Critical infrastructure

Italian defence firms hit by suspected Indian state-backed hackers

An advanced persistent threat (APT) group with suspected ties to India has been accused of targeting Italian defence companies in a cyber-espionage campaign.

Security researchers found that the hackers used phishing emails and malicious documents to infiltrate networks, stealing sensitive data.

The attacks, believed to be state-sponsored, align with growing concerns about nation state cyber operations targeting critical industries.

The campaign, dubbed ‘Operation Tainted Love,’ involved sophisticated malware designed to evade detection while exfiltrating confidential documents.

Analysts suggest the group’s motives may include gathering intelligence on military technology and geopolitical strategies. Italy has not yet issued an official response, but the breach underscores the escalating risks to national security posed by cyber-espionage.

This incident follows a broader trend of state-backed hacking groups increasingly focusing on the defence and aerospace sectors.

Cybersecurity experts urge organisations to strengthen defences, particularly against phishing and supply chain attacks. As geopolitical tensions influence cyberwarfare, such operations highlight the need for international cooperation in combating digital threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Enhancing email security through multi-factor authentication

Many users overlook one critical security setting that can stop hackers in their tracks: multi-factor authentication (MFA). Passwords alone are no longer enough. Easy-to-remember passwords are insecure, and strong passwords are rarely memorable or widely reused.

Brute-force attacks and credential leaks are common, especially since many users repeat passwords across different platforms. MFA solves this by requiring a second verification form, usually from your phone or an authenticator app, to confirm your identity.

The extra step can block attackers, even if they have your password, because they still need access to your second device. Two-factor authentication (2FA) is the most common form of MFA. It combines something you know (your password) with something you have.

Many email providers, including Gmail, Outlook, and Proton Mail, now offer built-in 2FA options under account security settings. On Gmail, visit your Google Account, select Security, and enable 2-Step Verification. Use Google Authenticator instead of SMS for better safety.

Outlook.com users can turn on 2FA through their Microsoft account’s Security settings, using an authenticator app for code generation. Proton Mail allows you to scan a QR code with Google Authenticator after enabling 2FA under Account and Password settings.

Authenticator apps are preferred over SMS, as they are vulnerable to SIM-swapping and phishing-based interception. Adding MFA is a fast, simple way to strengthen your email security and avoid becoming a victim of password-related breaches.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

CISA 2015 expiry threatens private sector threat sharing

Congress has under 90 days to renew the Cybersecurity Information Sharing Act (CISA) of 2015 and avoid a regulatory setback. The law protects companies from liability when they share cyber threat indicators with the government or other firms, fostering collaboration.

Before CISA, companies hesitated due to antitrust and data privacy concerns. CISA removed ambiguity by offering explicit legal protections. Without reauthorisation, fear of lawsuits could silence private sector warnings, slowing responses to significant cyber incidents across critical infrastructure sectors.

Debates over reauthorisation include possible expansions of CISA’s scope. However, many lawmakers and industry groups in the United States now support a simple renewal. Health care, finance, and energy groups say the law is crucial for collective defence and rapid cyber threat mitigation.

Security experts warn that a lapse would reverse years of progress in information sharing, leaving networks more vulnerable to large-scale attacks. With only 35 working days left for Congress before the 30 September deadline, the pressure to act is mounting.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Building digital resilience in an age of crisis

At the WSIS+20 High-Level Event in Geneva, the session ‘Information Society in Times of Risk’ spotlighted how societies can harness digital tools to weather crises more effectively. Experts and researchers from across the globe shared innovations and case studies that emphasised collaboration, inclusiveness, and preparedness.

Chairs Horst Kremers and Professor Ke Gong opened the discussion by reinforcing the UN’s all-of-society principle, which advocates cooperation among governments, civil society, tech companies, and academia in facing disaster risks.

The Singapore team unveiled their pioneering DRIVE framework—Digital Resilience Indicators for Veritable Empowerment—redefining resilience not as a personal skill set but as a dynamic process shaped by individuals’ environments, from family to national policies. They argued that digital resilience must include social dimensions such as citizenship, support networks, and systemic access, making it a collective responsibility in the digital era.

Turkish researchers analysed over 54,000 social media images shared after the 2023 earthquakes, showing how visual content can fuel digital solidarity and real-time coordination. However, they also revealed how the breakdown of communication infrastructure in the immediate aftermath severely hampered response efforts, underscoring the urgent need for robust and redundant networks.

Meanwhile, Chinese tech giant Tencent demonstrated how integrated platforms—such as WeChat and AI-powered tools—transform disaster response, enabling donations, rescues, and community support on a massive scale. Yet, presenters cautioned that while AI holds promise, its current role in real-time crisis management remains limited.

The session closed with calls for pro-social platform designs to combat polarisation and disinformation, and a shared commitment to building inclusive, digitally resilient societies that leave no one behind.

Track all key events from the WSIS+20 High-Level Event 2025 on our dedicated page.

Report shows China outpacing the US and EU in AI research

AI is increasingly viewed as a strategic asset rather than a technological development, and new research suggests China is now leading the global AI race.

A report titled ‘DeepSeek and the New Geopolitics of AI: China’s ascent to research pre-eminence in AI’, authored by Daniel Hook, CEO of Digital Science, highlights how China’s AI research output has grown to surpass that of the US, the EU and the UK combined.

According to data from Dimensions, a primary global research database, China now accounts for over 40% of worldwide citation attention in AI-related studies. Instead of focusing solely on academic output, the report points to China’s dominance in AI-related patents.

In some indicators, China is outpacing the US tenfold in patent filings and company-affiliated research, signalling its capacity to convert academic work into tangible innovation.

Hook’s analysis covers AI research trends from 2000 to 2024, showing global AI publication volumes rising from just under 10,000 papers in 2000 to 60,000 in 2024.

However, China’s influence has steadily expanded since 2018, while the EU and the US have seen relative declines. The UK has largely maintained its position.

Clarivate, another analytics firm, reported similar findings, noting nearly 900,000 AI research papers produced in China in 2024, triple the figure from 2015.

Hook notes that governments increasingly view AI alongside energy or military power as a matter of national security. Instead of treating AI as a neutral technology, there is growing awareness that a lack of AI capability could have serious economic, political and social consequences.

The report suggests that understanding AI’s geopolitical implications has become essential for national policy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Europe moves to build its own digital infrastructure

France, Germany, Italy, and the Netherlands have taken a major step toward building Europe’s own digital infrastructure by signing the founding papers for a new European Digital Infrastructure Consortium for Digital Commons. The initiative reflects growing concern that Europe’s reliance on US technology companies, such as Microsoft, leaves its public administrations vulnerable to shifting geopolitical dynamics.

For years, countries like Germany and France have been working on alternatives, Berlin with its Open Desk project and Paris with La Suite Numérique. Now, by joining forces, the four governments aim to develop and maintain publicly built and publicly accessible digital tools that reduce dependence on foreign tech giants.

Markus Richter, Germany’s chief information officer, described the move as ‘a milestone on the way to more digital sovereignty in Europe.’ The consortium will focus on scaling strategic digital commons, securing financial backing, and fostering a strong European community committed to digital independence.

The new organisation, based in Paris, marks the start of a coordinated European effort to create sovereign digital services designed to serve governments and citizens alike, with long-term ambitions of strengthening Europe’s position in the global digital landscape.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Over 2.3 million users hit by Chrome and Edge extension malware

A stealthy browser hijacking campaign has infected over 2.3 million users through Chrome and Edge extensions that appeared safe and even displayed Google’s verified badge.

According to cybersecurity researchers at Koi Security, the campaign, dubbed RedDirection, involves 18 malicious extensions offering legitimate features like emoji keyboards and VPN tools, while secretly tracking users and backdooring their browsers.

One of the most popular extensions — a colour picker developed by ‘Geco’ — continues to be available on the Chrome and Edge stores with thousands of positive reviews.

While it works as intended, the extension also hijacks sessions, records browsing activity, and sends data to a remote server controlled by attackers.

What makes the campaign more insidious is how the malware was delivered. The extensions began as clean, valuable tools, but malicious code was quietly added during later updates.

Due to how Google and Microsoft handle automatic updates, most users receive spyware without taking action or clicking anything.

Koi Security’s Idan Dardikman describes the campaign as one of the largest documented. Users are advised to uninstall any affected extensions, clear browser data, and monitor accounts for unusual activity.

Despite the serious breach, Google and Microsoft have not responded publicly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI-powered imposter poses as US Secretary of State Rubio

An imposter posing as US Secretary of State Marco Rubio used an AI-generated voice and text messages to contact high-ranking officials, including foreign ministers, a senator, and a state governor.

The messages, sent through SMS and the encrypted app Signal, triggered an internal warning across the US State Department, according to a classified cable dated 3 July.

The individual created a fake Signal account using the name ‘Marco.Rubio@state.gov’ and began contacting targets in mid-June.

At least two received AI-generated voicemails, while others were encouraged to continue the chat via Signal. US officials said the aim was likely to gain access to sensitive information or compromise official accounts.

The State Department confirmed it is investigating the breach and has urged all embassies and consulates to remain alert. While no direct cyber threat was found, the department warned that shared information could still be exposed if targets were deceived.

A spokesperson declined to provide further details for security reasons.

The incident appears linked to a broader wave of AI-driven disinformation. A second operation, possibly tied to Russian actors, reportedly targeted Gmail accounts of journalists and former officials.

The FBI has warned of rising cases of ‘smishing’ and ‘vishing’ involving AI-generated content.

Experts now warn that deepfakes are becoming harder to detect, as the technology advances faster than defences.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Azerbaijan’s State Security Service tackles surveillance camera cyber breach

Azerbaijan’s State Security Service has disrupted a significant cybersecurity breach targeting surveillance cameras nationwide. The agency says unauthorised remote access had allowed attackers to capture and leak footage of private homes and offices.

The attackers exploited a digital video recorder (DVR) system vulnerability, intercepting live camera feeds. Footage of private family life was reportedly uploaded to foreign websites and even sold online.

In response, the State Security Service of Azerbaijan coordinated with other state bodies to identify compromised systems and locations. Technical inspections revealed a widespread security flaw in the surveillance devices.

The vulnerability was reported to the foreign manufacturer of the equipment, with an urgent request for a fix. Illegally uploaded footage has since been removed from affected platforms.

Citizens are urged to avoid using devices of unknown origin and follow best practices when managing digital systems. Authorities emphasised the importance of protecting personal data and maintaining cyber hygiene.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Three nations outline cyber law views ahead of UN talks

In the lead-up to the concluding session of the UN Open-Ended Working Group (OEWG) on ICTs, Thailand, New Zealand, and South Korea have released their respective national positions on the application of international law in cyberspace, contributing to the growing corpus of state practice on the issue.

Thailand’s position (July 2025) emphasises that existing international law, including the Charter of the UN, applies to the conduct of States in cyberspace. Speaking of international humanitarian law (IHL), Thailand stresses that the IHL applies to cyber operations conducted in the context of armed conflicts and all forms of warfare, including cyberwarfare. Thailand also affirms that sovereignty applies in full to state activities conducted in cyberspace, and even if the cyber operation does not rise to the level of a prohibited use of force under international law, such an act still amounts to an internationally wrongful act.

New Zealand’s updated statement builds upon its 2020 position by reaffirming that international law applies to cyberspace “in the same way it applies in the physical world.” It provides expanded commentary on the principles of sovereignty and due diligence, explicitly recognising that New Zealand

does not consider that territorial sovereignty prohibits every unauthorised intrusion into a foreign ICT system or prohibits all cyber activity which has effects on the territory of another state. The statement further provides that New Zealand considers that the rule of territorial sovereignty, as applied in the cyber context, does not prohibit states from taking necessary measures, with minimally destructive effects, to defend against the harmful activity

of malicious cyber actors.

South Korea’s position focuses on the applicability of international law to military cyber operations. It affirms the applicability of the UN Charter and IHL, emphasising restraint and the protection of civilians in cyberspace. Commenting on sovereignty, they say their position is close to Thailand’s. South Korea affirms that no State may intervene in the domestic affairs of another and reminds that this principle is explicitly codified in Article 2(7) of the UN Charter and has been affirmed in international jurisprudence. Hence, according to the document, the principle of sovereignty also applies equally in cyberspace. The position paper also highlights that under general international law, lawful countermeasures are permissible in response to internationally wrongful acts, and this principle applies equally in cyberspace. Given the anonymity and transboundary nature of cyberspace, which

often places the injured state at a structural disadvantage, the necessity of countermeasures may be recognised as a means of ensuring adequate protection for the wounded state.

These publications come at a critical juncture as the OEWG seeks to finalise its report on responsible state behaviour in cyberspace. With these latest contributions, the number of publicly released national positions on international law in cyberspace continues to grow, reflecting increasing engagement from states across regions.