Critical infrastructure

More European cities move to replace Microsoft software as part of digital sovereignty efforts

Following similar moves by Denmark, the German state of Schleswig-Holstein and the city of Lyon—France’s third-largest city and a major economic centre—has initiated a migration from Microsoft Windows and Office to a suite of open-source alternatives, including Linux, OnlyOffice, NextCloud, and PostgreSQL.

This transition is part of Lyon’s broader strategy to strengthen digital sovereignty and reduce reliance on foreign technology providers. As with other European initiatives, the decision aligns with wider EU discussions about data governance and digital autonomy. Concerns over control of sensitive data and long-term sustainability have contributed to increased interest in open-source solutions.

Although Microsoft has publicly affirmed its commitment to supporting EU customers regardless of political context, some European public authorities continue to explore alternatives that allow for local control over software infrastructure and data hosting.

In line with the European Commission’s 2025 State of the Digital Decade report—which notes that Europe has yet to fully leverage the potential of open-source technologies—Lyon aims to enhance both transparency and control over its digital systems.

Lyon’s migration also supports regional economic development. Its collaboration platform, Territoire Numérique Ouvert (Open Digital Territory), is being co-developed with local digital organisations and will be hosted in regional data centres. The project provides secure, interoperable tools for communication, office productivity, and document collaboration.

The city has begun gradually replacing Windows with Linux and Microsoft Office with OnlyOffice across municipal workstations. OnlyOffice, developed by Latvia-based Ascensio System SIA, is an open-source productivity suite distributed under the GNU Affero General Public License. While it shares a similar open-source ethos with LibreOffice, which was chosen in Demark to replace Microsoft, the two are not directly related.

It is reported that Lyon anticipates cost savings through extended hardware lifespans, a reduction in electronic waste, and improved environmental sustainability. Over half of the public contracts for this project have been awarded to companies based in the Auvergne-Rhône-Alpes region, with all awarded to French firms—highlighting a preference for local procurement.

Training for approximately 10,000 civil servants began in June 2025. The initiative is being monitored as a potential model for other municipalities aiming to enhance digital resilience and reduce dependency on proprietary software ecosystems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Qantas cyber attack sparks customer alert

Qantas is investigating a major data breach that may have exposed the personal details of up to six million customers.

The breach affected a third-party platform used by the airline’s contact centre to store sensitive data, including names, phone numbers, email addresses, dates of birth and frequent flyer numbers.

The airline discovered unusual activity on 30 June and responded by immediately isolating the affected system. While the full scope of the breach is still being assessed, Qantas expects the volume of stolen data to be significant.

However, it confirmed that no passwords, PINs, credit card details or passport numbers were stored on the compromised platform.

Qantas has informed the Australian Federal Police, the Cyber Security Centre and the Office of the Information Commissioner. CEO Vanessa Hudson apologised to customers and urged anyone concerned to call a dedicated support line. She added that airline operations and safety remain unaffected.

The incident follows recent cyber attacks on Hawaiian Airlines, WestJet and major UK retailers, reportedly linked to a group known as Scattered Spider. The breach adds to a growing list of Australian organisations targeted in 2025, in what privacy authorities describe as a worsening trend.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Researchers track financial cyberattacks in Africa and spot new ransomware group

Cybersecurity researchers have identified a series of cyberattacks targeting African financial institutions since at least July 2023. The campaign, attributed to a threat cluster named CL-CRI-1014 by Palo Alto Networks Unit 42, involves using open-source and publicly available tools to maintain unauthorised access to compromised systems.

According to Unit 42, ‘CL’ stands for ‘cluster’ and ‘CRI’ refers to ‘criminal motivation.’ The threat actor is believed to be operating as an initial access broker (IAB), seeking to obtain entry into networks and sell access to other cybercriminals on underground forums.

Researchers noted that the group employs methods to evade detection by spoofing legitimate software, including copying digital signatures and using application icons from Microsoft Teams, Palo Alto Networks Cortex, and VMware Tools to disguise malicious payloads. Tools deployed include PoshC2 for command-and-control, Chisel for network tunnelling, and Classroom Spy for remote access.

While the initial intrusion vector remains unclear, once access is achieved, the attackers reportedly use MeshCentral Agent and Classroom Spy to control machines, with Chisel deployed to bypass firewalls. PoshC2 is propagated across Windows hosts and persisted through various techniques, including services, scheduled tasks, and startup shortcuts. In some cases, stolen user credentials were used to set up proxies via PoshC2.

Trustwave SpiderLabs has reported the emergence of a new ransomware group named Dire Wolf, which has claimed 16 victims across multiple countries, including the United States, India, and Italy, with primary targets in the technology, manufacturing, and financial sectors.

Dire Wolf ransomware was developed in Golang. It includes disabling system logging, terminating a predefined list of services and applications, and deleting shadow copies to hinder recovery. Although details about the group’s initial access or lateral movement techniques are unknown, Trustwave advises organisations to maintain standard cybersecurity practices and monitor for the techniques observed during the analysis.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

OpenInfra Summit Europe brings focus on AI and VMware alternatives

The OpenInfra Foundation and its global community will gather at the OpenInfra Summit Europe from 17 to 19 October in Paris-Saclay to explore how open source is reshaping digital infrastructure.

It will be the first summit since the Foundation joined the Linux Foundation, uniting major projects such as Linux, Kubernetes and OpenStack under the OpenInfra Blueprint. The agenda includes a strong focus on digital sovereignty, VMware migration strategies and infrastructure support for AI workloads.

Taking place at École Polytechnique in Palaiseau, the summit arrives at a time when open source software is powering nearly $9 trillion of economic activity.

With over 38% of the global OpenInfra community based in Europe, the event will focus on regional priorities like data control, security, and compliance with new EU regulations such as the Cyber Resilience Act.

Developers, IT leaders and business strategists will explore how projects like Kata Containers, Ceph and RISC-V integrate to support cost-effective, scalable infrastructure.

The summit will also mark OpenStack’s 15th anniversary, with use cases shared by the UN, BMW and nonprofit Restos du Coeur.

Attendees will witness a live VMware migration demo featuring companies like Canonical and Rackspace, highlighting real-world approaches to transitioning away from proprietary platforms. Sessions will dive into topics like CI pipelines, AI-powered infrastructure, and cloud-native operations.

As a community-led event, OpenInfra Summit Europe remains focused on collaboration.

With sponsors including Canonical, Mirantis, Red Hat and others, the gathering offers developers and organisations an opportunity to share best practices, shape open source development, and strengthen the global infrastructure ecosystem.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware attack hits Swiss government data

A ransomware attack on the Swiss non-profit Radix has led to the theft and online publication of sensitive government data. Radix, which carries out projects for various federal offices and public authorities, confirmed that the Sarcoma ransomware group breached its systems on 16 June.

According to the Swiss government, some stolen data has already appeared on the dark web.
Authorities are working with the National Cyber Security Centre (NCSC) to assess which federal offices were impacted and how severely.

While Radix has notified affected individuals, it states there is no evidence that sensitive data from its partner organisations was compromised. However, Sarcoma reportedly leaked 1.3TB of documents online, including financial records, contracts, and private correspondence.

Sarcoma is a relatively new but aggressive cybercrime group that began operating in late 2024. It typically gains access through phishing emails, outdated software vulnerabilities, and supply chain weaknesses.

The group has claimed dozens of victims and is known for publishing stolen data if ransom demands are not met.

However, this marks the second serious incident involving Swiss government data in recent months. In March, the government disclosed that a breach at another third-party provider, Xplain, had exposed tens of thousands of documents containing personal details.

The Swiss authorities are urging continued vigilance as investigations into the Radix breach continue.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cybercrime surge hits airlines across North America

According to the FBI and cybersecurity experts, a well-known cybercrime group has launched fresh attacks on the airline industry, successfully breaching the networks of several airlines in the US and Canada.

The hackers, identified as ‘Scattered Spider’, are known for aggressive extortion tactics and are now shifting their focus to aviation instead of insurance or retail, their previous targets.

Airline security teams remain on high alert despite no flights or operations being disrupted. Hawaiian Airlines and Canada’s WestJet have acknowledged recent cyber incidents, while sources suggest more affected companies may step forward soon.

Both airlines reported no impact on day-to-day services, likely due to solid internal defences and continuity planning.

The attackers often exploit help desks by impersonating employees or customers to access corporate systems. Experts warn that airline call centres are especially vulnerable, given their importance to customer support.

Cybersecurity firms, including Mandiant, are now supporting the response and advising firms to reinforce these high-risk entry points.

Scattered Spider has previously breached major casinos, insurance, and retail companies. The FBI confirmed it is working with aviation partners to contain the threat and assist victims.

Industry leaders remain alert, noting that airlines, IT contractors, and vendors across the aviation sector are at risk from the escalating threat.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hacktivist attacks surge in Iran–Israel tensions

The Iran–Israel conflict has now expanded into cyberspace, with rival hacker groups launching waves of politically driven attacks.

Following Israel’s military operation against Iran, pro-Israeli hackers known as ‘Predatory Sparrow‘ struck Iran’s Sepah Bank, deleting data and causing significant service disruption.

A day later, the same group targeted Nobitex, Iran’s largest crypto exchange, stealing and destroying over $90 million in assets.

Cyber attacks intensified in the days before and after Israeli strikes. According to NSFOCUS, cyberattacks on Iran peaked three days before the military operation, suggesting pre-attack reconnaissance.

In retaliation, pro-Iranian hackers escalated attacks on Israel on 16 June, focusing on government systems, aerospace, and education.

While attacks on Iran have been fewer, Israeli systems have faced over 1,300 attacks in 2025 alone, with 37% of all global hacktivist activity aimed at Israel since the conflict began.

However, analysts note these attacks have been high in volume but limited in impact. Their malware tactics involve evading antivirus software, deleting data, and turning off recovery systems.

NSFOCUS warns that geopolitical tensions are turning hacktivist groups into informal cyber proxies. Though not formally state-backed, these loosely organised actors align closely with national interests.

As traditional defences lag, cybersecurity experts argue that national infrastructure must adopt more strategic, coordinated defence measures instead of fragmented responses, especially during crises and conflicts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Dutch government to build AI plant with €70 million pledge

The Dutch government has pledged €70 million to build a new AI facility in Groningen to establish a European hub for AI research and development.

A consortium of Dutch organisations will manage the plant and focus on healthcare, agriculture, defence and energy applications.

The government is also seeking an additional €70 million in EU co-financing and has welcomed a separate €60 million contribution from the Groningen regional administration.

The plant is expected to be commissioned in 2026 and reach operation by early 2027 if funding is secured.

Minister of Economic Affairs Vincent Karremans emphasised the need to develop domestic AI capacity, warning that dependence on foreign technologies could threaten national competitiveness and digital independence.

‘Those who do not develop the technology themselves depend on others, ’ Karremans said on the government’s website.

European countries have grown increasingly concerned over their reliance on AI technologies developed by US companies.

The Groningen initiative marks a broader effort by the EU to build its own AI infrastructure instead of leaving strategic control in foreign hands.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

How can technical standards bridge or broaden the digital divide?

At the Internet Governance Forum 2025 in Lillestrøm, Norway, the Freedom Online Coalition convened a diverse panel to explore how technical standards shape global connectivity and inclusion. The session, moderated by Laura O’Brien, Senior International Counsel at Access Now, highlighted how open and interoperable standards can empower underserved communities.

Divine Agbeti, Director General of the Cybersecurity Authority of Ghana, shared how mobile money systems helped bring over 80% of Ghana’s adult population into the digital financial fold—an example of how shared standards translate into real-world impact, especially across Africa. However, the conversation quickly turned to the systemic barriers that exclude many from the standard-setting process itself.

ICANN’s At-Large Advisory Committee member emphasised challenges like high membership fees, lack of transparency, English-only proceedings, and complex technical jargon.

Stephanie Borg Psaila, Director of Digital Policy at Diplo, presented detailed research mapping these hurdles across bodies like ITU, ICANN, and IETF, and called for reforms such as multilingual interpretation, hybrid meeting formats, and adjusted membership models to enable broader civil society participation.

Stephanie Borg Psaila

Security and infrastructure governance also featured prominently. Rose Payne, Policy and Advocacy Lead at Global Partners Digital, spotlighted the role of technical standards in safeguarding subsea cables—which carry 95–99% of transnational data—but also pointed to the limitations of technical solutions when facing geopolitical threats.

She underscored the urgency of updating international legal frameworks like UNCLOS and fostering cooperation between governments, the private sector, and civil society. Alex Walden, Global Head of Human Rights at Google, also reaffirmed the private sector’s role in investing in global connectivity while advocating for human rights-based frameworks and inclusive multistakeholder participation.

While the session closed on a constructive note, tensions emerged during the Q&A. Technical community members like Colin Perkins (University of Glasgow) and Harold, a technologist and civil society advocate, challenged the panel’s framing, arguing that distinctions between technical and civil society actors are often artificial and counterproductive.

Panellists responded diplomatically, acknowledging the need for more nuanced engagement and mutual understanding. Despite differing views, the forum concluded with shared commitments: dismantling barriers to participation, building cross-sectoral capacity, and grounding technical governance in international human rights from the outset.

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

DeepSeek struggles to launch R2 amid NVIDIA chip shortage

The launch of DeepSeek’s next-generation AI model, R2, is expected to face delays due to a shortage of NVIDIA H20 chips in China.

These chips, designed specifically for the Chinese market following US export restrictions, are essential for running DeepSeek’s highly optimised models.

The ban on H20 shipments in April has triggered widespread concern among cloud providers about the scalability of R2, especially if it outperforms existing open-source models.

CEO Liang Wenfeng has reportedly held back the model’s release, expressing dissatisfaction with its current performance.

Engineers continue refining R2, but the lack of compatible hardware poses a deeper challenge. DeepSeek’s reliance on NVIDIA architecture makes switching to Chinese chips inefficient, as the models are tightly built for NVIDIA’s software and hardware ecosystem.

Some Chinese firms have begun using workarounds by flying engineers to Malaysia, where NVIDIA chips are still available in local data centres.

After training their models abroad, teams return to China with trained systems. Others rely on gaming GPUs like the RTX 5090, which are easier to access via grey markets despite restrictions.

While Chinese tech giants ordered 1.2 million H20 chips earlier in 2025 to meet demand sparked by R1’s success, inventory is still unlikely to support a full R2 rollout.

Companies outside China may launch R2 more easily without facing the same export hurdles.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!