The United States has charged Rostislav Panev, a Russian-Israeli dual citizen, for his alleged role as a developer for the Lockbit ransomware group, which authorities describe as one of the world’s most destructive cybercrime operations. Panev, arrested in Israel in August, awaits extradition.
Lockbit, active since 2019, targeted over 2,500 victims across 120 countries, including critical infrastructure and businesses, extorting $500 million. Recent arrests, guilty pleas, and international law enforcement efforts have significantly disrupted the group’s activities.
Experts say law enforcement actions have tarnished Lockbit’s reputation, reducing its attacks and deterring affiliates. Authorities emphasise the importance of holding cybercriminals accountable.
A US judge has ruled against Israel’s NSO Group in a lawsuit brought by WhatsApp, finding the spyware firm liable for hacking and breach of contract. The case, heard in Oakland, California, revolves around allegations that NSO exploited a vulnerability in WhatsApp to install Pegasus spyware, enabling unauthorised surveillance of 1,400 individuals. The court decision moves the case forward to determine damages.
Will Cathcart, head of WhatsApp, described the ruling as a triumph for privacy, emphasising the need for accountability in the spyware industry. WhatsApp expressed gratitude for support from various organisations and pledged continued efforts to safeguard private communications. Cybersecurity experts, including Citizen Lab’s John Scott-Railton, hailed the judgment as a pivotal moment for holding spyware companies accountable.
NSO argued that its Pegasus software serves to combat serious crime and threats to national security. However, the courts previously rejected claims of immunity, noting the company’s activities fell outside the protection of federal law. Appeals by NSO to higher courts, including the US Supreme Court, failed, paving the way for the trial to proceed.
The judgment signals a significant shift in how the spyware industry may be regulated, with implications for firms previously claiming they were not responsible for the misuse of their technology. Experts see it as a warning to surveillance companies that illegal actions will not go unchallenged.
Cryptocurrency theft reached $2.2bn (£1.76bn) in 2024, with North Korean hackers reportedly responsible for $1.3bn, according to a Chainalysis report. The total marks a 21% increase from 2023, though it remains lower than peak years.
The study highlights that hackers often target private keys used to access crypto platforms, causing severe losses for centralised exchanges. Significant breaches included a $300m theft from Japan‘s DMM Bitcoin and a $235m loss from India-based WazirX. Many attacks were linked to citizens of North Korea posing as remote IT workers.
The United States government has accused Pyongyang of using stolen funds to evade sanctions and finance weapons programmes. Recently, 14 North Koreans were indicted in a federal court for alleged extortion schemes, while the State Department announced a $5m reward for information on these activities.
During a freelancer meetup at Café Oz in Paris on 3 December, Scott Horlacher, a software engineer, found himself caught in a crypto scam. While discussing with two individuals who claimed to represent a new crypto exchange called Lainchain, Horlacher grew suspicious. The platform’s design and its request for users to input wallet seed phrases instead of standard security measures made Horlacher realise he was dealing with a scam.
After confronting the duo, they swiftly left the event. Horlacher, along with others, began to warn fellow attendees. A subsequent investigation by AMLBot, a blockchain forensics firm, revealed that Lainchain was a sophisticated phishing scam designed to steal personal and wallet information from users. The scam relied on fake identities and social engineering tactics to deceive victims.
Lainchain’s website appeared professional but was full of red flags, including the manipulation of wallet access and demands for seed phrases. The platform’s hosts were found to be connected to other fraudulent websites, and investigations showed their use of stolen identities to create false legitimacy. The scammers also exploited Telegram and other social media platforms to lure victims.
This case serves as a reminder of the growing threat of phishing scams in the crypto space. Users are urged to be cautious of any platform requesting private keys or seed phrases and to verify the legitimacy of any crypto-related website or service before engaging with it.
Ukraine‘s Deputy Prime Minister Olha Stefanishyna announced that Russia launched a large-scale cyberattack on Thursday, temporarily crippling the country’s state registries. These registries contain essential citizen data, including information on births, deaths, marriages, and property ownership. The attack forced a suspension of services managed by the Ministry of Justice.
Stefanishyna described the incident as a deliberate attempt by Russia to disrupt Ukraine’s critical infrastructure. While restoration efforts are expected to take about two weeks, some services will resume on Friday. Other state functions appear to be unaffected.
This is the latest in a series of cyberattacks during the ongoing war, including a December 2023 assault on Ukrainian telecom provider Kyivstar and previous attacks on Russian ministries. Ukrainian authorities plan to conduct a thorough investigation to bolster defences against future cyber threats.
A former vice president of finance at Delphi Digital has been sentenced to four years in jail after admitting to embezzling nearly $4.5 million from the cryptocurrency research company. Dylan Meissner will also serve two years of supervised release and must repay more than $4.6 million, including funds he stole and an unpaid loan.
The Connecticut District Court found that Meissner, who managed Delphi’s finances between October 2021 and November 2022, accessed the company’s crypto wallets and bank accounts to steal millions. He also fabricated financial records to cover up the theft. In one instance, he took a 50 Ether loan worth $170,000 but failed to repay it, marking the start of his fraudulent activities.
Prosecutors argued that Meissner’s actions were part of a calculated scheme, not a reckless act of desperation. Though his defence cited substance abuse and efforts to atone for his actions, the court noted the sustained nature of his crimes. Meissner pleaded guilty to wire fraud as part of a deal and will report to jail in February 2025.
A panel discussion at the Internet Governance Forum (IGF) raised serious concerns over the UN Cybercrime Treaty and its potential to undermine human rights. Experts from organisations such as Human Rights Watch and the Electronic Frontier Foundation criticised the treaty’s broad scope and lack of clear safeguards for individual freedoms. They warned that the treaty’s vague language, particularly around what constitutes a ‘serious crime,’ could empower authoritarian regimes to exploit its provisions for surveillance and repress dissent.
Deborah Brown from Human Rights Watch and Veridiana Alimonti of the Electronic Frontier Foundation shared examples from Saudi Arabia and Latin America, where existing cybercrime and anti-terrorism laws have already been used to target journalists and activists. The panelists expressed concern that the treaty could exacerbate these abuses globally, especially for cybersecurity professionals and civil society.
Fionnuala Ni Aolain, a former UN Special Rapporteur on counterterrorism and human rights, emphasised that the treaty’s provisions could lead to criminalising the vital work of cybersecurity researchers. She joined other experts in urging policymakers and industry leaders to resist ratification in its current form. They called for upcoming protocol negotiations to address these human rights gaps and for greater involvement of civil society voices to prevent the treaty from becoming a tool for transnational repression.
Discussions at the IGF 2024 in Riyadh shed light on growing challenges to freedom of expression in Africa and the Middle East. Experts from diverse organisations highlighted how restrictive cybercrime legislation and content regulation have been used to silence dissent, marginalise communities, and undermine democracy. Examples from Tunisia and Nigeria revealed how critics and activists often face criminalisation under these laws, fostering fear and self-censorship.
Panellists included Annelies Riezebos from the Dutch Ministry of Foreign Affairs, Jacqueline Rowe of the University of Edinburgh, Adeboye Adegoke from Paradigm Initiative, and Aymen Zaghdoudi of AccessNow. They discussed the negative effects of vague cybercrime regulations and overly broad restrictions on online speech, which frequently suppress political discourse. Maria Paz Canales from Global Partners Digital added that content governance frameworks need urgent reform to balance addressing online harms with protecting fundamental rights.
The speakers emphasised that authoritarian values are being enforced through legislation that criminalises disinformation and imposes ambiguous rules on online platforms. These measures, they argued, contribute to a deteriorating climate for free expression across the region. They also pointed out the need for online platforms to adopt responsible content moderation practices while resisting pressures to conform to repressive local laws.
Panellists proposed several strategies to counter these trends, including engaging with parliamentarians, building capacity among legal professionals, and ensuring civil society’s involvement during the early stages of policy development. The importance of international collaboration was underlined, with the UN Cybercrime Treaty cited as a key opportunity for collective advocacy against repressive measures.
Participants also stressed the urgency of increased representation of Global South organisations in global policy discussions. Flexible funding for civil society initiatives was described as essential for supporting grassroots efforts to defend digital rights. Such funding would enable local groups to challenge restrictive laws effectively and amplify their voices in international debates.
The event concluded with a call for multi-stakeholder approaches to internet governance. Collaborative efforts involving governments, civil society, and online platforms were deemed critical to safeguarding freedom of expression. The discussions underscored the pressing need to balance addressing legitimate online harms with protecting democratic values and the voices of vulnerable communities.
All transcripts from the Internet Governance Forum sessions can be found on dig.watch.
US authorities are weighing a potential ban on TP-Link Technology Co., a Chinese router manufacturer, over national security concerns, following reports linking its home internet routers to cyberattacks. According to the Wall Street Journal, the US government is investigating whether TP-Link routers could be used in cyber operations targeting the US, citing concerns raised by lawmakers and intelligence agencies.
In August, two US lawmakers urged the Biden administration to examine TP-Link and its affiliates for possible links to cyberattacks, highlighting fears that the company’s routers could be exploited in future cyber operations. The Commerce, Defence, and Justice departments have launched separate investigations into the company, with reports indicating that a ban on the sale of TP-Link routers in the US could come as early as next year. As part of the investigations, the Commerce Department has reportedly subpoenaed the company.
TP-Link has been under scrutiny since the US Cybersecurity and Infrastructure Agency (CISA) flagged vulnerabilities in the company’s routers, that could potentially allow remote code execution. This comes amid heightened concerns that Chinese-made routers could be used by Beijing to infiltrate and spy on American networks. The US government, along with its allies and Microsoft, has also uncovered a Chinese government-linked hacking campaign, Volt Typhoon, which targeted critical US infrastructure by taking control of private routers.
The Commerce, Defence, and Justice departments, as well as TP-Link, did not immediately respond to requests for comment.
The US Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on two individuals and a company based in the United Arab Emirates (UAE) for allegedly aiding North Korea’s use of digital assets in illegal activities.
The sanctions target Lu Huaying and Zhang Jian, along with Green Alpine Trading, LLC, a front company linked to a broader scheme of money laundering. These actions aim to disrupt a network that, according to US authorities, funnels millions of dollars to North Korea’s nuclear weapons and missile programs.
North Korea has a history of using digital assets and cybercrimes to fund its military efforts, employing IT workers and hackers to generate funds that are often obscured through complex laundering operations. The sanctions focus on Sim Hyon Sop, a representative of North Korea’s state-run Korea Kwangson Banking Corporation, who has been previously sanctioned. Sim is accused of using a mix of cryptocurrency cash-outs and money mules to move funds back to the regime for its military projects.
Under the new sanctions, any property owned by the designated individuals or entities in the US is blocked, and US citizens and companies are prohibited from engaging in transactions with them. Non-compliance could lead to further enforcement actions, even against those outside the US. The move reflects a coordinated effort with the UAE to combat North Korea’s destabilizing activities. It highlights the importance of international cooperation in tackling illicit financial networks that exploit new technologies, including cryptocurrencies.
