Critical infrastructure

Japan to develop new cybersecurity strategy and measures

The Japanese government is preparing to develop a new cybersecurity strategy within the year, aiming to address growing digital threats targeting both public institutions and private enterprises. As part of the forthcoming strategy, the government plans to transition its internal communications systems from public-key cryptography to post-quantum cryptography, which is considered more resilient against potential cyberattacks enabled by quantum computing technologies.

In a recent development, Defence Minister Gen Nakatani met with Lithuanian Defence Minister Dovile Šakalienė in Tokyo, where both sides agreed to strengthen bilateral cooperation on cybersecurity. A Japanese Ministry of Defence expert will be sent to Lithuania in June to engage with local specialists, who are recognised for their expertise in managing persistent cyber threats, particularly those attributed to Russian state-linked actors.

The agreement follows an earlier announcement that Japan intends to expand its pool of specialist cybersecurity personnel from the current 24,000 to at least 50,000 by 2030. The target was introduced in response to a Ministry of Economy, Trade and Industry (METI) panel recommendation that the country needs approximately 110,000 skilled cybersecurity professionals to meet growing demand.

Under new regulatory measures due to take effect in 2026, the government will also begin inspecting the cybersecurity practices of private companies. Firms failing to meet the established standards may risk losing access to state subsidies.

Earlier this year, the parliament passed a new law enabling active cyberdefence measures, allowing authorities to legally monitor communications data during peacetime and neutralise foreign servers if cyberattacks occur.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

How AI could quietly sabotage critical software

When Google’s Jules AI agent added a new feature to a live codebase in under ten minutes, it initially seemed like a breakthrough. But the same capabilities that allow AI tools to scan, modify, and deploy code rapidly also introduce new, troubling possibilities—particularly in the hands of malicious actors.

Experts are now voicing concern over the risks posed by hostile agents deploying AI tools with coding capabilities. If weaponised by rogue states or cybercriminals, the tools could be used to quietly embed harmful code into public or private repositories, potentially affecting millions of lines of critical software.

Even a single unnoticed line among hundreds of thousands could trigger back doors, logic bombs, or data leaks. The risk lies in how AI can slip past human vigilance.

From modifying update mechanisms to exfiltrating sensitive data or weakening cryptographic routines, the threat is both technical and psychological.

Developers must catch every mistake; an AI only needs to succeed once. As such tools become more advanced and publicly available, the conversation around safeguards, oversight, and secure-by-design principles is becoming urgent.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Chinese state-linked hackers use Google Calendar to steal data

In a report published this week, analysts at Google have uncovered a campaign in which a China-linked group known as APT41 targeted government ministries and other organisations.

Victims received spearphishing emails directing them to a ZIP file hosted on a compromised official website. Inside, a PDF and some insect images were designed to tempt users into clicking.

Opening the PDF quietly installed a programme called ToughProgress, which runs entirely in a device’s memory to evade antivirus checks. Once active, the malware stole sensitive files and prepared them for exfiltration.

Google Calendar became the hackers’ secret communication channel. An event dated 30 May 2023 carried encrypted data stolen from victims in its description.

Further entries in July contained new instructions. ToughProgress regularly checked the attacker-controlled calendar, decrypted any commands and uploaded its results back as new calendar events.

APT41 is one of China’s most active state-linked cyber groups. US authorities charged five members in 2020 with over a hundred intrusions worldwide and issued arrest warrants for operatives including Zhang Haoran and Tan Dailin.

Earlier investigations tie the group to long-running breaches of Southeast Asian government agencies and a Taiwanese research institute working on strategic technology.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK bolsters digital defences with new Cyber Command after Ukraine lessons

The UK’s Ministry of Defence (MoD) will establish a Cyber and Electromagnetic Command to unify defensive cyber operations and coordinate offensive capabilities alongside the National Cyber Force.

However, this move follows recommendations in the upcoming strategic defence review, due on 2 June 2025, which will define the UK’s force structure and investment priorities.

The rapid sharing of intelligence across ships, aircraft, tanks and personnel is a core aim of the new formation. Defence Secretary John Healey has stressed that future conflicts ‘will be won through forces that are better connected, better equipped and innovating faster than their adversaries.’

However, a major concern is the lack of digital expertise, as Strategic Command chief Gen. Sir Jim Hockenhull warned: ‘the first battle of the next war is the battle for talent.’ To tackle this shortfall, the MoD has launched an accelerated recruitment pipeline, reducing basic training from ten weeks to just four, followed by three months of specialised cyber instruction.

Insights from Russia’s campaign in Ukraine have underlined the importance of electromagnetic capabilities such as jamming drones, intercepting communications and degrading enemy command and control.

Strategic Command chief Sir Jim Hockenhull warned that siloed cyber efforts must be fully integrated into operational planning to seize the advantage in modern warfare.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

China blamed of cyberattack on Czech Republic government networks

Prague has formally accused China of launching a malicious cyber campaign against its Foreign Affairs ministry’s unclassified communications network. Beijing’s embassy in Prague dismissed the allegations and urged an end to what it called ‘microphone diplomacy.’

Investigators trace the operation back to the Czech Republic’s 2022 EU presidency, attributing it to APT31, a group allegedly operating under China’s Ministry of State Security. After detecting the intrusion, officials rolled out a more secure communications platform in 2024.

Foreign Minister Jan Lipavský summoned China’s ambassador to stress the severity of the breach, which targeted emails and other documents related to Asia. The government condemned the incident as an attack on its critical infrastructure.

International partners have rallied behind Prague. NATO and the EU have condemned the attack and the US Bureau of Cyberspace and Digital Policy has called on China to meet its international cybersecurity commitments.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

IHS Nigeria and NSCDC partner to secure telecom infrastructure

IHS Nigeria and the Nigeria Security and Civil Defence Corps (NSCDC) have partnered to enhance the protection of critical telecommunications infrastructure across Nigeria.

The partnership is grounded in national policies that classify telecommunications assets, such as towers and fibre optic networks, as critical national information infrastructure, requiring legal protection and proactive security enforcement.

By addressing issues such as theft, vandalism, and sabotage, the partnership aims to strengthen the reliability and security of telecom services that millions of Nigerians rely on daily.

The NSCDC will provide critical support to IHS Nigeria in essential operational areas including site surveillance, emergency response, incident reporting, and tower decommissioning.

Additionally, the Corps will take an active role in investigating, apprehending, and prosecuting those who violate laws protecting telecommunications infrastructure.

Commenting on the partnership, IHS Nigeria CEO highlighted the importance of working closely with law enforcement to create a safer environment for operations and improve service quality.

He described the initiative as a major step toward enhancing the resilience and availability of connectivity in Nigeria. Similarly, NSCDC Commandant underscored the Corps’ responsibility to protect national infrastructure and described IHS Nigeria as a strategic partner in achieving that mission.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AT&T hit by alleged 31 million record breach

A hacker has allegedly leaked data from 31 million AT&T customers, raising fresh concerns over the security of one of America’s largest telecom providers. The data, posted on a major dark web forum in late May 2025, is said to contain 3.1GB of customer information in both JSON and CSV formats.

Instead of isolated details, the breach reportedly includes highly sensitive data: full names, dates of birth, tax IDs, physical and email addresses, device and cookie identifiers, phone numbers, and IP addresses.

Cybersecurity firm DarkEye flagged the leak, warning that the structured formats make the data easy for criminals to exploit.

If verified, the breach would mark yet another major incident for AT&T. In March 2024, the company confirmed that personal information from 73 million users had been leaked.

Just months later, a July breach exposed call records and location metadata for nearly 110 million customers, with blame directed at compromised Snowflake cloud accounts.

AT&T has yet to comment on the latest claims. Experts warn that the combination of tax numbers and device data could enable identity theft, financial scams, and advanced phishing attacks.

For a company already under scrutiny for past security lapses, the latest breach could further damage public trust.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Victoria’s Secret website hit by cyber attack

Victoria’s Secret’s website has remained offline for three days due to a security incident the company has yet to fully explain. A spokesperson confirmed steps are being taken to address the issue, saying external experts have been called in and some in-store systems were also taken down as a precaution.

Instead of revealing specific details, the retailer has left users with only a holding message on a pink background. It has declined to comment on whether ransomware is involved, when the disruption began, or if law enforcement has been contacted.

The firm’s physical stores continue operating as normal, and payment systems are unaffected, suggesting the breach has hit other digital infrastructure. Still, the shutdown has rattled investors—shares fell nearly seven percent on Wednesday.

With online sales accounting for a third of Victoria’s Secret’s $6 billion annual revenue, the pressure to resolve the situation is high.

The timing has raised eyebrows, as cybercriminals often strike during public holidays like Memorial Day, when IT teams are short-staffed. The attack follows a worrying trend among retailers.

UK giants such as Harrods, Marks & Spencer, and the Co-op have all suffered recent breaches. Experts warn that US chains are becoming the next major targets, with threat groups like Scattered Spider shifting their focus across the Atlantic.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK and EU strengthen maritime and cyber security

The UK and the EU have agreed to step up cooperation on cybersecurity as part of a wider defence and security pact.

The new framework, signed on 19 May, marks a major shift towards joint efforts in countering digital threats and hybrid warfare.

Instead of managing these challenges separately, the UK and EU will hold structured dialogues to address cyberattacks, disinformation campaigns, and other forms of foreign interference.

The deal outlines regular exchanges between national security officials, supported by thematic discussions focused on crisis response, infrastructure protection, and online misinformation.

A key aim is to boost resilience against hostile cyber activity by working together on detection, defence, and prevention strategies. The agreement encourages joint efforts to safeguard communication networks, protect energy grids, and strengthen public awareness against information manipulation.

The cooperation is expected to extend into coordinated drills and real-time threat sharing.

While the UK remains outside the EU’s political structure, the agreement positions it as a close cyber security partner.

Future plans include exploring deeper collaboration through EU defence projects and potentially forming a formal link with the European Defence Agency, ensuring that both sides can respond more effectively to emerging digital threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

ABCI-Q goes live as Japan ramps up quantum tech investment

Japan has officially launched the world’s most powerful supercomputer dedicated to quantum computing research. Known as ABCI-Q, the system is housed within the newly opened G-QuAT research centre in Tsukuba, operated by the National Institute of Advanced Industrial Science and Technology (AIST).

G-QuAT (Global Research and Development Centre for Business by Quantum-AI Technology) opened earlier this month with a mission to advance hybrid computing technologies that combine classical computing, such as AI, with quantum systems.

Its work is structured around three main goals: developing use cases for hybrid computing, supporting the quantum technology supply chain, and enabling large-scale qubit integration.

ABCI-Q runs on 2,020 Nvidia H100 GPUs, connected using Nvidia’s Quantum-2 InfiniBand architecture, and integrated with CUDA-Q, Nvidia’s hybrid orchestration platform.

It supports multiple quantum processors, including superconducting qubits from Fujitsu, a neutral atom system by QuEra, and a photonic processor by OptQC—enabling diverse hybrid workloads across different qubit technologies.

The machine’s infrastructure includes 18 cryogenic systems supplied by Bluefors, built to support quantum computers with 1,000+ qubits and thousands of signal paths. G-QuAT has also partnered with IonQ to access its quantum systems via the cloud, bolstering research access and global collaboration.

The launch of ABCI-Q underscores Japan’s ambition to lead in next-generation computing. The government of Japan has committed over ¥330 billion (£1.7 billion) to quantum initiatives between 2020 and 2024.

AIST says the project aims to boost national industrial competitiveness, expand scientific capabilities, and foster a skilled quantum workforce.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!