the app’s
functionality.
d. Set up a secure lock screen pattern, PIN or password to prevent
unauthorized access to your device.
e. Set up two-step verification in whatsApp’s setting. This adds an extra layer of
security by requiring a PIN when registering your phone number with
WhatsApp.
f. Exercise caution when receiving messages or files from unknown or
suspicious contacts. Avoid clicking on suspicious links or downloading files
from untrusted sources.
3. It is requested that appropriate remedial action on the alert mentioned in the
Annexure-A may be taken immediately and Action Taken Report (ATR) may be
sent to it-mil@munitionsindia.in positively by 12-July-2024

N.O.O.
(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)
Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY/103 Dt. 05/07/2024

To,
The Chief General Manager
All Units under MIL
Sub: Advisory on Vulnerabilities –Regarding
Persistent information espionage campaign by Pak-based Threat Actors
by targeting Linux based Workstations
Ref: CIRA Advisor(Cyber)/S(01)/IR/2024/321 dt 13-06-2024
***
Vide references above; Pakistan based 36 actors have been consistently targeting
Indian information assets with the intention to collect intelligence and carry out
cyber espionage.
2. Upon tracking of recent malware campaign, it has been observed systems
under the control of Ministry of Defence have been communicating with the
Command & Control (C&C) server IPs of Mythic Malware. Mythic, an open source
post-exploitation/Command & Control malware framework, offers versatile
cross-platform payload creation capabilities for Linux, MacOS and Windows
systems. Recently there has been significant utilization of Mythic by actors based
in Pakistan, particularly to target Linux based workstations in India. Recent C&C
IPs and IPs associated with these malwares is enclosed as Annexure-A.
3. The following actions are to be undertaken with immediate effect for
improved detection and protection across the unit.
a. Enforce blocking or filtering protocols to restrict access to the identified
malicious domains. Additionally, perform comprehensive examinations of
network logs and security alerts to detect any potential indicators of
compromise.
b. Enhance employee awareness and training programs to educate staff
about the risk associated with interacting with suspicious emails, links or
attachments.
c. You are encouraged to disseminate this alert among pertinent
stakeholders within your area of responsibility for early detection and
swift response measures.
4. It is requested that appropriate remedial action on the alert mentioned in the
Annexure-A may be taken immediately and Action Taken Report (ATR) may be
sent to it-mil@munitionsindia.in positively by 12-July-2024
N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

2. The following actions are recommended for improved detection and

protection of personal mobile devices:
a. Regularly update your Android operating system to ensure you have the
latest security patches and bug fixes.
b. Use Google Play Store to minimize the risk of downloading malicious apps.
Avoid sideloading apps from unknown sources.
c. Pay attention to the permissions requested by apps during installation.
Grant only the necessary permissions that are required for the app’s
functionality.
d. Set up a secure lock screen pattern, PIN or password to prevent
unauthorized access to your device.
e. Set up two-step verification in whatsApp’s setting. This adds an extra layer of
security by requiring a PIN when registering your phone number with
WhatsApp.
f. Exercise caution when receiving messages or files from unknown or
suspicious contacts. Avoid clicking on suspicious links or downloading files
from untrusted sources.
3. It is requested that appropriate remedial action on the alert mentioned in the
Annexure-A may be taken immediately and Action Taken Report (ATR) may be
sent to it-mil@munitionsindia.in positively by 12-July-2024

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

No. MIL/HR/IT/CYBER-SECURITY/Meeting Dt. 08/07/2024

To
Shri. Ratan Prakash Shukla
DGM & LCSO
Ordnance Factory, Khamaria
Jabalpur Through: The Chief General Manager

Sub : Attendance Concern at Cyber Security Meeting on 05 July 2024

2nd Cyber Security Review Meeting was held on 05-July 2024 at 1400 Hrs. and all the
concerned LCSOs were informed about the meeting in advance. This is to address a
matter of significant concern regarding the absence of LCSO or any representative of
unit from the scheduled Cyber Security Meeting. This meeting was attended by all LCSOs
from all units except for OFK.

As you are aware, this meeting was convened to discuss crucial Cyber Security issues
that affect our organization as a whole. The topics covered were pivotal to our collective
responsibilities and the smooth functioning of our units. Your absence has raised
serious concerns about your commitment to fulfilling your responsibilities as a member
of this organization.
In order to understand the reasons behind LCSO’s non-attendance, It is requested an
immediate explanation from your side. It is imperative that all units participate actively
in this meeting to ensure alignment and cooperation across units. Your presence and
input are integral to the decision-making processes that impact our cyber security.
Please provide a detailed explanation of why you did not attend the scheduled meeting.

One of the critical points discussed was the implementation of Chakravyuh server.
please confirm your commitment to completing the installation of Chakravyuh server
within the next 10 days without fail. This timeline is crucial for us to proceed smoothly
for CSOC project timelines.
Please submit your explanation through Chief General Manager/OFK by 10th July 2024
positively.
N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

No. MIL/HR/IT/CYBERSECURITY/Chakravyuh Dt. 08/07/2024

To
The Chief General Manager/General Managers,
(All units under MIL)

Sub : High Priority Action –Procurement of Chakravyuh Server

Ref : CSG-DDP Letter No. 6202/CSG/STDN/DDP/G-41 dt 05-July-2024
***
Server for Chakravyuh is required to be procured and installed by respected units on top
priority. All units were requested to expedite necessary provisioning actions so that
Chakravyuh Servers are available and installed & commissioned as per the timelines
brought out.
2. In this regard, respective units are requested to forward following information with
respect to provisioning of Chakravyuh Servers.
(a) Tender Placement Date:
(b) Tender Opening Date:
(c) Total number and type of Chakravyuh Servers being provisioned:
(d) Date (Expected) of Placement of Supply Order:
(e) Expected date of availability of Chakravyuh Servers at site:
(f) Expected date of commissioning of Chakravyuh Servers at site:
3. It is pertinent to bring out the progress of the Project is being reviewed at highest
levels in the Ministry of Defence

4. Kindly expedite necessary actions and forward requisite information as outlined

above by 14:00 Hrs (3:30 pm) on Today, 08-July-2024 by email to
it-mil@munitionsindia.in

5. For immediate action please.

) (Kumar Vaibhav Gaur)
Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

MOST URGENT

No. MIL/HR/IT/CYBERSECURITY/Chakravyuh Dt. 10/07/2024

To
The Chief General Manager/General Managers,
(All units under MIL)

Sub : Commissioning of Chakravyuh Server by 31-Jul-2024

Ref : 1) CSG-DDP Letter No. 6202/CSG/STDN/DDP/G-41 dt 05-July-2024
2) eMail from Air Cmde,CSG-DDP, dt 08-July-2024
***
Vide references above, the Chakravyuh Server to be commissioned by 31-July-2024 in
all units under MIL. It is imperative that this deadline is met without exception. The
criticality of the implementation of the Server is mentioned in the attached Minutes of
Meeting. It is already mentioned in the minutes of meeting that this procurement shall
be done on emergency provisioning basis.

2. Despite previous directives urging immediate action for the procurement of the
Chakravyuh Server, MIL has received unsatisfactory responses from few units. This is
unacceptable. The server must be available and fully operational by the specified date of
31-July-2024.

3. All necessary specifications for the Chakravyuh Server have been previously
communicated to all units. Please ensure that these specifications are strictly adhered to
in the procurement and commissioning processes.
4. Please be aware that the progress of this critical project is being personally
monitored by the CMD/MIL and is under review at the highest levels within the Ministry
of Defence. Therefore, it is absolutely essential that all units expedite their actions and
complete the commissioning process as outlined in earlier communications.

5. Kindly expedite necessary actions and forward the progress report by email to
it-mil@munitionsindia.in by 13-07-2024

) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

Satus of Chakravyuh Server

(To be commissioned by 31-Jul-2024)

Unit Expected date of commissioning of Server

AFK

CFA 03-08-2024

HEPF

HEF 05-10-2024

OFBA 17-08-2024

OFBL

OFCH 20-10-2024 31-08-2024

OFDR 09-08-2024

OFI 20-08-2024

OFK 30-09-2024

OFN 03-08-2024

OFV
NADP 12-08-2024

OFILKH 15-09-2024

MILCOS

MILHQ

Satus of Chakravyuh Server

(As on 16-July-2024)

Unit Expected date of commissioning of Server

AFK SO Dt: 26-07-2024

CFA SO Dt: 23-07-2024

HEPF TE Open Dt: 26-07-2024

HEF Del-14-08-2024

OFBA LPC SO placed, Del-28-07-2024

OFBL SO Dt: 25-07-2024

OFCH SO Dt: 31-07-2024

OFDR SO Dt: 25-07-2024

OFI SO Dt: 28-07-2024

OFK SO Dt: 26-07-2024

OFN Del-03-08-2024

OFV SO Dt: 30-07-2024

NADP LPC SO placed, Del-21-07-2024

OFILKH Del-31-07-2024

म्यूनिशंस इंडिया लिमिटेड

भारत सरकार का उद्यम
रक्षा मंत्रालय

To,
The Chief General Manager
All Units under MIL
Sub: Advisory on Vulnerabilities –Regarding
Ref: 1. CSG-DDP L No 6258/CSG/STDN/DDP/G-12/Vol-V, 04/07/2024
2. CSG-DDP L No 6258/CSG/Advisory/G-12/Vol-VI, 05/07/2024
3. CSG-DDP L No 6258/CSG/Advisory/G-12/Vol-III, 11/07/2024
***
Vide references (1) to (3) above; CSG has communicated advisories on Malicious
Domains and Subdomains which are registered by Pakistan based threat actors,
to target personnel belonging to government organisations. Some of the domains
observed are enclosed herewith.

2. The following actions are to be undertaken with immediate effect for

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

CFA 12-Aug

HEPF - 15-Aug

HEF 31-July

OFBA - Server
delivered
OFBL 06-Aug `

OFCH 29-July

OFDR 03-Aug

OFI 05-Aug

OFK 08-Aug

OFN - 15-Aug

OFV - 15-Aug
NADP - Server
delivered
OFILKH - 10-Aug

Satus of Chakravyuh Server

(As on 08-Aug-2024)
Chakravyuh Server Log Collector Server (2 Nos)
Unit S.O. Status Delivery S.O. Status Delivery
Status Status
AFK 10-Aug BQ received, SO
will be placed on
08-Aug
CFA 12-Aug BQ received, SO
will be placed on
08-Aug
HEPF - 15-Aug SO placed on 07- Delivery by
Aug 12 Aug
HEF 31-July BQ received, SO
will be placed on
08-Aug
OFBA - Server BQ received, SO
delivered will be placed on
08-Aug
OFBL 06-Aug S.O. placed on Delivery by
07-Aug 12 Aug
OFCH 29-July BQ received, SO
will be placed on
08-Aug
OFDR 03-Aug S.O. placed on Delivery by
07-Aug 13 Aug
OFI 05-Aug S.O. placed on Delivery by
07-Aug 12 Aug
OFK 08-Aug S.O. placed on Delivery by
07-Aug 13 Aug
OFN - 15-Aug BQ received, SO
will be placed on
08-Aug
OFV - 15-Aug BQ received, SO
will be placed on
08-Aug
NADP - Server BQ received, SO
delivered will be placed on
08-Aug
OFILKH - 10-Aug BQ received, SO
will be placed on
08-Aug

Satus of Chakravyuh & Log Collector Server

(As on 09-Aug-2024 at 1500 Hrs)
Chakravyuh Server Log Collector Server (2 Nos)
Unit S.O. Status Delivery S.O. Status Delivery
Status Status
AFK SO will be placed -- SO placed on Delivery by
on 10-Aug 09-Aug 13 Aug
CFA SO will be placed -- SO placed on Delivery by
on 12-Aug 08-Aug 13 Aug
HEPF SO placed on 20-Aug SO placed on Delivery by
06-Aug 07-Aug 12 Aug
HEF SO placed on 20-Aug SO placed on Delivery by
31-July 08-Aug 12 Aug
OFBA SO placed on Server SO placed on Delivery by
18-July delivered 08-Aug 13 Aug
OFBL SO placed on 01-Sep S.O. placed on Delivery by
06-Aug 07-Aug 12 Aug
OFCH SO placed on 20-Aug SO placed on Delivery by
29-July 08-Aug 12 Aug
OFDR SO placed on 31-Aug S.O. placed on Delivery by
03-Aug 07-Aug 13 Aug
OFI SO placed on 31-Aug S.O. placed on Delivery by
05-Aug 07-Aug 12 Aug
OFK SO will be placed -- S.O. placed on Delivery by
on 10-Aug 07-Aug 13 Aug
OFN SO placed on 15-Aug SO placed on Delivery by
29-July 08-Aug 12 Aug
OFV SO placed on 15-Aug SO placed on Delivery by
08-Aug 08-Aug 12 Aug
NADP SO placed on Server SO placed on Delivery by
11-July delivered 08-Aug 13 Aug
OFILKH SO placed on 10-Aug SO placed on Delivery by
29-July 08-Aug 13 Aug

*****

Satus of Log Collector Server for Chakravyuh

Unit S.O. Date Expected Delivery Dt.

AFK

CFA

HEPF

HEF

OFBA

OFBL

OFCH

OFDR

OFI
OFK

OFN

OFV

NADP

OFILKH
म्यूनिशंस इंडिया
MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/SMS Dt. 06-08-2024

To
The Chief General Manager/General Managers,
(All units under MIL)

Sub : Leveraging Bulk SMS for Improved Communication

***
This is to highlight an important communication initiative that can significantly enhance
our operational efficiency and outreach capabilities across all units under MIL.

MILCO has recently implemented a Bulk SMS service procured through NICSI (National
Informatics Centre Services Inc.). This service has proven to be instrumental in
facilitating instant communication with our employees, stakeholders, and external
parties.
Benefits of Bulk SMS Facility:
Instant Communication: Reach all stakeholders simultaneously with important
updates, announcements, or alerts.
Cost-Effective: Efficiently manage communication costs compared to traditional
methods.
Wider Reach: Ensure messages are delivered promptly to a large audience, enhancing
engagement and responsiveness.
Enhanced Efficiency: Streamline communication processes, reducing delays and
improving overall operational efficiency.
Given these advantages, it is encouraged to all units under MIL to consider adopting the
Bulk SMS facility from NICSI. This step will not only align us with standardized
communication practices but also foster better collaboration and business growth
across our organization.
For more details on how to procure this service, please visit NICSI's eForms portal. Here
you can find comprehensive information about the service and initiate the procurement
process seamlessly.
Your support in embracing this initiative will undoubtedly contribute to the collective
success of our organization.

(Md. Shahir Farooqui)

Dy.General Manager
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

MOST-URGENT
No. MIL/HR/IT/CS/Chakravyuh Dt. 06/08/2024

To
The Chief General Manager
All units under MIL

Sub : Procurement of 2 Nos of Log Collector Servers

Ref : 1) CIRA Advisory(Cyber)/S(01/2024/410 dt 25-07-2024
2) VC held with Add. Secy.,DoD on 06-08-2024
**
Vide reference (1) above, it has been directed that all units under MIL need to
migrate their endpoints to hardened Linux based Operating system or Maya OS and
also initiate necessary procurements of servers for Chakravyuh deployments.
Accordingly, all units under MIL have started the procurement process of
Chakravyuh server. Vide reference (2) above, all units need to be on boarded to
Defence CSOC for which necessary Log Collectors need to be procured.
In view of the above all units are requested to- Initiate procurement of 2 Nos. of
Servers (per site/location) for Log Collector with following specifications:
Server Configuration for 2 Per Processor: 12+ core, Single Socket with
Log Collector Unit/ 2.4+ GHz (Intel or AMD)
Location RAM : 16+ GB
Storage: 2 * 4 TB+ HDD (Hardware RAID 1)
OS Storage: 2 * 480 GB SSD for OS
(Hardware RAID 1)
# Note: The storage requirement has to be reviewed anc accordingly catered by the
unit as it will depend on volume of logs. Units may add additional storage to be
servers or introduce secondary storage to cater to storage requirements as per
log/audit data storage policy in vogue. As a general estimate, a typical installation of
50 endpoints produces 150GB of alert data in 45 days (Calculation may be used for
generic estimations and not benchmarking)

Log collector Server for CSOC is required to be procured and installed by respected
unit as per specifications given above. As this point is to be completed by
13th Aug 2024, therefore it is requested to speed up the procurement of Hardware.
All units are to ensure that all Internet-facing systems in their premises are installed
with Maya O.S. as per MoD/DDP directions.

O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

MOST-URGENT

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय
No. MIL/HR/IT/CYBER-SECURITY/ADVISORY Dt. 09/02/2024
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का
MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CS/Adv Dt. 07/08/2024

To
The Chief General Manager
All units under MIL

Sub : Minumum specifications of Desktops/Laptops/Tablets required for

deploying NICs Endpoint Security Tools
Ref : CSG Letter No. 6203/CSG/STDN/DDP/Adv/G-5/Vol-VI dt 23-07-2024
**
Vide reference above, National Informiatics Centre (NIC) has been deploying cyber
security endpoint management tools in desktop/tablet across Ministries/Departments
for enavling centralized command and control of cyber security measures.

2. NIC has observed that some of the desktops/laptops/tablets do not meet the
requisite minimum specifications to support these endpoint security tools.

3. In this regard, NIC has proposed the minimum specifications to be mandated for
deployment of NIC’s endpoint security tools in desktops/laptops/tablets used by
office(s)/Department(s) of Government of India and the technical details of the same
is enclosed in Annexure-I.

4. Further, NIC has requested that all Ministries/Departments to ensure compliance

with the enclosed minimum specifications of dekstops/laptops/tablets for
safeguarding users.

5. In view of the above, it is requested to ensure, if possible, with enclosed minimum

specifications of dekstops/laptops/tablets in your unit.

6. Forwarded for your information and necessary action, please

(Md. Shahir Farooqui)

Dy.General Manager & SCSO
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in
निगमित कार्यालय पता: दूसरी मंजिल, न्याति यूनिट्री, नगर रोड, येरवडा, पुणे - 411 006
Regd. Address: Ammunition Factory, Khadki, Pune, Maharashtra – 411 003.
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CS/Maya Dt. 09/08/2024

To
The Chief General Manager
All units under MIL

Sub : Implementation of Maya O.S.- Compliance Required

Ref : Meeting held on 15th & 31st July 2024 with Defence Secretary(DP)
***
Vide reference above, all units are directed to fully implement the Maya
Operating System on all internet-facing PCs along with Chakravyuh Dashboard.
This upgrade is mandatory for all systems except those running specific
applications, namely Tally, Biometric & Digital Signature.

For PCs that are exempt due to these special applications, please ensure the
following:
 These PCs are dedicated solely to running Tally, Biometric & Digital
Signature and are not used for any other purposes.
 No official documents or other forms of official data are stored on these
PCs.
 These systems must have no applications or data installed other than
these three specified applications (Tally, Biometric & Digital Signature)

Kindly confirm your compliance with these requirements by sending an email

to it-mil@munitionsindia.in by 12-08-2024 positively. Also mention the number
of PCs using these three applications.

Your kind support and cooperation is highly solicited to strength cyber-posture

and protect the Defence Cyber Landscape.

(Md. Shahir Farooqui)

Dy. General Manager & SCSO

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CS/Maya Dt. 09/08/2024

To,
The Director
O/o. Advisor (Cyber) to Secretary
Dept. of Defence R&D, Ministry of Defence
Defence Research & Development Organisation
DRDO Bhawan HQ, “C” Block, Rajaji Marg
New Delhi- 110011

Sub : Implementation of Maya O.S.- Exemption request

***
All units under MIL, including headquarter, have successfully implemented the
Maya Operating System on all internet-facing PCs.
To provide you with a detailed overview:
Exceptions: Certain PCs that are equipped with specialized applications—
namely Tally, Biometric & Digital Signature have not undergone this OS
upgrade. These systems are essential for running these specific applications
and are exempt from the Maya OS.
Data and Application Management: For the PCs running applications Tally,
Biometric & Digital Signature, it is strictly ensured that:
 No official data is stored on these PCs.
 No additional applications are installed, other than these three special
applications.

In light of this, it is requested to give above exemption to all units under MIL.

(Md. Shahir Farooqui)

Dy. General Manager & SCSO

we kindly request your approval to proceed with the installation of the

dashboard for OS Tez. This dashboard will be crucial for enhancing our system
management capabilities and monitoring performance effectively.

Please review the details provided and grant the necessary approval at your
earliest convenience. Should you require any further information or
documentation, please do not hesitate to contact me.

Thank you for your attention to this matter and for your continued
support.
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBERSECURITY Dt. 22/08/2024

To
The Chief General Manager,
(All units under MIL)

Sub: Advisory: Phishing Domain Mimicking Department of Defence & NIA

Ref : 1) 6258/CSG/STDN/DDP/ADVISORY-VI dt 11.07.2024
2) 6203/CSG/STDN/DDP/ADVISORY/G-5/Vol-VI dt 29.07.2024
***
Certain phishing URLs have been found to be mimicking various Government
Organisations Domains including NIA. A phishing URL
(https://nia.gov.in.incidentreports.info) mimicking National Investigation
Agency (NIA) is created mimicking by unknown threar actors.

2. The phishing campaign is primarily aimed to steal sensitive information like

Government login credentials, credit card details or other personal data that can
be exploited for fraudulent purposes.

3. Here, it is pertinent to mention that all thease phishing URLs have ‘.au’
extension and are registered using services of ‘Digital Host’ Name Servers.

4. In this regard, cyber–Security NIC has issued an advisory for “Phishing Domain
Mimicking Indian Government Organisations” and the same is enclosed with this
letter.

5. Forwarded for your information and further dissemination for necessary

action, please

N.O.O.
(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)
Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBERSECURITY Dt. 22/08/2024

To
The Chief General Manager,
(All units under MIL)

Sub: Advisory to all PFMS users regarding safety & security measures -
for safeguarding Digital Data
Ref: 6203/CSG/STDN/DDP/G-5/Vol-IV dt 26.07.2024
***

In order to mitigate the risks of cyber attackts & as a preventive measure, all
Public Finance Management System (PFMS) users are requested that PFMS
credentials & data may not be shared in social media platform (i.e. WhatsApp,
Messenger, Telegram, etc). sharing of user credentials, even with offline
colleagues can have serioud consequences including data theft, financial loss,
frausient transactions and identity theft.

2. In this reagard, Controller General of Accounts, Department of Expenditure,

Ministry of finance has issued an advisory for all PFMS users and the same is
placed at Annexure to this letter.

3. In view of the above, all concerned are hereby requested to issue necessary
instruction to the PFMS users under their administrative control for compliance
of instructions as per Annexure.

4. Forwarded for your information and necessary action please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBERSECURITY Dt. 22/08/2024

To
The Chief General Manager,
(All units under MIL)

Sub: MeitY guidelines on Information Security Practices for Govt. Entities.

Ref : 6202/CSG/STDN/DDP/ADVISORY/G-5/Vol-V dt 30-07.2024
***
Ministry of Electronics and Information Technology (MeitY) have brough out that
various mechanisms and guidelines have been put in place which are aimed at
preventing cyber-attacks and responding to cyber-related incidents. These
include comprehensive Cyber Crisis Management guidelines which are available
on website of CERT-In :
https://www.cert-in.org.in/PDF/guidelinesgovtentities.pdf
Adhering to these guidelines will strengthen the overall cyber security postures
of government entities and safeguard sensitive information against potential
cyber threats. The compliance status on the same may kindly be communicated
to it-mil@munitionsindia.in by 31-Aug-2024 for compliance of onward
communication to CSG-DDP & MeitY

Forwarded for information and necessary action, please

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय
No. MIL/HR/IT/CYBERSECURITY Dt. 23/08/2024

To,
The Chief General Manager
All Units under MIL

Sub: Submission of evidences/Action taken report for Cyber Breach

cases/Incidents of DDP Divisions/Organisations
Ref: CSG-DDP Letter No. 6258/CSG/STDN/DDP/G-86 dt 13-08-2024

***
A review meeting under the chair of Additional Secretary (DoD), MoD was held
on 15 Jul 2024 to review “Status of ATRs pertaining to the Cyber Security
incidensts of various Departments of MoD and requisite Cyber Security
measures”.
2. During the review, concern has been raised by Additional Secretary (DoD),
MoD over the delay in submission of Evidences or Action Taken Report (ATR) for
the pending cases of MoD organisations. It was required to be undertaken by
various stakeholders on priority for enhancement of Cyber Security Posture of
MoD and its constituents.
3. In view of the above, CGMs of all units are requested to personnaly monitor
progress of various cyber breach cases/incidents and ensure submission of
evidences /Action Taken Report (ATR), as applicable, for their respective cyber
breach cases/incidents pending for more then 06 months to CSG-DDP and CIRA
on priority.
4. Forwarded for your information and necessary action on priority, please

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

To,
The Chief General Manager
All Units under MIL

Sub: ADVISORY: PHISHING ATTACKS

Ref: CSG-DDP No. 6203/CSG/STDN/DDP/G-5/Vol-VII dt 02-08-2024
***
Information has been received by CSG-DDP, that several spear phishing
compaigns have been launched by cyber adversaries recently targeting Defence
personnel.
2. In this regard, copy of Advisory on phishing attacks issued by MoD Cyber Cell
is placed at Enclosure
3. Invetigation of recent phishing campaigns have revealed the following: -
(a) Cyber adversaries are using several innovative and novel mtethods for
delivering phishing mails and ensuring that the mails are opened by the
Defence personnel.
(b)Targeted Phishing attempts against high ranked defence personnel have
been launched with aim to collect sensitive information in their internet
connected PCs and emails. As many of these accounts are operated by
clerical staff, their lack of cyber hygiene is exploited for the same.
(c) On analysis of phishing campaigns observed in recent months, it is
envisaged that the number of phishing emails is on the rise, with targeted
mails being crafted for high ranked officials. Alerts for all these campaigns
have already been promulgated at the environment.
4. The Modus operandi, Preventive measures, Mitigation measures are covered in
detail in the enclosed Advisory
5. The following actions are recommended: -
(a) Focused security awareness/training for personnel handling internet
facing assets and NIC account holders/operators be conducted.
(b)Wide dissemination of phishing related mail alerts and WhatsApp
alerts to be ensured for adequate cyber security awareness against
Phishing.

….2
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : mil-pune@munitionsindia.in
निगमित कार्यालय पता: दूसरी मंजिल, न्याति यूनिट्री, नगर रोड, येरवडा, पुणे - 411 006
Regd. Address: Ammunition Factory, Khadki, Pune, Maharashtra – 411 003.
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in

-2-

(c) 100% Antivirus scan of all internet facing ICT assets need to be
conducted in the respective units and detection of any malware/virus
to needs to be reported to CISO and Security Group-DDP/CIRA/MoD
Cyber Cell for information and further directions.

6. Forwarded for your information and necessary action on priority, please

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

No. MIL/HR/IT/CYBERSECURITY Dt. 30/08/2024

To
The Chief General Manager,
(All units under MIL)

Sub: Advisory: Onboarding of units on “Cyber Swachhta Kendra” -Reg

Ref : 6203/CSG/STDN/DDP/ADVISORY/G-5/Vol-VI dt 21-08.2024
***
With the rapid adoption of technology and the significant importance of data held
by government entiries, it is imperative that threat prevenstion mechanisms are
put in place in view of the heightened risks of cyber-attcks.

2. CERT-In is the national agency for responding to computer security incidents

in the country. One of the key objectives of CERTI-In is to prevent cyber-
attacks against the country’s cyber space. In this direction CERT-In has
undertaken various initiatives which have been instrumental in preventing
large number of attacks in the country.

3. As a part of the functions assigned, CERT-In has set up Cyber Swachhta Kendra
(Botnet Cleaning and Malware Analysis Centre) which has been operational
since December 2016.

4. The aforesaid centre has deployed mechanisms, to detect IP addresses infected

with botnet/malware or vulnerable services running within the IT
infrastructure of department/organisations and, for sharing automated daily
reports/deed with details of such events with respective
department/organisations, to enable clean up actions.

5. Cyber Swachhta Kendra (CSK) also provides a web portal

(https://www.csk.gov.in and https://www.सीएसके.सरकार.भारत) wherein users
of infected systems can download “free bot removal tool” and other necessary
tools/software free of cost.

…2

-2-

6. It is requested to onboard on the CERT-In CSK at the earliest by sharing details

mentioned below and get benefited by the services offered.

a) Office/Unit Address :
b) Details of branch offices and their locations:
c) Name and contact details ( phone/email/postal address ) of the
CISO/SCSO/LCSO
d) All Public IP address ranges used by the unit
i) Dedicated IP addresses assigned by NIC/NKN
ii) IP addresses other than NIC/NKN
e) Details of dedicated point of contact/email id for receiving automated
email notification from “Cyber Swachhta Kendra” on daily basis.

7. Units may contact following officers regarding their onboarding to Cyber

Swachhta Kendra (CKS)
1) Sh. S.S. Sarma, Scientist ‘G’ email- ss.sarma@meity.gov.in
2) Sh. Bhupendra Singh Awasya, Scientist ‘E’ email-bs.awasya@meity.gov.in
8. The compliance status along with the details mentioned at para no.6 may
kindly be communicated to it-mil@munitionsindia.in by 12-Sep-2024 for
compliance and onward communication to CSG-DDP & MeitY

9. Forwarded for information and necessary action, please

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

Status of Chakravyuh & Log Collector Server

Chakravyuh Server Log Collector
st nd
Unit 1 Server delivery Status 2 Server Proc. Installation Point of Contact
Earlier DP Current DP Status Status
AFK 26-Aug 01-Sep Proc. action has Installed Saday Kumar,WM
been initiated 9455114516
CFA 31 Aug 31-Aug Proc. action has Delivered P.K.Behera,DGM
been initiated 9994245114
HEPF 20 Aug 31-Aug SO placed on Delivered Kota Venkata
29-Aug Kiran,DGM
7598227758
HEF 20 Aug 15-Sep Proc. action has Installed P.K.Nanda,WM
been initiated 9890550487
OFBA delivered Proc. action has Delivered S.K.Jindal,WM
been initiated 9404703213
OFBL 01 sept 01-Sep Proc. action has Delivered Anoop Dwivedi,DGM
been initiated 8275741266
OFCH 20-Aug 07 Sept Proc. action has Delivered Prashant Surkar,DGM
been initiated 9405529377
OFDR 31-Aug 07-Sep Proc. action has Installed Amit Rawat,DGM
been initiated 9420950229
OFI 31-Aug 31-Aug Proc. action has Delivered Anil Kr Meena, DGM
been initiated 9405988824
OFK 22-Aug 06-Sep Delivery by Installed Ratan Prakash Shukla,
13-Sep DGM
7089210090
OFN 26-Aug 02-Sep Proc. action has Delivered Sudhanshu Prasad,
been initiated JGM
9472984075
OFV 31-Aug 20-Sep Proc. action has Delivered A.S.Wasu,WM
been initiated 9175293744
NADP delivered Proc. action has Delivered Mohan Agrawal,DGM
been initiated 8249557225
OFILKH delivered Delivery by Installed Log Shailendra
07-Sep Server and Parashar,AWM
Chakra 8770088627
MILCO delivered Proc. action has Installed Vaibhav Kumar Gaur,
been initiated GM
9013763678

*****

Status of Chakravyuh & Log Collector Server

As on 04-Sep-2024
Chakravyuh Server Log Collector
Unit 1st Server delivery Status 2nd Server Proc. Installation Point of Contact
Earlier DP Current DP Status Status
AFK 26-Aug 08-Sep Proc. action has Installed Saday Kumar,WM
been initiate d 9455114516
CFA 31 Aug 08-Sep Proc. action has Installed P.K.Behera,DGM
been initiated 9994245114
HEPF 20 Aug 09-Sep SO placed on Delivered Kota Venkata
29-Aug Kiran,DGM
7598227758
HEF 20 Aug 15-Sep Proc. action has Installed P.K.Nanda,WM
been initiated 9890550487
OFBA delivered Proc. action has Delivered S.K.Jindal,WM
been initiated 9404703213
OFBL 01 sept 09-Sep Proc. action has Delivered Anoop Dwivedi,DGM
been initiated 8275741266
OFCH 20-Aug 07 Sept Proc. action has Installed Prashant Surkar,DGM
been initiated 9405529377
OFDR 31-Aug 07-Sep Proc. action has Installed Amit Rawat,DGM
been initiated 9420950229
OFI 31-Aug delivered Proc. action has Delivered Anil Kr Meena, DGM
been initiated 9405988824
OFK 22-Aug 06-Sep Delivery by Installed Ratan Prakash Shukla,
13-Sep DGM
7089210090
OFN 26-Aug 09-Sep Proc. action has Delivered Sudhanshu Prasad,
been initiated JGM
9472984075
OFV 31-Aug 20-Sep Proc. action has Delivered A.S.Wasu,WM
been initiated 9175293744
NADP Delivered & Installed Proc. action has Delivered Mohan Agrawal,DGM
been initiated 8249557225
OFILKH Delivered & Installed Delivery by Installed Shailendra
07-Sep Parashar,AWM
8770088627
MILCO delivered Proc. action has Installed Vaibhav Kumar Gaur,
been initiated GM
9013763678

*****

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE

भारत सरकार का उद्यम MINISTRY OF DEFENCE

रक्षा मंत्रालय
No. MIL/HR/IT/CYBER-SECURITY/Website Dt. 04/09/2024

To,
The Chief General Manager
All units under MIL

Sub: Unit Website - Immediate Action Required

***

This is to inform that, in accordance with the Cyber Security Policy and directives
issued by Cyber Security Group, only one official website is authorized to be
maintained by MIL headquarter. The website should be hosted on NIC Server with
Safe to Host (STH) certificate duly obtained from CERT-In empanelled Auditors and
subsequent security clearance from CIRA should be obtained. It has come to notice
that few units are currently operating an individual website that is not hosted on the
NIC web server and is unsecure. This situation is in violation of our organization’s
cyber security guidelines.

As per the policy, no websites should be hosted without prior authorization from MIL
headquarter. Therefore, we request that you take immediate action to address this
issue. Please proceed to take down the unauthorized website and unregister the
hosted domain without delay. For more details, please visit https://registry.gov.in

Since the matter is of highly classified and sensitive nature, hence your personal
intervention is essential.

For immediate action please.

(Md. Shahir Farooqui)

Dy.General Manager & SCSO

म्यूनिशंस इंडिया
MUNITIONS INDIA LIMITED
लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का उद्यम MINISTRY OF DEFENCE
रक्षा मंत्रालय
No. MIL/HR/IT/CYBER-SECURITY/MeitY Dt. 05/09/2024

To,
The Chief General Manager
All units under MIL

Sub: Cyber Security Architecture – Implementation of

Ref: 1) CSG-DDP Letter/email dt. 28-08-2024
2) MeitY letter No. M-13/988/2024-CSG dt 24
***
Pursuant to a high-level dicisions following review of cyber security posture,
“Guidelines on mandatory features of cyber security architecture”, issued by Ministry
of Electronics and Information Technology (MeitY) is placed at Annexure-A, are issued
hereby. Adherence to the same is to be ensured by all units under MIL
2. The said guidelines lay down the minimum cyber security requirements that are
required to be implemented by units to protect their digital assets from cyber
threats. They identify the key features and measures to be taken by the departments
for effective governance and implementation of cyber and information security
practices. The guidelines include provisions aimed at continuous monitoring and
compliance to enhance cyber security posture and to improve cyber resilience.
3. The LCSO of the units may be directed to ensure full adherence to these guidelines
withing a period of six months. It is requested to refer Annexure-B while doing
Internal Cyber Security of your unit. Further, it is requested to submit the action plan
for implementation of the guidelines with pert chart along with timeline by
20-Sep-2024, to facilitate review of the same and forward transmission to CSG-DDP
& MeitY. Also, send the weekly progress report on every Monday to
it-mil@munitionsindia.in

4. For immediate action please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

To,
The Chief General Manager
All units under MIL

Sub: Cyber Security Architecture – Implementation of

4. For immediate action please.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

लिमिटेड A GOVT. OF INDIA ENTERPRISE
भारत सरकार का MINISTRY OF DEFENCE
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CYBER-SECURITY Dt. 12/09/2024

To,
The Chief General Manager
All Units under MIL

Sub: Advisory on Vulnerabilities –Regarding

1) Simple Network Management Protocol (SNMP) old verions
2) Spurious email from variation designation-based mail ID

Ref: 1) CSG-DDP No.6202/CSG/STDN/DDP/G-5 Vol-III 20-Aug-2024

2) CSG-DDP No.6202/CSG/STDN/DDP/G-5 Vol-III 16-Aug-2024
***
Vide reference (1) above; National Agency has revealed that on
investigation of recent cyber incident, prevailing SNMP (Simple Network
Management Protocol) vulnerability was noticed in internet connected
CISCO devices (Switches and Routers) which can lead to exploitation of the
devices by threat actors to gain control over the network. Vulnerabilities in
outdated versions of SNMP and remedial measures/Recommendations are
attached in “Annexure-A”

2. Vide reference (2) above; Advisory on spurious email from variation

designation-based mail ID is attached. Phishing emails being received from
the emaild IDs of MoD personnel, it is felt that all the personnel within the
units need to be made aware of Phishing mails and how to prevent cyber
incidents due to it. The necessary steps are given in “Annexure-B” to
safeguard all user.

3. It is requested that appropriate remedial action on the alert mentioned

in Annexure-A and Annexure-B may be taken immediately and Action
Taken Report (ATR) may be sent to it-mil@munitionsindia.in positively by
20-Sep-2024

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : mil-pune@munitionsindia.in
निगमित कार्यालय पता: दूसरी मंजिल, न्याति यूनिट्री, नगर रोड, येरवडा, पुणे - 411 006
Regd. Address: Ammunition Factory, Khadki, Pune, Maharashtra – 411 003.
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in
Status of Chakravyuh & Log Collector Server
As on 17-Sep-2024
Chakravyuh Server Log Collector
Unit 1st Server delivery Status 2nd Server Proc. Installation Point of Contact
Earlier DP Current DP Status Status
AFK Delivered & Installed Under Delivered & Saday Kumar,WM
Procurement Installed 9455114516
CFA delivered Under Delivered & P.K.Behera,DGM
Procurement Installed 9994245114
HEPF delivered Under Delivered & Kota Venkata
Procurement Installed Kiran,DGM
7598227758
HEF delivered Under Delivered & P.K.Nanda,WM
Procurement Installed 9890550487
OFBA delivered Under Delivered S.K.Jindal,WM
Procurement 9404703213
OFBL 01 sept 20-Sep Under Delivered & Anoop Dwivedi,DGM
Procurement Installed 8275741266
OFCH Delivered & Installed Under Delivered & Prashant Surkar,DGM
Procurement Installed 9405529377
OFDR delivered Under Delivered & Amit Rawat,DGM
Procurement Installed 9420950229
OFI Delivered & Installed Under Delivered & Anil Kr Meena, DGM
Procurement Installed 9405988824
OFK delivered Delivery by Delivered & Ratan Prakash Shukla,
30-Sep Installed DGM
7089210090
OFN 26-Aug 18-Sep Under Delivered Sudhanshu Prasad,
Procurement JGM
9472984075
OFV 31-Aug 20-Sep Under Delivered A.S.Wasu,WM
Procurement 9175293744
NADP Delivered & Installed Under Delivered Mohan Agrawal,DGM
Procurement 8249557225
OFILKH Delivered & Installed Delivered Delivered & Shailendra
Installed Parashar,AWM
8770088627
MILCO Delivered & Installed Under Delivered & Vaibhav Kumar Gaur,
Procurement Installed GM
9013763678
*****

Status of Chakravyuh & Log Collector Server

As on 29-Sep-2024
Chakravyuh Server Log Collector
st nd
Unit 1 Server delivery Status 2 Server Proc. Installation Point of Contact
Earlier DP Current DP Status Status
AFK Delivered & Installed Under Delivered & Saday Kumar,WM
Procurement Installed 9455114516
CFA Delivered Under Delivered & P.K.Behera,DGM
Procurement Installed 9994245114
HEPF Delivered Under Delivered & Kota Venkata
Procurement Installed Kiran,DGM
7598227758
HEF Delivered Under Delivered & P.K.Nanda,WM
Procurement Installed 9890550487
OFBA Delivered Delivered Delivered & S.K.Jindal,WM
Installed 9404703213
OFBL Delivered , Under Delivered & Anoop Dwivedi,DGM
Installation on 28-Sep Procurement Installed 8275741266
OFCH Delivered & Installed Under Delivered & Prashant Surkar,DGM
Procurement Installed 9405529377
OFDR Delivered Under Delivered & Amit Rawat,DGM
Procurement Installed 9420950229
OFI Delivered & Installed Under Delivered & Anil Kr Meena, DGM
Procurement Installed 9405988824
OFK Delivered & Installed Delivery by Delivered & Ratan Prakash Shukla,
30-Sep Installed DGM
7089210090
OFN Delivered Under Delivered Sudhanshu Prasad,
Procurement JGM
9472984075
OFV Delivered Under Delivered & A.S.Wasu,WM
Procurement Installed 9175293744
NADP Delivered & Installed Under Delivered & Mohan Agrawal,DGM
Procurement Installed 8249557225
OFILKH Delivered & Installed Delivered Delivered & Shailendra
Installed Parashar,AWM
8770088627
MILCO Delivered & Installed Under Delivered & Vaibhav Kumar Gaur,
Procurement Installed GM
9013763678

*****
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
A GOVT. OF INDIA ENTERPRISE
लिमिटेड
MINISTRY OF DEFENCE
भारत सरकार का
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CS/ADVISORY Dt. 30/09/2024

To,
The Chief General Manager
All Units under MIL

Sub: ADVISORY ON MODEL TECHNICAL SPECIFICATIONS OF DESKTOP

PCs AND TABLET PCs FOR PROCUREMENT
Ref: CSG-DDP No.6202/CSG/STDN/Advisory/G05 Vol-V 10-Sep-2024
***
Vide reference (1) above; MeitY has intimated that the government has
issued Public Procurement (Preference to Make in India0 Order 2017 vide
the Department of Promotion of Industry and Internal Trade (DPIIT)
Order No. P-45021/2/2017-BE-II dated 15.06.2017 and subsequent
revisions vide order No. P-45021/2/2017-BE-II dated
28.05.2018,04.06.2020,16.09.2020 and 19.07.2024 to encourage “Make in
India” and to promote manufacturing and production of goods and
services in India with a view to enhance income and employment.

2. In furtherancd of aforesaid Order, MeitY has notified mechanism for

calculating local content for 14 Electronic Products, Including desktop PCs,
Laptop PCs and Tablet PCs.

3. In order to colsolidate demand and streamline the procurement process

of foresaid ICT products, MeitY, in consultation with the industry
stakeholders has formulated the updated Model Technical Specification of
Desktop PCs and Tablet PCs for procurement to be made by
Ministries/Departments and their agencies/PSUs (copy enclosed as
Annexure-I). The procuring entities shall incorporate the specification of
Desktop PCs, Laptop PCs and Tablet PCs, as per their requirement, in the
tender document from the Model Technical Specifications.

4. It is hereby requested to utilize the updated Model Technical

Specification issued by MeitY for procurement of Desktop PCs, Laptop PCs
and Tablet PCs for usual official requirements. In case of any specific
requirements for high computation or memory intensive infrastructure,
the procurement agencies may specify different specification from the

…2
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : mil-pune@munitionsindia.in
निगमित कार्यालय पता: दूसरी मंजिल, न्याति यूनिट्री, नगर रोड, येरवडा, पुणे - 411 006
Regd. Address: Ammunition Factory, Khadki, Pune, Maharashtra – 411 003.
Corporate Office Address: 2nd Floor, Nyati Unitree, Nagar Road, Yerwada, Pune – 411 006
दूरभाष सं / PHONE No. 020-67080400, Email : it-mil@munitionsindia.in

-2-

model technical specification as suggested by MeitY. The validity of these

updated Model Technical Specification for Desktop, Laptop and Tablet will
stand by the end of FY 2026-27 i.e. 31-03-2027 or until further orders,
whichever is earlier.

5. Further, MeitY has requested Government e-Market place (GeM) to

upload the aforesaid Model Technical Specification at GeM portal with
suitable instructions.

6. Forwarded for information and necessary action, please.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL
म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED
A GOVT. OF INDIA ENTERPRISE
लिमिटेड
MINISTRY OF DEFENCE
भारत सरकार का
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CS/ADVISORY Dt. 30/09/2024

To,
The Chief General Manager
All Units under MIL

Sub: CYBER SECURITY BEST PRACTICE SOCIAL MEDIA ADVISORIES

Ref: CSG-DDP No.6203/CSG/STDN/Advisory/G5 Vol-VI 29-08-2024
***

Please refer MoD Cybercell Letter No. A-52786/MoD Cyber

Cell/Advisory/2024/7CB/310 dated 25-July-2024 (Annexure-I)

2. Recently increasing number of incidents on Social Media has been reported and
PIO honey trapping Indian Govt. Officers to extract Defence related Information has
also come to notice.

3. List of Social Media Best Practices with all precautions to be followed has been
prepared and is enclosed in Annexure-I

4. Forwareded for your information and necessary action , please

N.O.O.
(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)
Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

म्यूनिशंस इंडिया MUNITIONS INDIA LIMITED

A GOVT. OF INDIA ENTERPRISE
लिमिटेड
MINISTRY OF DEFENCE
भारत सरकार का
उद्यम
रक्षा मंत्रालय

No. MIL/HR/IT/CS/ADVISORY Dt. 30/09/2024

To,
The Chief General Manager
All Units under MIL

Sub: ADVISORY: MODIFICATION/TEMPERING OF EVIDENCES

RELATED TO CYBER INCIDENTS
Ref: CSG-DDP No.6258/CSG/STDN/DDP/G-12/Vol-IV 09-09-2024
***
It has come to light that, in some of the cyber breach cases/incidents under
investigation, the devices of compromised systems are being modified/tempared.
This issue has been viewed very seriously by the Higher Authorities in MoD/DDP.

2. In view of the above, it is strongly emphasized not to make any changes to the
devices which have been identified to be belonging to the system from which cyber
incident/cases appears to have originated. These changes may be in terms of
formatting/OS change or any other activity which changes the state of such systems.

3. In view of the above, it is requested that all the sections/units under your area of
Responsibility (AoR) may be sensitized to be cautious while handling evidences of
compromised device(s) of cyber breach case/incidents and not to modify/tamper
such devices in any manner.

4. Please ensure Strict Compliance.

N.O.O.

(Md. Shahir Farooqui) (Kumar Vaibhav Gaur)

Dy.General Manager & SCSO General Manager & CISO
For CMD/MIL

26 DPSU Munitions High Explosives Available Installed Receiving 51

(New) India Limited Factory, Khadki (HEF),
(MIL) Pune

27 DPSU Munitions Ammunition Factory Installed 4 Installed Receiving 71

(New) India Limited Khadki (AFK), Pune
(MIL)

28 DPSU Munitions Ordnance Factory Available Installed Receiving 6

(New) India Limited Dehu Road (OFDR),
(MIL) Pune

29 DPSU Munitions Ordnance Factory Available Installed Not Receiving 1 No Static IP

(New) India Limited Varangaon (OFV)
(MIL)

30 DPSU Munitions Ordnance Factory Available Installed Receiving 5

(New) India Limited Bhandara (OFBA)
(MIL)
31 DPSU Munitions Ordnance Factory Available Installed Receiving 1
(New) India Limited Chanda (OFCH)
(MIL)

32 DPSU Munitions National Academy of Installed 17 Installed Receiving 1

(New) India Limited Defence Production
(MIL) (NADP), Nagpur

33 DPSU Munitions Cordite Factory Available Installed Not Receiving 0 Firewall Issue
(New) India Limited Aruvankadu (CFA)
(MIL)

34 DPSU Munitions High Energy Projectile Available Installed Not Receiving 0 Firewall Issue
(New) India Limited Factory (HEPF), Trichy
(MIL)

35 DPSU Munitions Ordnance Factory Available Deputed

(New) India Limited Itarsi (OFI)
(MIL)

36 DPSU Munitions Ordnance Factory Installed 3 Installed Receiving 169

(New) India Limited Khamaria (OFK),
(MIL) Jabalpur

37 DPSU Munitions Ordnance Factories 15 11 Installed 11 Installed Not Receiving 11 NIL

(New) India Limited Institute of Learning
(MIL) (OFILKH), Khamaria
38 DPSU Munitions Ordnance Factory Available Installed Receiving 0
(New) India Limited Bolangir (OFBL)
(MIL)

39 DPSU Munitions Ordnance Factory Available Deputed

(New) India Limited Nalanda (OFN)
(MIL)
Chakra OPLC
Unit Chk.Server No. of Log Log Status No. of Exempted Remarks
agents Collector Log Internet
installed Agents PC from
installed Maya

AFK Installed 4 Installed Receiving 71

Firewall
CFA Available Installed Not Receiving 0 Issue
HEF Available Installed Receiving 51
Firewall
HEPF Available Installed Not Receiving 0 Issue
OFDR Available Installed Receiving 6
OFV Available Installed Not Receiving 1 No Static IP
OFBA Available Installed Receiving 5
OFCH Available Installed Receiving 1
OFI Available Deputed
OFK Installed 3 Installed Receiving 169
OFBL Available Installed Receiving 0
OFN Available Deputed
NADP Installed 17 Installed Receiving 1
Firewall
OFILKH Installed 13 Installed Not Receiving 13 Issue
REW
R
ERWE
R

Cyber Security Management Guidelines
100% (1)
Cyber Security Management Guidelines
39 pages
Lead Cyber Security Manager
No ratings yet
Lead Cyber Security Manager
30 pages
Cyber Security Guide
No ratings yet
Cyber Security Guide
59 pages
Draft SOP - Cyber Cell - Handling Cyber Incidents Attacks in UT of Puducherry - Oct-2023
No ratings yet
Draft SOP - Cyber Cell - Handling Cyber Incidents Attacks in UT of Puducherry - Oct-2023
9 pages
20160720-Cyber Primer Ed 2 Secured
100% (1)
20160720-Cyber Primer Ed 2 Secured
100 pages
1.internal Security - Mains CA Articles
No ratings yet
1.internal Security - Mains CA Articles
134 pages
Unit 3
No ratings yet
Unit 3
10 pages
Internal Security
No ratings yet
Internal Security
134 pages
202411111122674187
No ratings yet
202411111122674187
110 pages
The Art of Penetration Testing A Practical Guide
50% (2)
The Art of Penetration Testing A Practical Guide
221 pages
SEBI Cyber Security and Cyber Resilience Framework For Mutual Funds Asset Management Companies
No ratings yet
SEBI Cyber Security and Cyber Resilience Framework For Mutual Funds Asset Management Companies
8 pages
Cyber Security
No ratings yet
Cyber Security
98 pages
NCIIPC Newsletter Jul22
No ratings yet
NCIIPC Newsletter Jul22
42 pages
CSM Guideline v2.0 en
No ratings yet
CSM Guideline v2.0 en
39 pages
2019 Cybersecurity Resource and Reference Guide - DoD-CIO - Final - 2020FEB07
No ratings yet
2019 Cybersecurity Resource and Reference Guide - DoD-CIO - Final - 2020FEB07
53 pages
Cybersecurity Resource and Reference Guide - Stamped
No ratings yet
Cybersecurity Resource and Reference Guide - Stamped
59 pages
UMASS NISTCSF October 2016 Presentation Rev2
No ratings yet
UMASS NISTCSF October 2016 Presentation Rev2
22 pages
ETI Microproject Up
No ratings yet
ETI Microproject Up
23 pages
CyberSecurityPPT V3 2
No ratings yet
CyberSecurityPPT V3 2
23 pages
CyberSecurityPPT V3 1
No ratings yet
CyberSecurityPPT V3 1
23 pages
Living in The It Era Unit Iiiiv 1
No ratings yet
Living in The It Era Unit Iiiiv 1
22 pages
Document 3 Cybersecurity Essentials
No ratings yet
Document 3 Cybersecurity Essentials
2 pages
MGT (Code With Krrish)
No ratings yet
MGT (Code With Krrish)
19 pages
Get The MSP S Guide To A Multi Layered Security Approach 1718419975
No ratings yet
Get The MSP S Guide To A Multi Layered Security Approach 1718419975
20 pages
(ISC) 2 CC Last Minute Review Guide
100% (3)
(ISC) 2 CC Last Minute Review Guide
12 pages
Cyber Security Shipra
No ratings yet
Cyber Security Shipra
10 pages
Cyber Security Suggestions - SVKG in
No ratings yet
Cyber Security Suggestions - SVKG in
55 pages
IFF Microsoft Cyber Raksha Program
No ratings yet
IFF Microsoft Cyber Raksha Program
7 pages
Bishesh
No ratings yet
Bishesh
7 pages
Cyber Security Presentation
No ratings yet
Cyber Security Presentation
11 pages
OVERVIEW OF CYBERSECURITY Edied
No ratings yet
OVERVIEW OF CYBERSECURITY Edied
8 pages
Cybersecurity Lessons Learned
No ratings yet
Cybersecurity Lessons Learned
10 pages
Cyber Security - Unit-I
No ratings yet
Cyber Security - Unit-I
9 pages
Cyber Security
No ratings yet
Cyber Security
5 pages
DBM Tutorial 5
No ratings yet
DBM Tutorial 5
6 pages
CYBER SECURITY by @brainmeGS
No ratings yet
CYBER SECURITY by @brainmeGS
4 pages
Ms. Rohini Hulsure: Nagesh Jaybhaye 2216490276
No ratings yet
Ms. Rohini Hulsure: Nagesh Jaybhaye 2216490276
14 pages
MT Cyber Security - Compressed
No ratings yet
MT Cyber Security - Compressed
3 pages
Overview of Cybersecurity
No ratings yet
Overview of Cybersecurity
3 pages
ch1 Introduction
No ratings yet
ch1 Introduction
3 pages
Cyber Security
No ratings yet
Cyber Security
3 pages
OM CyberSecurity
No ratings yet
OM CyberSecurity
7 pages
MGT 61
No ratings yet
MGT 61
13 pages
Cybersecurity
No ratings yet
Cybersecurity
3 pages
Advisory Cyber Attack
No ratings yet
Advisory Cyber Attack
4 pages
CYBERSECURITY
No ratings yet
CYBERSECURITY
4 pages
Cyber Security Guidelines For Govt Employees-Final Release-Page1
No ratings yet
Cyber Security Guidelines For Govt Employees-Final Release-Page1
5 pages
Netttttti
No ratings yet
Netttttti
2 pages
SOC-security Operations Center
No ratings yet
SOC-security Operations Center
43 pages
Cybersecurity
No ratings yet
Cybersecurity
2 pages
Cyber Security Measures by NSE
No ratings yet
Cyber Security Measures by NSE
3 pages
MGT Microproject 22203C0007
No ratings yet
MGT Microproject 22203C0007
6 pages
MAN Rep
No ratings yet
MAN Rep
6 pages
Section 12 Cybersecurity
No ratings yet
Section 12 Cybersecurity
16 pages
Cybersecuirty
No ratings yet
Cybersecuirty
3 pages
Cyber Risk Management Guidelines Issued by The DFSA
No ratings yet
Cyber Risk Management Guidelines Issued by The DFSA
3 pages
2023 NATO CCD COE Training Catalogue Final
No ratings yet
2023 NATO CCD COE Training Catalogue Final
87 pages
Cyber Security
No ratings yet
Cyber Security
1 page
Cybersecurity Best Practices For Organizations
No ratings yet
Cybersecurity Best Practices For Organizations
2 pages
CCSP Master Notes
No ratings yet
CCSP Master Notes
40 pages
Preserving Identity Leakage, Data Integrity and Data Privacy Using Blockchain in Education System (#1093787) - 2334092
No ratings yet
Preserving Identity Leakage, Data Integrity and Data Privacy Using Blockchain in Education System (#1093787) - 2334092
14 pages
Asis Physical Security Professional Actualtestdumps Actual Questions by Rich 12 12 2023 11qa
No ratings yet
Asis Physical Security Professional Actualtestdumps Actual Questions by Rich 12 12 2023 11qa
7 pages
Cyber Threat Intelligence Issue and Chal
No ratings yet
Cyber Threat Intelligence Issue and Chal
9 pages
ABB Industrial Software Ebook - Metals - 20220203
No ratings yet
ABB Industrial Software Ebook - Metals - 20220203
20 pages
Module 1
No ratings yet
Module 1
13 pages
Broken Authentication Owasp
No ratings yet
Broken Authentication Owasp
13 pages
ADMS 2511: Management Information Systems Session 3
No ratings yet
ADMS 2511: Management Information Systems Session 3
41 pages
Malware Detection Using Machine Learning: Vinay Kumar MIT2021091 Mentor:-Dr. Abhishek Vaish
No ratings yet
Malware Detection Using Machine Learning: Vinay Kumar MIT2021091 Mentor:-Dr. Abhishek Vaish
23 pages
JL Morission - VAPT - Proposal - REV
No ratings yet
JL Morission - VAPT - Proposal - REV
10 pages
Hacking Blind
No ratings yet
Hacking Blind
16 pages
Data Protection in Excel
No ratings yet
Data Protection in Excel
9 pages
Scanning Module Using Nmap Tool
No ratings yet
Scanning Module Using Nmap Tool
7 pages
Linux Manage User Group
No ratings yet
Linux Manage User Group
25 pages
Nmap Cheat Sheet
No ratings yet
Nmap Cheat Sheet
8 pages
Why Choose Cyber Security As A Career
No ratings yet
Why Choose Cyber Security As A Career
7 pages
Website Security 101: Real-World Examples, Tools & Techniques For Protecting & Securing Websites
100% (1)
Website Security 101: Real-World Examples, Tools & Techniques For Protecting & Securing Websites
12 pages
Homelan Security: By: Tim O'Neill The Oldcommguy
No ratings yet
Homelan Security: By: Tim O'Neill The Oldcommguy
9 pages
Steganography Seminar Report
No ratings yet
Steganography Seminar Report
20 pages
Intellect Armor Presentation
No ratings yet
Intellect Armor Presentation
18 pages
FRM Course Syllabus IPDownload
No ratings yet
FRM Course Syllabus IPDownload
2 pages
13v3 IT Security Responsibilities
No ratings yet
13v3 IT Security Responsibilities
4 pages
Attacks & Defense Mechanisms For TCP/ IP Based Protocols: January 2014
No ratings yet
Attacks & Defense Mechanisms For TCP/ IP Based Protocols: January 2014
8 pages
Cyber Security
No ratings yet
Cyber Security
2 pages
RESUME Manoj Kumar
No ratings yet
RESUME Manoj Kumar
3 pages
Industrial Cybersecurity
From Everand
Industrial Cybersecurity
Anand Shinde
No ratings yet
Fast-Track to Industrial IoT Success: Mastering the Essentials
From Everand
Fast-Track to Industrial IoT Success: Mastering the Essentials
Arthur Wang
No ratings yet
Data Protection 101: A Beginner's Guide to Digital Security
From Everand
Data Protection 101: A Beginner's Guide to Digital Security
Neil King
No ratings yet
Cybersecurity for Remote Workers
From Everand
Cybersecurity for Remote Workers
A.I Woolley
No ratings yet
Fortify Your Data: A Guide to the Emerging Technologies
From Everand
Fortify Your Data: A Guide to the Emerging Technologies
Michael A Hudak
No ratings yet
Hacking for Beginners: Mastery Guide to Learn and Practice the Basics of Computer and Cyber Security
From Everand
Hacking for Beginners: Mastery Guide to Learn and Practice the Basics of Computer and Cyber Security
Richard Dorsel
No ratings yet

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.