Critical infrastructure

UK plans new laws to tackle undersea cable sabotage

The UK government’s evolving defence and security policies aim to close legal gaps exposed by modern threats such as cyberattacks and sabotage of undersea cables. As set out in the recent Strategic Defence Review, ministers plan to introduce a new defence readiness bill to protect critical subsea infrastructure better and prepare for hostile acts that fall outside traditional definitions of war.

The government is also considering revising the outdated Submarine Telegraph Act of 1885, whose penalties, last raised in 1982 to £1,000, are now recognised as inadequate. Instead of merely increasing fines, officials from the Ministry of Defence and the Department for Science, Innovation and Technology intend to draft comprehensive legislation that balances civil and military needs, clarifies how to prosecute sabotage, and updates the UK’s approach to national defence in the digital age.

These policy initiatives reflect growing concern about ‘grey zone’ threats—deliberate acts of sabotage or cyber aggression that stop short of open conflict yet pose serious national security risks. Recent suspected sabotage incidents, including damage to subsea cables connecting Sweden, Latvia, Finland, and Estonia, have highlighted how vulnerable undersea infrastructure remains.

Investigations have linked several of these operations to Russian and Chinese interests, emphasising the urgency of modernising UK law. By updating its legislative framework, the UK government aims to ensure it can respond effectively to attacks that blur the line between peace and conflict, safeguarding both national interests and critical international data flows.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Chinese-linked hackers target French state in Ivanti exploit campaign

A sophisticated cyber campaign linked to Chinese threat actors has targeted French government, defence and media organisations by exploiting zero-day vulnerabilities in Ivanti’s server software, France’s national cyber agency has revealed.

The French National Agency for Information Systems Security (ANSSI) reported that attackers exploited flaws in an end-of-life version of Ivanti’s Cloud Services Appliance. Victims include public agencies, telecoms, finance firms and media outlets. ANSSI dubbed the threat ‘Houken.’

Hackers used tools developed by Chinese-speaking actors, operated during Chinese working hours and pursued both espionage and financial gain. In one case, they deployed a cryptominer—an unusual move for state-linked actors.

The campaign that targeted France relied on chaining Ivanti zero-days (CVE-2024-8190, CVE-2024-9380 and CVE-2024-8963) to deploy a novel rootkit. Attackers then used webshells, fileless backdoors, and anonymising services like NordVPN.

ANSSI noted similarities to activity by UNC5174, a Chinese initial access broker tracked by Mandiant. This actor, also known as ‘Uteus,’ reportedly works with the Ministry of State Security in China.

Evidence suggests that Houken not only sells access to compromised networks but also carries out direct data exfiltration. One victim included the foreign ministry of a South American country.

The Paris Prosecutor’s Office is investigating a possible botnet linked to Chinese state hackers, though it’s unclear if it’s connected to Houken.

ANSSI warns that both Houken and UNC5174 are still active and likely to continue exploiting exposed infrastructure worldwide.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU races to catch up in quantum tech amid cybersecurity fears

The European Union is ramping up efforts to lead in quantum computing, but cybersecurity experts warn that the technology could upend digital security as we know it.

In a new strategy published Wednesday, the European Commission admitted that Europe trails the United States and China in commercialising quantum technology, despite its strong academic presence. The bloc is now calling for more private investment to close the gap.

Quantum computing offers revolutionary potential, from drug discovery to defence applications. But its power poses a serious risk: it could break today’s internet encryption.

Current digital security relies on public key cryptography — complex maths that conventional computers can’t solve. But quantum machines could one day easily break these codes, making sensitive data readable to malicious actors.

Experts fear a ‘store now, decrypt later’ scenario, where adversaries collect encrypted data now and crack it once quantum capabilities mature. That could expose government secrets and critical infrastructure.

The EU is also concerned about losing control over homegrown tech companies to foreign investors. While Europe leads in quantum research output, it only receives 5% of global private funding. In contrast, the US and China attract over 90% combined.

European cybersecurity agencies published a roadmap for transitioning to post-quantum cryptography to address the threat. The aim is to secure critical infrastructure by 2030 — a deadline shared by the US, UK, and Australia.

IBM recently said it could release a workable quantum computer by 2029, highlighting the urgency of the challenge. Experts stress that replacing encryption is only part of the task. The broader transition will affect billions of systems, requiring enormous technical and logistical effort.

Governments are already reacting. Some EU states have imposed export restrictions on quantum tech, fearing their communications could be exposed. Despite the risks, European officials say the worst-case scenarios are not inevitable, but doing nothing is not an option.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

DeepSeek gains business traction despite security risks

Chinese AI company DeepSeek is gaining traction in global markets despite growing concerns about national security.

While government bans remain in place across several countries, businesses are turning to DeepSeek’s models for low cost and firm performance, often ranking just behind OpenAI’s ChatGPT and Google’s Gemini in traffic and market share.

DeepSeek’s appeal lies in its efficiency. With advanced engineering techniques like its ‘mixture-of-experts’ system, the company has reduced computing costs by activating fewer parameters without a noticeable drop in performance.

Training costs have reportedly been as low as $5.6 million — a fraction of what rivals like Anthropic spend. As a result, DeepSeek’s models are now available across major platforms, including AWS, Azure, Google Cloud, and even open-source repositories like GitHub and Hugging Face.

However, the way DeepSeek is accessed matters. While companies can safely self-host the models in private environments, using the mobile app or website means sending data to Chinese servers, a key reason for widespread bans on public-sector use.

Individual consumers often lack the technical control enterprises enjoy, making their data more vulnerable to foreign access.

Despite the political tension, demand continues to grow. US firms are exploring DeepSeek as a cost-saving alternative, and its models are being deployed in industries from telecoms to finance.

Even Perplexity, an American AI firm, has used DeepSeek R1 to power a research tool hosted entirely on Western servers. DeepSeek’s open-source edge and rapid technical progress are helping it close the gap with much larger AI competitors — quietly but significantly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S eyes full online recovery by august after cyberattack

Marks & Spencer (M&S) expects its full online operations to be restored within four weeks, following a cyber attack that struck in April. Speaking at the retailer’s annual general meeting, CEO Stuart Machin said the company aims to resolve the majority of the incident’s impact by August.

The cyberattack, attributed to human error, forced M&S to suspend online sales and disrupted supply chain operations, including its Castle Donington distribution centre. The breach also compromised customer personal data and is expected to result in a £300 million hit to the company’s profit.

April marked the beginning of a multi-month recovery process, with M&S confirming by May that the breach involved a supply chain partner. By June, the financial and operational damage became clear, with limited online services restored and key features like click-and-collect still unavailable.

The e-commerce platform in Great Britain is now partially operational, but services such as next-day delivery remain offline. Machin stated that recovery is progressing steadily, with the goal of full functionality within weeks.

Julius Cerniauskas, CEO of web intelligence firm Oxylabs, highlighted the growing risks of social engineering in cyber incidents. He noted that while technical defences are improving, attackers continue to exploit human vulnerabilities to gain access.

Cerniauskas described the planned recovery timeline as a ‘solid achievement’ but warned that long-term reputational effects could persist. ‘It’s not a question of if you’ll be targeted – but when,’ he said, urging firms to bolster both human and technical resilience.

Executive pay may also be impacted by the incident. According to the Evening Standard, chairman Archie Norman said incentive compensation would reflect any related performance shortfalls. Norman added that systems are gradually returning online and progress is being made each week.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Billing software firm hit by ransomware attack

Healthcare billing platform Horizon Healthcare RCM has confirmed it suffered a ransomware attack, where threat actors stole sensitive data before encrypting its systems. The cybercriminal group, suspected to be affiliated with LockBit, reportedly demanded a ransom, which the company is believed to have paid to prevent public exposure of the stolen data.

The breach occurred in June 2024 and affected Horizon’s cloud-based revenue-cycle management platform. Although the company has not disclosed how many clients were impacted, it has notified healthcare providers using its services and is working with cybersecurity experts to assess the full scope of the incident.

Security analysts believe the attackers exfiltrated significant data, including protected health information, before deploying ransomware. While systems were eventually restored, concerns remain over long-term privacy risks and potential regulatory consequences for affected healthcare organisations.

Ransomware attacks on third-party vendors pose significant risks to the healthcare sector. Experts stress the importance of vendor risk assessments, data encryption, and secure system configurations to limit exposure.

As ransomware actors increasingly target supply-chain providers, proactive monitoring and resilience strategies are becoming essential for safeguarding critical data infrastructure.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

FBI warns cybercriminals are targeting airline security systems

The FBI has warned that a notorious cybercrime group known as Scattered Spider has broadened its attacks to target the airline sector. The gang, previously linked to breaches at Caesars, MGM, Aflac, and UK retailers, employs sophisticated social‑engineering methods.

These criminals impersonate employees or contractors and persuade IT help‑desk staff to register unauthorised devices, bypassing multi‑factor authentication. FBI and cybersecurity experts stress that airlines and third‑party suppliers are at serious risk.

While their flight operations remained unaffected, recent incidents at WestJet and Hawaiian Airlines are consistent with Scattered Spider’s modus operandi. Help‑desk teams are urged to reinforce identity verification protocols to prevent such incursions.

The FBI is collaborating with aviation partners to share intelligence and assist victims. Warnings emphasise prompt reporting of suspicious requests and reviews of help‑desk procedures. In particular, staff should resist pressure to add MFA devices or reset credentials without rigorous authentication, no matter how credible or urgent the request may appear.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Pentagon backs $10M deal with AI firm to integrate LLMs across its command centres

Pentagon officials have awarded AI firm Ask Sage a $10 million contract to integrate large language models (LLMs) across all US Combatant Commands, the Joint Staff, and the Office of the Secretary of Defence. The collaboration seeks to harness generative AI to speed up battlefield decision‑making and streamline workflows.

Application benefits include operational planning, logistics, command and control, intelligence, cybersecurity, and weapons development. Ask Sage’s AI‑powered tools will be deployed through the US Army’s LLM workspace, seamlessly linking classified and unclassified networks.

Deployment of these models is expected to support more agile, informed military operations while navigating security and data‑sharing challenges inherent to classified environments. The deal marks a strategic continuation of the Pentagon’s wider AI and digital transformation efforts.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

More European cities move to replace Microsoft software as part of digital sovereignty efforts

Following similar moves by Denmark, the German state of Schleswig-Holstein and the city of Lyon—France’s third-largest city and a major economic centre—has initiated a migration from Microsoft Windows and Office to a suite of open-source alternatives, including Linux, OnlyOffice, NextCloud, and PostgreSQL.

This transition is part of Lyon’s broader strategy to strengthen digital sovereignty and reduce reliance on foreign technology providers. As with other European initiatives, the decision aligns with wider EU discussions about data governance and digital autonomy. Concerns over control of sensitive data and long-term sustainability have contributed to increased interest in open-source solutions.

Although Microsoft has publicly affirmed its commitment to supporting EU customers regardless of political context, some European public authorities continue to explore alternatives that allow for local control over software infrastructure and data hosting.

In line with the European Commission’s 2025 State of the Digital Decade report—which notes that Europe has yet to fully leverage the potential of open-source technologies—Lyon aims to enhance both transparency and control over its digital systems.

Lyon’s migration also supports regional economic development. Its collaboration platform, Territoire Numérique Ouvert (Open Digital Territory), is being co-developed with local digital organisations and will be hosted in regional data centres. The project provides secure, interoperable tools for communication, office productivity, and document collaboration.

The city has begun gradually replacing Windows with Linux and Microsoft Office with OnlyOffice across municipal workstations. OnlyOffice, developed by Latvia-based Ascensio System SIA, is an open-source productivity suite distributed under the GNU Affero General Public License. While it shares a similar open-source ethos with LibreOffice, which was chosen in Demark to replace Microsoft, the two are not directly related.

It is reported that Lyon anticipates cost savings through extended hardware lifespans, a reduction in electronic waste, and improved environmental sustainability. Over half of the public contracts for this project have been awarded to companies based in the Auvergne-Rhône-Alpes region, with all awarded to French firms—highlighting a preference for local procurement.

Training for approximately 10,000 civil servants began in June 2025. The initiative is being monitored as a potential model for other municipalities aiming to enhance digital resilience and reduce dependency on proprietary software ecosystems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Qantas cyber attack sparks customer alert

Qantas is investigating a major data breach that may have exposed the personal details of up to six million customers.

The breach affected a third-party platform used by the airline’s contact centre to store sensitive data, including names, phone numbers, email addresses, dates of birth and frequent flyer numbers.

The airline discovered unusual activity on 30 June and responded by immediately isolating the affected system. While the full scope of the breach is still being assessed, Qantas expects the volume of stolen data to be significant.

However, it confirmed that no passwords, PINs, credit card details or passport numbers were stored on the compromised platform.

Qantas has informed the Australian Federal Police, the Cyber Security Centre and the Office of the Information Commissioner. CEO Vanessa Hudson apologised to customers and urged anyone concerned to call a dedicated support line. She added that airline operations and safety remain unaffected.

The incident follows recent cyber attacks on Hawaiian Airlines, WestJet and major UK retailers, reportedly linked to a group known as Scattered Spider. The breach adds to a growing list of Australian organisations targeted in 2025, in what privacy authorities describe as a worsening trend.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!