Cybercrime

Sedgwick breach linked to TridentLocker ransomware attack

Sedgwick has confirmed a data breach at its government-focused subsidiary after the TridentLocker ransomware group claimed responsibility for stealing 3.4 gigabytes of data. The incident underscores growing threats to federal contractors handling sensitive US agency information.

The company said the breach affected only an isolated file transfer system used by Sedgwick Government Solutions, which serves agencies such as DHS, ICE, and CISA. Segmentation reportedly prevented any impact on wider corporate systems or ongoing client operations.

TridentLocker, a ransomware-as-a-service group that appeared in late 2025, listed Sedgwick Government Solutions on its dark web leak site and posted samples of stolen documents. The gang is known for double-extortion tactics, combining data encryption and public exposure threats.

Sedgwick has informed US law enforcement and affected clients while continuing to investigate with external cybersecurity experts. The firm emphasised operational continuity and noted no evidence of intrusion into its claims management servers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Researchers launch AURA to protect AI knowledge graphs

A novel framework called AURA has been unveiled by researchers aiming to safeguard proprietary knowledge graphs in AI systems by deliberately corrupting stolen copies with realistic yet false data.

The approach is designed to preserve full utility for authorised users while rendering illicit copies ineffective instead of relying solely on traditional encryption or watermarking.

AURA works by injecting ‘adulterants’ into critical nodes of knowledge graphs, chosen using advanced algorithms to minimise changes while maximising disruption for unauthorised users.

Tests with GPT-4o, Gemini-2.5, Qwen-2.5, and Llama2-7B showed that 94–96% of correct answers in stolen data were flipped, while authorised access remained unaffected.

The framework protects valuable intellectual property in sectors such as pharmaceuticals and manufacturing, where knowledge graphs power advanced AI applications.

Unlike passive watermarking or offensive poisoning, AURA actively degrades stolen datasets, offering robust security against offline and private-use attacks.

With GraphRAG applications proliferating, major technology firms, including Microsoft, Google, and Alibaba, are evaluating AURA to defend critical AI-driven knowledge.

The system demonstrates how active protection strategies can complement existing security measures, ensuring enterprises maintain control over their data in an AI-driven world.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Healthcare systems face mounting risk from CrazyHunter ransomware

CrazyHunter ransomware has emerged as a growing threat to healthcare organisations, with repeated attacks targeting hospitals and medical service providers. The campaign focuses on critical healthcare infrastructure, raising concerns about service disruption and the exposure of sensitive patient data.

The malware is developed in Go and demonstrates a high level of technical maturity. Attackers gain initial access by exploiting weak Active Directory credentials, then use Group Policy Objects to distribute the ransomware rapidly across compromised networks.

Healthcare institutions in Taiwan have been among the most affected, with multiple confirmed incidents reported by security researchers. The pattern suggests a targeted campaign rather than opportunistic attacks, increasing pressure on regional healthcare providers to strengthen defences.

Once deployed, CrazyHunter turns off security tools and encrypts files to conceal its activity. Analysts note the use of extensive evasion techniques, including memory-based execution and redundant encryption methods, to ensure the delivery of the payload.

CrazyHunter employs a hybrid encryption scheme that combines ChaCha20 and elliptic curve cryptography, utilising partial file encryption to expedite the impact. Encrypted files receive a ‘.Hunter’ extension, with recovery dependent on the attackers’ private keys, reinforcing the pressure to pay ransoms.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New UK cyber strategy focuses on trust in online public services

The UK government has announced new measures to strengthen the security and resilience of online public services as more interactions with the state move online. Ministers say public confidence is essential as citizens increasingly rely on digital systems for everyday services.

Backed by more than £210 million, the UK Government Cyber Action Plan outlines how cyber defences and digital resilience will be improved across the public sector. A new Government Cyber Unit will coordinate risk identification, incident response, and action on complex threats spanning multiple departments.

The plan underpins wider efforts to digitise public services, including benefits applications, tax payments, and healthcare access. Officials argue that secure systems can reduce bureaucracy and improve efficiency, but only if users trust that their data is protected.

The announcement coincides with parliamentary debate on the Cyber Security and Resilience Bill, which sets clearer expectations for companies supplying services to the government. The legislation is intended to strengthen cyber resilience across critical supply chains.

Ministers also highlighted new steps to address software supply chain risks, including a Software Security Ambassador Scheme promoting basic security practices. The government says stronger cyber resilience is essential to protect public services and maintain public trust.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Data breach exposes users of major patient portal ManageMyHealth

More than 108,000 users of ManageMyHealth may have had their information exposed following a data breach affecting one of the country’s largest patient portals. The incident occurred on Wednesday and is believed to have affected between 6% and 7% of the platform’s 1.8 million registered users.

ManageMyHealth said affected users will be contacted within 48 hours with details about whether and how their data was accessed. Chief executive Vino Ramayah said the company takes the protection of health information extremely seriously and acknowledged the stress such incidents can cause.

He confirmed that the Office of the Privacy Commissioner has been notified and is working with the company to meet legal obligations.

Health Minister Simeon Brown described the breach as concerning but stated that there was no evidence to suggest that Health New Zealand systems, including My Health Account, had been compromised. He added that health services were continuing to operate as normal and that there had been no clinical impact on patient care.

Health New Zealand said it is coordinating with the National Cyber Security Centre and other agencies to understand the scope of the breach and ensure appropriate safeguards are in place.

Officials stressed expectations around security standards, transparency and clear communication, while ongoing engagement with primary care providers and GPs continues.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Google sues group behind mass scam texts

Google has filed a lawsuit against a Chinese-speaking cybercriminal network it says is behind a large share of scam text messages targeting people in the United States. The company says the legal action is aimed at disrupting the group’s online infrastructure rather than seeking damages.

According to the complaint, the group, known as Darcula, develops and sells phishing software that allows scammers to send mass text messages posing as trusted organisations such as postal services, government agencies, or online platforms. The tools are designed to be easy to use, enabling people with little technical expertise to run large-scale scams.

Google says the software has been used by hundreds of scam operators to direct victims to fake websites where credit card details are stolen. The company estimates that hundreds of thousands of payment cards have been compromised globally, with tens of thousands linked to victims in the United States.

The lawsuit asks a US court to grant Google the authority to seize and shut down websites connected to the operation, a tactic technology companies increasingly use when criminal networks operate in countries beyond the reach of US law enforcement. Investigations by journalists and cybersecurity researchers suggest the group operates largely in Chinese and has links to individuals based in China and other countries.

The case highlights the growing scale of text-based fraud in the US, where cybercrime losses continue to rise sharply. Google says it will continue combining legal action with technical measures to limit the reach of large scam networks and protect users from increasingly sophisticated phishing campaigns.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Hawaii warns residents about phishing using fake government sites

State officials have warned the public about a phishing campaign using the fake domain codify.inc to impersonate official government websites. Cybercriminals aim to steal personal information and login credentials from unsuspecting users.

Several state agencies are affected, including the departments of Labor and Industrial Relations, Education, Health, Transportation, and many others. Fraudulent websites often mimic official URLs, such as dlir.hi.usa.codify.inc, and may use AI-based services to entice users.

Residents are urged to verify website addresses carefully. Official government portals will always end in .gov, and any other extensions like .inc or .co are not legitimate. Users should type addresses directly into their browsers rather than clicking links in unsolicited emails or texts.

Suspicious websites should be reported to the State of Hawaii at soc@hawaii.gov to help protect other residents from falling victim to the scam.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AI malware emerges as major cybersecurity threat

Cybersecurity experts are raising alarms as AI transitions from a theoretical concern to an operational threat. The H2 2025 ESET Threat Report shows AI-powered malware is now targeting systems globally, raising attack sophistication.

PromptLock, the first AI-driven ransomware, uses a dual-component system to generate unique scripts for each target. The malware autonomously decides to exfiltrate, encrypt, or destroy data, using a feedback loop to ensure reliable execution.

Other AI threats include PromptFlux, which rewrites malware for persistence, and PromptSteal, which harvests sensitive files. These developments highlight the growing capabilities of attackers using machine learning models to evade traditional defences.

The ransomware-as-a-service market is growing, with Qilin, Akira, and Warlock using advanced evasion techniques. The convergence of AI-driven malware and thriving ransomware economies presents an urgent challenge for organisations globally.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Scam texts impersonating Illinois traffic authorities spread

Illinois Secretary of State Alexi Giannoulias has warned residents to stay alert for fraudulent text messages claiming unpaid traffic violations or tolls. Officials say the messages are part of a phishing campaign targeting Illinois drivers.

The scam texts typically warn recipients that their vehicle registration or driving privileges are at risk of suspension. The messages urge immediate action via links that steal money or personal information.

The Secretary of State’s office said it sends text messages only to remind customers about scheduled DMV appointments. It does not communicate by text about licence status, vehicle registration issues, or enforcement actions.

Officials advised residents not to click on links or provide personal details in response to such messages. The texts are intended to create fear and pressure victims into acting quickly.

Residents who receive scam messages are encouraged to report them to the Federal Trade Commission through its online fraud reporting system.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Romania’s Oltenia Energy Complex reports a serious ransomware breach

A ransomware attack has disrupted the Oltenia Energy Complex, Romania’s largest coal-based power producer, after hackers encrypted key IT systems in the early hours of 26 December.

The state-controlled company confirmed that the Gentlemen ransomware strain locked corporate files and disabled core services, including ERP platforms, document management tools, email and the official website.

The organisation isolated affected infrastructure and began restoring services from backups on new systems instead of paying a ransom. Operations were only partially impacted and officials stressed that the national energy system remained secure, despite the disruption across business networks.

A criminal complaint has been filed. Additionally, both the National Directorate of Cyber Security of Romania and the Ministry of Energy have been notified.

Investigators are still assessing the scale of the breach and whether sensitive data was exfiltrated before encryption. The Gentlemen ransomware group has not yet listed the energy firm on its dark-web leak site, a sign that negotiations may still be underway.

An attack that follows a separate ransomware incident that recently hit Romania’s national water authority, underlining the rising pressure on critical infrastructure organisations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!