Cybercrime

Aeroflot cyberattack cripples Russian flights in major breach

A major cyberattack on Russia’s flagship airline Aeroflot has caused severe disruptions to flights, with hundreds of passengers stranded at airports. Responsibility was claimed by two hacker groups: Ukraine’s Silent Crow and the Belarusian hacktivist collective Belarus Cyber-Partisans.

The attack is among the most damaging cyber incidents Russia has faced since the full-scale invasion of Ukraine in February 2022. Past attacks disrupted government portals and large state-run firms such as Russian Railways, but most resumed operations quickly. This time, the effects were longer-lasting.

Social media showed crowds of delayed passengers packed into Moscow’s Sheremetyevo Airport, Aeroflot’s main hub. The outage affected not only Aeroflot but also its subsidiaries, Rossiya and Pobeda.

Most of the grounded flights were domestic. However, international services to Belarus, Armenia, and Uzbekistan were also cancelled or postponed due to the IT failure.

Early on Monday, Aeroflot issued a statement warning of unspecified problems with its IT infrastructure. The company alerted passengers that delays and disruptions were likely as a result.

Later, Russia’s Prosecutor’s Office confirmed that the outage was the result of a cyberattack. It announced the opening of a criminal case and launched an investigation into the breach.

Kremlin spokesperson Dmitry Peskov described the incident as ‘quite alarming’, admitting that cyber threats remain a serious risk for all major service providers operating at scale.

In a Telegram post, Silent Crow claimed it had maintained access to Aeroflot’s internal systems for over a year. The group stated it had copied sensitive customer data, internal communications, audio recordings, and surveillance footage collected on Aeroflot employees.

The hackers claimed that all of these resources had now either been destroyed or made inaccessible. ‘Restoring them will possibly require tens of millions of dollars. The damage is strategic,’ the group wrote.

Screenshots allegedly showing Aeroflot’s compromised IT dashboards were shared via the same Telegram channel. Silent Crow hinted it may begin publishing the stolen data in the coming days.

It added: ‘The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip — albeit without luggage and to the same destination.’

The Belarus Cyber-Partisans, who have opposed Belarusian President Alexander Lukashenko’s authoritarian regime for years, said the attack was carefully planned and intended to cause maximum disruption.

‘This is a very large-scale attack and one of the most painful in terms of consequences,’ said group coordinator Yuliana Shametavets. She told The Associated Press that the group spent months preparing the strike and accessed Aeroflot’s systems by exploiting several vulnerabilities.

The Cyber-Partisans have previously claimed responsibility for other high-profile hacks. In April 2024, they said they had breached the internal network of Belarus’s state security agency, the KGB.

Belarus remains a close ally of Russia. Lukashenko, in power for over three decades, has permitted Russia to use Belarusian territory as a staging ground for the invasion of Ukraine and to deploy tactical nuclear weapons on Belarusian soil.

Russia’s aviation sector has already faced repeated interruptions this summer, often caused by Ukrainian drone attacks on military or dual-use airports. Flights have been grounded multiple times as a precaution, disrupting passenger travel.

The latest cyberattack adds a new layer of difficulty, exposing the vulnerability of even the most protected elements of Russia’s transportation infrastructure. While the full extent of the data breach is yet to be independently verified, the implications could be long-lasting.

For now, it remains unclear how long it will take Aeroflot to fully restore services or what specific data may have been leaked. Both hacker groups appear determined to continue using cyber tools as a weapon of resistance — targeting Russia’s most symbolic assets.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Tea dating app suspends messaging after the major data breach

The women’s dating safety app Tea has suspended its messaging feature following a cyberattack that exposed thousands of private messages, posts and images.

The app, which helps women run background checks on men, confirmed that direct messages were accessed during the initial breach disclosed in late July.

Tea has 1.6 million users, primarily in the US. Affected users will be contacted directly and offered free identity protection services, including credit monitoring and fraud alerts.

The company said it is working to strengthen its security and will provide updates as the investigation continues. Some of the leaked conversations reportedly contain sensitive discussions about infidelity and abortion.

Experts have warned that the leak of both images and messages raises the risk of emotional harm, blackmail or identity theft. Cybersecurity specialists recommend that users accept the free protection services as soon as possible.

The breach affected those who joined the app before February 2024, including users who submitted ID photos that Tea had promised would be deleted after verification.

Tea is known for allowing women to check if a potential partner is married or has a criminal record, as well as share personal experiences to flag abusive or trustworthy behaviour.

The app’s recent popularity surge has also sparked criticism, with some claiming it unfairly targets men. As users await more information, experts urge caution and vigilance.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

India uses AI to catch crypto tax evaders

India’s Income Tax Department is using AI and data tools to identify tax evasion in cryptocurrency transactions. The government collected ₹437 crore in crypto taxes in 2022-2023 using machine learning and digital forensics to spot suspicious activity.

Tax authorities match deducted at source (TDS) data from crypto exchanges to improve compliance. The introduction of the Crypto-Asset Reporting Framework (CARF) also enables automated sharing of tax information, aligning India’s efforts with international tax agreements.

These moves mark a push for greater transparency in India’s digital asset market. Enhanced wallet visibility and automatic data exchange aim to reduce anonymity and curb tax evasion in the crypto space.

India continues to develop regulations focused on consumer protection, cross-border cooperation, and tax compliance, demonstrating a commitment to a more traceable and accountable crypto industry.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Trust in human doctors remains despite AI advancements

OpenAI CEO Sam Altman has stated that AI, especially ChatGPT, now surpasses many doctors in diagnosing illnesses. However, he pointed out that individuals still prefer human doctors because of the trust and emotional connection they provide.

Altman also expressed concerns about the potential misuse of AI, such as using voice cloning for fraud and identity theft. He emphasised the need for stronger privacy protections for sensitive conversations with AI tools like ChatGPT, noting that current standards are inadequate and should align with those for therapists.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

DOJ seizes $2.3 million Bitcoin from Chaos ransomware

The US Department of Justice has moved to seize over $2.3 million in Bitcoin tied to a member of the Chaos ransomware group. The funds, taken from a wallet linked to the individual known as ‘Hors’, are alleged to be proceeds of extortion and money laundering.

Chaos operates as a ransomware-as-a-service group, renting its malware to affiliates targeting Windows, Linux, and NAS systems. The group has been active since early 2025 and is known for encrypting victims’ data while demanding crypto payments under threat of public leaks.

US Federal agents accessed the wallet in April using a recovery seed phrase from an older Electrum platform and transferred the assets to a government-controlled address. The DOJ said the operation demonstrates growing success in disrupting ransomware-related crypto flows.

Despite the seizure, challenges remain as such groups evolve their tactics and benefit from the relative anonymity of decentralised platforms. Authorities stress that continued cross-agency cooperation and advances in blockchain forensics are essential in combating future threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US senator urges Musk to block Starlink use by Southeast Asian criminal networks

US Senator Maggie Hassan has called on SpaceX CEO Elon Musk to take immediate action against transnational criminal groups in Southeast Asia, which are allegedly using Starlink satellite internet to perpetrate massive online fraud schemes targeting American citizens.

In a letter seen by Reuters, the senator highlighted the growing role of Starlink in enabling so-called ‘scam compounds’ operated by criminal syndicates across Myanmar, Thailand, Cambodia, and Laos.

According to the US Treasury’s Financial Crimes Enforcement Network, the fraud networks have collectively cost Americans billions of dollars.

Senator Hassan emphasised that although SpaceX’s service rules allow for termination of access in cases of fraudulent activity, Starlink appears to remain active in regions where these scams flourish. She urged Musk to uphold SpaceX’s stated standards and take responsibility for cutting off illicit use of the service.

The scam compounds in question are more than just virtual hubs; reportedly, they are the sites of forced labour and human trafficking. Reports, including those from the UN, detail how hundreds of thousands of people have been trafficked into these centres, where they are coerced into operating elaborate online fraud schemes. These often target victims in the US and around the world through phishing messages, fake investment offers, and digital extortion.

The region has taken some steps to curb these operations. Since February, Thailand has actively disrupted resources such as electricity and internet to areas along its border with Myanmar, notably Myawaddy, where many scam centres are based. However, satellite services like Starlink can bypass these traditional infrastructure shutdowns, enabling fraud operations to persist despite regional crackdowns.

The criminal networks, many of which have roots in China, have also captured international attention due to high-profile cases. One such case was the January abduction of Chinese actor Wang Xing, who was kidnapped after arriving in Thailand and later rescued across the border in Myanmar by Thai authorities.

The incident further exposed these networks’ dangerous and organised nature, prompting broader calls for transnational cooperation and tech-sector accountability.

Source: Reuters

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

AI fuels new wave of global security breaches

Global corporations are under growing threat from increasingly sophisticated cyber attacks as AI tools boost the capabilities of malicious actors.

Allianz Life recently confirmed a breach affecting most of its 1.4 million North American customers, adding to a string of high-profile incidents this year.

Microsoft is also contending with the aftermath of a wide-scale intrusion, as attackers continue to exploit AI-driven methods to bypass traditional defences.

Cybersecurity firm DeepStrike reports that over 560,000 new malware samples are detected daily, underscoring the scale of the threat.

Each month in 2025 has brought fresh incidents. January saw breaches at the UN and Hewlett-Packard, while crypto lender zkLend lost $9.5 million to hackers in February.

March was marked by a significant attack on Elon Musk’s X platform, and Oracle lost six million data records.

April and May were particularly damaging for retailers and financial services. M&S, Harrods, and Coinbase were among the prominent names hit, with the latter facing a $20 million ransom demand. In June, luxury brands and media companies, including Cartier and the Washington Post, were also targeted.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Crypto hacks hit $3.1 billion by mid-2025

Cyberattacks and scams have already cost the crypto sector more than $3.1 billion in 2025, marking one of the most damaging years. Hacken’s mid-year report reveals that access control failures and social engineering tactics remain the primary culprits.

The most significant single incident occurred in Q1, when Bybit suffered a $1.5 billion breach, accounting for 83% of all Q1 losses. Access control weaknesses were responsible for around $1.83 billion, or 59% of funds lost across both DeFi and CeFi platforms.

Decentralised finance projects were hit particularly hard, with $300 million drained in Q2 alone. Smart contract vulnerabilities contributed to $263 million in losses, including a $223 million hit in the Cetus exploit.

Meanwhile, phishing scams reached new heights, with one incident in April involving a $330 million Bitcoin theft.

Q2 had fewer access breaches than Q1, but single leaks caused rapid, large-scale losses. Hacken’s report concludes that improved cybersecurity is essential for building trust and protecting innovation in the growing blockchain space.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Allianz breach affects most US customers

Allianz Life has confirmed a major cyber breach that exposed sensitive data from most of its 1.4 million customers in North America.

The attack was traced back to 16 July, when a threat actor accessed a third-party cloud system using social engineering tactics.

The cybersecurity breach affected a customer relationship management platform but did not compromise the company’s core network or policy systems.

Allianz Life acted swiftly by notifying the FBI and other regulators, including the attorney general’s office in Maine.

Those impacted are offered two years of credit monitoring and identity theft protection. The company has begun contacting affected individuals but declined to reveal the full number involved due to an ongoing investigation.

No other Allianz subsidiaries were affected by the breach. Allianz Life employs around 2,000 staff in the US and remains a key player within the global insurer’s North American operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Agentic AI forces rethink of cloud infrastructure

Cybersecurity experts warn that reliance on traditional firewalls and legacy VPNs may pose greater risks than protection. These outdated tools often lack timely updates, making them prime entry points for cyber attackers exploiting AI-powered techniques.

Many businesses depend on ageing infrastructure, unaware that unpatched VPNs and web servers expose them to significant cybersecurity threats. Experts urge companies to abandon these legacy systems and modernise their defences with more adaptive, zero-trust models.

Meanwhile, OpenAI’s reported plans for a productivity suite challenge Microsoft’s dominance, promising simpler interfaces powered by generative AI. The shift could reshape daily workflows by integrating document creation directly with AI tools.

Agentic AI, which performs autonomous tasks without human oversight, also redefines enterprise IT demands. Experts believe traditional cloud tools cannot support such complex systems, prompting calls to rethink cloud strategies for more tailored, resilient platforms.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!