Critical infrastructure

UBS employee data leaked after Chain IQ ransomware attack

UBS Group AG has confirmed a serious data breach affecting around 130,000 of its employees, following a cyberattack on its third-party supplier, Chain IQ Group AG.

The exposed information included employee names, emails, phone numbers, roles, office locations, and preferred languages. No client data has been impacted, according to UBS.

Chain IQ, a procurement services firm spun off from UBS in 2013, was reportedly targeted by the cybercrime group World Leaks, previously known as Hunters International.

Unlike traditional ransomware operators, World Leaks avoids encryption and instead steals data, threatening public release if ransoms are not paid.

While Chain IQ has acknowledged the breach, it has not disclosed the extent of the stolen data or named all affected clients. Notably, companies such as Swiss Life, AXA, FedEx, IBM, KPMG, Swisscom, and Pictet are among its clients—only Pictet has confirmed it was impacted.

Cybersecurity experts warn that the breach may have long-term implications for the Swiss banking sector. Leaked employee data could be exploited for impersonation, fraud, phishing scams, or even blackmail.

The increasing availability of generative AI may further amplify the risks through voice and video impersonation, potentially aiding in money laundering and social engineering attacks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ryuk ransomware hacker extradited to US after arrest in Ukraine

A key member of the infamous Ryuk ransomware gang has been extradited to the US after his arrest in Kyiv, Ukraine.

The 33-year-old man was detained in April 2025 at the request of the FBI and arrived in the US on 18 June to face multiple charges.

The suspect played a critical role within Ryuk by gaining initial access to corporate networks, which he then passed on to accomplices who stole data and launched ransomware attacks.

Ukrainian authorities identified him during a larger investigation into ransomware groups like LockerGoga, Dharma, Hive, and MegaCortex that targeted companies across Europe and North America.

According to Ukraine’s National Police, forensic analysis revealed the man’s responsibility for locating security flaws in enterprise networks.

Information gathered by the hacker allowed others in the gang to infiltrate systems, steal data, and deploy ransomware payloads that disrupted various industries, including healthcare, during the COVID pandemic.

Ryuk operated from 2018 until mid-2020 before rebranding as the notorious Conti gang, which later fractured into several smaller but still active groups. Researchers estimate that Ryuk alone collected over $150 million in ransom payments before shutting down.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

LACNIC launches regional internet skills program

LACNIC has launched the Research and Development (R&D) Ambassadors Program to improve internet infrastructure in Latin America and the Caribbean. That initiative is designed to identify and support emerging technical leaders who can help address persistent connectivity challenges in the region.

The program focuses on enhancing expertise in areas such as internet measurement, routing, and IPv6, to build stronger local digital ecosystems. The first cohort of ambassadors, presented during LACNIC 43, showcased projects demonstrating strong local involvement, such as the expansion of the RIPE Atlas measurement network in Chile and increased active probes in Bolivia.

The ambassadors actively engaged their communities to promote best practices and build technical skills, fostering collaboration and knowledge sharing at the local level. However, despite these promising initiatives, the program’s long-term effectiveness remains uncertain.

Challenges, such as limited resources and uneven technical expertise across countries, raise questions about whether these efforts can scale or lead to broader improvements in regional connectivity. Sustainability remains a key concern, especially in uneven infrastructure development areas.

Despite challenges, the program is key in promoting digital inclusion in Latin America and the Caribbean, where internet access remains limited. LACNIC’s efforts support global goals to close the digital divide by empowering local leaders and building capacity. Continued investment in infrastructure and skills is essential for lasting impact and regional digital growth.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Kuwait to strengthen telecom resilience amid regional tensions

Kuwait is implementing strategic policies to disaster-proof its telecommunications and digital infrastructure in light of rising regional tensions, particularly the ongoing conflict between Iran and the Zionist entity. Under any emergency scenario, these policies prioritise the continuity of essential services, such as the internet, mobile networks, and digital government systems.

To operationalise this approach, the government, led by the Minister of State for Communication Affairs, convened a high-level emergency meeting with key stakeholders, including the Ministry of Communications, the Communications and Information Technology Regulatory Authority (CITRA), and major telecom providers like Zain, Ooredoo, stc, and Virgin Mobile. The goal is to ensure unified national readiness through regular coordination, planning, and communication.

Kuwait is reinforcing its technical and operational capabilities to support these policies. The Ministry of Communications has raised its alert level and is conducting real-time monitoring of local networks to detect and respond to disruptions quickly.

Telecom providers have confirmed their infrastructure is prepared for various emergency scenarios, citing the activation of emergency centres, advanced technical support systems, and contingency plans. At the same time, CITRA has taken steps to maintain stable data flows by activating local internet exchange points (IXs) and securing alternative international routing paths, measures designed to minimise the impact of any potential regional connectivity breakdown.

In parallel, Kuwait is safeguarding digital public services as a core part of its policy framework. The Central Agency for Information Technology (CAIT) has implemented contingency plans and system integration efforts to ensure the continuity of government digital services. These measures aim to guarantee that citizens can access essential services, even during crises.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Salt Typhoon hackers breached Viasat during 2024 presidential campaign

According to Bloomberg News, satellite communications firm Viasat Inc. was reportedly among the targets of the Chinese-linked cyberespionage operation known as Salt Typhoon, which coincided with the 2024 US presidential campaign.

The breach, believed to have occurred last year, was discovered in 2025. Viasat confirmed it had investigated the incident in cooperation with an independent cybersecurity partner and relevant government authorities.

According to the company, the unauthorised access stemmed from a compromised device, though no evidence of customer impact has been found. ‘Viasat believes that the incident has been remediated and has not detected any recent activity related to this event,’ the firm stated, reaffirming its collaboration with United States officials.

Salt Typhoon, attributed to China by US intelligence, has previously been accused of breaching major telecom networks, including Verizon, AT&T and Lumen. Hackers allegedly gained full access to internal systems, enabling the geolocation of millions of users and the interception of phone calls.

In December 2024, US officials disclosed that a ninth telecom company had been compromised and confirmed that individuals connected to both Kamala Harris’s and Donald Trump’s presidential campaigns were targeted.

Chinese authorities have consistently rejected the claims, labelling them disinformation. Beijing maintains it ‘firmly opposes and combats cyberattacks and cybertheft in all forms’.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK cyber agency warns AI will accelerate cyber threats by 2027

The UK’s National Cyber Security Centre has warned that integrating AI into national infrastructure creates a broader attack surface, raising concerns about an increased risk of cyber threats.

Its latest report outlines how AI may amplify the capabilities of threat actors, especially when it comes to exploiting known vulnerabilities more rapidly than ever before.

By 2027, AI-enabled tools are expected to shorten the time between vulnerability disclosure and exploitation significantly. The evolution could pose a serious challenge for defenders, particularly within critical systems.

The NCSC notes that the risk of advanced cyber attacks will likely escalate unless organisations can keep pace with so-called ‘frontier AI’.

The centre also predicts a growing ‘digital divide’ between organisations that adapt to AI-driven threats and those left behind. The divide could further endanger the overall cyber resilience of the UK. As a result, decisive action is being urged to close the gap and reduce future risks.

NCSC operations director Paul Chichester said AI is expanding attack surfaces, increasing the volume of threats, and speeding up malicious activity. He emphasised that while these dangers are real, AI can strengthen the UK’s cyber defences.

Organisations are encouraged to adopt robust security practices using resources like the Cyber Assessment Framework, the 10 Steps to Cyber Security, and the new AI Cyber Security Code of Practice.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

China’s robotics industry set to double by 2028, led by drones and humanoid robots

China’s robotics industry is on course to double in size by 2028, with Morgan Stanley projecting market growth from US$47 billion in 2024 to US$108 billion.

With an annual expansion rate of 23 percent, the country is expected to strengthen its leadership in this fast-evolving field. Analysts credit China’s drive for innovation and cost efficiency as key to advancing next-generation robotics.

A cornerstone of the ‘Made in China 2025’ initiative, robotics is central to the nation’s goal of dominating global high-tech industries. Last year, China accounted for 40 percent of the worldwide robotics market and over half of all industrial robot installations.

Recent data shows industrial robot production surged 35.5 percent in May, while service robot output climbed nearly 14 percent.

Morgan Stanley anticipates drones will remain China’s largest robotics segment, set to grow from US$19 billion to US$40 billion by 2028.

Meanwhile, the humanoid robot sector is expected to see an annual growth rate of 63 percent, expanding from US$300 million in 2025 to US$3.4 billion by 2030. By 2050, China could be home to 302 million humanoid robots, making up 30 percent of the global population.

The researchers describe 2025 as a milestone year, marking the start of mass humanoid robot production.

They emphasise that automation is already reshaping China’s manufacturing industry, boosting productivity and quality instead of simply replacing workers and setting the stage for a brighter industrial future.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Anubis ransomware threatens permanent data loss

A new ransomware threat known as Anubis is making waves in the cybersecurity world, combining file encryption with aggressive monetisation tactics and a rare file-wiping feature that prevents data recovery.

Victims discover their files renamed with the .anubis extension and are presented with a ransom note warning that stolen data will be leaked unless payment is made.

What sets Anubis apart is its ability to permanently erase file contents using a command that overwrites them with zero-byte shells. Although the filenames remain, the data inside is lost forever, rendering recovery impossible.

Researchers have flagged the destructive feature as highly unusual for ransomware, typically seen in cyberespionage rather than financially motivated attacks.

The malware also attempts to change the victim’s desktop wallpaper to reinforce the impact, although in current samples, the image file was missing. Anubis spreads through phishing emails and uses tactics like command-line scripting and stolen tokens to escalate privileges and evade defences.

It operates as a ransomware-as-a-service model, meaning less-skilled cybercriminals can rent and use it easily.

Security experts urge organisations to treat Anubis as more than a typical ransomware threat. Besides strong backup practices, firms are advised to improve email security, limit user privileges, and train staff to spot phishing attempts.

As attackers look to profit from stolen access and unrecoverable destruction, prevention becomes the only true line of defence.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hacktivists target Iran’s Bank Sepah in major cyberattack

A cyberattack has reportedly hit Iran’s Bank Sepah by the hacktivist group Predatory Sparrow. The group announced on Tuesday that it had ‘destroyed all data’ at the bank, which is closely linked to the Islamic Revolutionary Guard Corps (IRGC) and Iran’s military.

Several Bank Sepah branches were closed, and customers reported being unable to access their accounts.
The attack coincided with broader banking disruptions in Iran, affecting services at Kosar and Ansar banks, both associated with military entities and subject to US sanctions.

Authorities in Iran have yet to publicly acknowledge the attack, though the IRGC-linked Fars news agency claimed the issues would be resolved in a few hours.

Predatory Sparrow said it targeted Bank Sepah for its alleged role in financing Iran’s missile and nuclear programmes and in helping the country circumvent international sanctions.

The group has previously claimed responsibility for attacks on Iranian steel plants and fuel stations and is widely believed by Tehran to receive foreign support, particularly from Israel.

Bank Sepah, one of the country’s oldest financial institutions, operates around 1,800 branches within Iran and maintains offices across Europe. The United States sanctioned the bank in 2019 following Iran’s withdrawal from the 2015 nuclear deal.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Armenia plans major AI hub with NVIDIA and Firebird

Armenia has unveiled plans to develop a $500mn AI supercomputing hub in partnership with US tech leader NVIDIA, AI cloud firm Firebird, and local telecoms group Team.

Announced at the Viva Technology conference in Paris, the initiative marks the largest tech investment ever seen in the South Caucasus.

Due to open in 2026, the facility will house thousands of NVIDIA’s Blackwell GPUs and offer more than 100 megawatts of scalable computing power. Designed to advance AI research, training and entrepreneurship, the hub aims to position Armenia as a leading player in global AI development.

Prime Minister Nikol Pashinyan described the project as the ‘Stargate of Armenia’, underscoring its potential to transform the national tech sector.

Firebird CEO Razmig Hovaghimian said the hub would help develop local talent and attract international attention, while the Afeyan Foundation, led by Noubar Afeyan, is set to come on board as a founding investor.

Instead of limiting its role to funding, the Armenian government will also provide land, tax breaks and simplified regulation to support the project, strengthening its push toward a competitive digital economy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!