Sensitive personal and medical data from millions of Star Health customers, India’s largest standalone health insurer, has been leaked and made accessible through chatbots on Telegram. This breach exposes names, phone numbers, addresses, and even medical diagnoses. The stolen data, amounting to 7.24 terabytes, includes over 31 million records and is being sold via these chatbots. Despite the insurer’s initial claims that there was no widespread compromise, numerous policy and claims documents have been publicly available for weeks. Victims were not notified of the breach, even though their private details were openly traded.
Telegram, known for its rapid growth fueled by customisable chatbots, is under heightened scrutiny as these bots become tools for cybercriminals. Even with Telegram’s attempts to remove them, new bots emerge, offering stolen data. This situation underscores the ongoing difficulties Indian companies face in protecting sensitive information as hackers increasingly exploit modern platforms for illicit activities.
Star Health has informed local authorities about the breach, but millions of customers remain vulnerable to identity theft and fraud. This incident highlights major concerns about the safety of sensitive information in India’s digital landscape, emphasising the urgent need for stronger data protection laws and cybersecurity measures.
Brazilian authorities have uncovered a massive cryptocurrency money laundering operation worth $9.7 billion, leading to multiple arrests across major cities, including São Paulo, Fortaleza, and Brasília. The investigation, named ‘Operation Niflheim,’ targeted suspects believed to be laundering funds from drug trafficking and smuggling through crypto assets.
Officials executed 23 search warrants and arrested eight individuals, focusing on a network of companies accused of moving billions using shell firms, tax dodgers, and foreign exchange companies. Investigators discovered that over half of the deposits were linked to individuals with criminal backgrounds, highlighting the extensive use of cryptocurrencies in illegal activities.
The Federal Police have also frozen more than $1.58 billion in bank and crypto exchange accounts as part of the operation. The investigation, ongoing since 2021, underscores the growing role of cryptocurrencies in facilitating financial crimes in Brazil.
China’s Ministry of National Security has accused a Taiwan-based hacking group, Anonymous 64, of orchestrating cyberattacks aimed at discrediting China’s political system. According to a blog post from the ministry, the group, allegedly tied to Taiwan’s military cyberwarfare division, has been targeting Chinese websites, outdoor screens, and television stations to broadcast content undermining mainland policies. In response, Taiwan’s defence ministry dismissed the accusations, claiming China is the natural source of cyber harassment, regularly attempting to destabilise the democratic island.
The allegations are the latest chapter in the escalating tensions between China and Taiwan. China, which claims sovereignty over Taiwan, has ramped up military and political pressure on the island in recent years. Taiwan, in turn, accuses Beijing of spreading disinformation and carrying out cyberattacks. Taiwan’s Information, Communications, and Electronic Force Command responded to China’s claims, asserting that the Chinese government’s military forces are instigating regional instability through ongoing harassment efforts.
The hacking group, which surfaced on X (formerly Twitter) in mid-2023, has posted screenshots of their alleged efforts to infiltrate Chinese media. One video shared by Anonymous 64 featured a masked member likening China’s President Xi Jinping to an emperor, along with footage referencing past protests in China, including the Tiananmen Square demonstrations. However, China contends that many websites the group claimed to have hacked were fake or photoshopped, with minimal online traffic.
As part of its crackdown, China has opened investigations into Taiwan’s cyberwarfare tea members. It has called on citizens to report cyberattacks or anti-China propaganda, urging people to avoid spreading unverified information online. Despite the accusations, it remains unclear whether Anonymous 64 has any ties to the international hacking collective Anonymous or if their alleged actions have been as far-reaching as claimed.
German authorities have shut down 47 cryptocurrency exchange services in a major crackdown on illegal money laundering. The Federal Criminal Police Office (BKA) and the Central Office for Combating Internet Crime led the operation, targeting platforms that allowed users to exchange conventional currencies and cryptocurrencies without verifying their identities. These services bypassed the ‘know-your-customer’ (KYC) rules, enabling users to trade cryptocurrencies like Bitcoin and Ethereum quickly and anonymously.
Criminals reportedly used these exchanges to conceal the origins of illicit funds, often obtained through dark web drug sales or ransomware attacks. As part of the operation on 20 August, authorities confiscated 13 crypto ATMs and seized nearly $28 million in cash from 35 locations across Germany. Financial watchdog BaFin led the raids, targeting machines operating without the necessary licences, which posed significant money laundering risks.
The closure of these exchanges is part of a wider effort to disrupt cybercrime networks. Investigators managed to secure vital user and transaction data, which could assist in future money-laundering investigations. It follows earlier German crackdowns, including the seizure of ChipMixer, a platform involved in laundering €90 million in crypto.
Microsoft researchers have uncovered a Russian disinformation operation that falsely accused United States Democratic presidential candidate Kamala Harris of leaving a 13-year-old girl paralysed in a hit-and-run incident in 2011. The operation, led by a Kremlin-linked group called Storm-1516, used actors and fabricated news outlets, including a fake site called ‘KBSF-TV’, to spread the baseless claim. The hoax was widely shared on social media, gaining millions of views.
The disinformation effort is part of a broader Russian campaign to interfere with the upcoming US presidential election. After initial difficulties shifting focus following President Biden’s withdrawal from the 2024 race, Russian actors have targeted Harris and her running mate, Tim Walz, with fabricated conspiracy theories. The false claim against Harris was amplified on social media by pro-Russian figures, including Aussie Cossack, who encouraged MAGA supporters to spread the misinformation.
Microsoft‘s investigation highlights how Storm-1516 produces misleading videos featuring actors impersonating journalists or whistleblowers. The hit-and-run story gained traction online, particularly on X.com, where it was shared by key figures within the pro-Russian ecosystem. The US Justice Department has also recently charged two Russian state media employees with money laundering, linked to efforts to influence the election.
US officials believe Russia’s goal is to deepen political divisions within the country and undermine public support for military aid to Ukraine. Kamala Harris has stated her intention to continue supporting Ukraine’s defence against Russia‘s invasion if elected.
A group of crypto scammers appears to have missed out on a major payday after hacking several high-profile social media accounts on 18 September, only to walk away with just a few thousand dollars. The compromised accounts, including Lenovo India, Yahoo News UK, and film director Oliver Stone, were used to promote a Solana-based memecoin called HACKED.
The hackers took an unusual approach by openly admitting the accounts had been breached and encouraging followers to invest in the token, claiming they could all profit together. However, this tactic backfired. Blockchain investigator ZachXBT revealed that top traders made less than $1,000, and the scammers only earned about $8,000 after removing liquidity from the coin.
Despite the initial pump, the HACKED token quickly collapsed, with its market cap falling to just $3,100. ZachXBT speculated that the affected accounts may have granted permissions to the same site or app, reminding users to review their connected apps for security. This is the latest instance of hackers targeting social media accounts to promote dodgy cryptocurrencies.
Australian authorities have charged a Sydney man with creating and managing an encrypted messaging app, Ghost, allegedly used by global crime networks. The man, 32, was arrested in western Sydney and appeared in court on Wednesday, facing multiple charges related to the platform’s role in organised crime. Ghost is said to have been used by syndicates from Australia, the Middle East, and South Korea for drug trafficking and contract killings.
Police, in collaboration with international forces, carried out extensive raids across Australia and beyond, with searches also conducted in Italy, Ireland, Sweden, and Canada. Up to 50 Australians allegedly involved with Ghost are now facing charges, with significant prison terms expected. More arrests are anticipated in both Australia and abroad.
Authorities have made a breakthrough by cracking Ghost’s encryption, preventing the deaths or serious injuries of 50 individuals in Australia. This marks the first time an Australian has been accused of running a global criminal messaging platform, a major milestone in the country’s fight against organised crime.
The Australian Federal Police Deputy Commissioner highlighted the complex nature of dismantling encrypted communication platforms. The success in accessing evidence from Ghost represents a major achievement in efforts to disrupt global criminal activity.
Tanzanian President Samia Suluhu Hassan has called for the integration of AI into the strategies of the Tanzania Police Force to address the escalating threat of cybercrime. Speaking at the 2024 Annual Senior Police Officers’ Meeting and the 60th Anniversary of the Tanzania Police Force, President Samia emphasised that in today’s digital age, leveraging advanced technology is crucial for effectively combating online threats. She highlighted the necessity for the police to adapt technologically to stay ahead of sophisticated cybercriminals, underlining the importance of embracing these advancements.
In her address, President Samia also drew attention to a troubling surge in cybercrime, with incidents increasing by 36.1% from 2022 to 2023. She noted that crimes such as fraud, false information dissemination, pornography distribution, and harassment have become more prevalent, with offenders frequently operating from outside Tanzania. The President’s remarks underscore the urgency of adopting advanced technological tools to address these growing challenges effectively and to enhance the police’s capability to counteract such threats.
Furthermore, President Samia emphasised the need to maintain peace and stability during the upcoming local government and general elections. She tasked the police with managing election-related challenges, including defamatory statements and misinformation, without resorting to internet shutdowns. President Samia underscored that while elections are temporary, safeguarding a stable environment is essential for ongoing development and progress by stressing the importance of preserving national peace amidst political activities.
The US Federal Bureau of Investigation has disrupted another major Chinese hacking group, dubbed ‘Flax Typhoon,’ which had compromised thousands of devices globally. The FBI and officials from several allied countries accused a Chinese company, the Integrity Technology Group, of running the operation under the guise of an IT firm. FBI Director Christopher Wray revealed that the group was gathering intelligence and conducting surveillance for Chinese security agencies, targeting critical infrastructure as well as corporations, media organisations, and universities.
Cybersecurity officials from the UK, Canada, Australia, and New Zealand also joined the US in condemning the hacking group, noting that over 250,000 devices had been compromised as of June. The operation involved hijacking devices through a botnet—a network of infected cameras and storage devices—and was reportedly part of China’s broader cyber-sabotage efforts. Flax Typhoon’s activities mirrored those of another China-backed group, Volt Typhoon, which has been scrutinised for targeting US infrastructure.
The Chinese Embassy in Washington denied the accusations, claiming that the US had made baseless allegations. Despite China’s dismissal, the FBI remains firm, with Wray emphasising that this takedown is only one part of a longer struggle to counter Chinese cyberattacks. The operation faced some retaliation from the hackers, who launched a cyberattack in response but eventually retreated, leaving the FBI in control of the botnet’s infrastructure.
The American Cybersecurity and Infrastructure Security Agency (CISA) has introduced the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan, a key initiative designed to enhance federal cybersecurity across over 100 FCEB agencies. That plan establishes a framework for coordinated support and services, aiming to reduce cyber risks through a unified defence strategy.
The FOCAL Plan prioritises five key areas to advance operational cybersecurity: Asset Management, which focuses on understanding and managing the cyber environment and interconnected assets; Vulnerability Management, aimed at proactively protecting against threats and assessing defensive capabilities; Defensible Architecture, which emphasises building resilient infrastructure; Cyber Supply Chain Risk Management (C-SCRM), to identify and mitigate risks from third parties; and Incident Detection and Response, designed to enhance Security Operations Centers (SOCs) in managing and limiting the impact of security incidents.
The US Cybersecurity and Infrastructure Security Agency (CISA) also notes that while the FOCAL Plan is tailored for federal agencies, it provides valuable insights for public and private sector organisations. It is a practical guide for developing effective cybersecurity strategies and improving coordination across enterprise security capabilities. Rather than offering an exhaustive checklist, the FOCAL Plan prioritises key actions that will drive significant advancements in cybersecurity and alignment goals within the federal sector.
