A hacking group, named as GamaCopy, has been imitating the tactics of the Russia-linked threat actor Gamaredon to target Russian-speaking victims, according to research by Chinese cybersecurity firm Knownsec.
GamaCopy’s latest campaign employed phishing documents disguised as reports on Russian armed forces’ locations in Ukraine, along with the open-source software UltraVNC for remote access.
However, while GamaCopy mirrors many techniques used by Gamaredon, researchers identified notable differences. For example, GamaCopy primarily uses Russian-language victims, whereas Gamaredon typically targets Ukrainian speakers. Additionally, GamaCopy’s use of UltraVNC represents a unique element in its attack chain.
Since June 2023, GamaCopy has targeted Russia’s defense and critical infrastructure sectors. However, the group is believed to have been active even earlier, i.e. since August 2021. Knownsec’s analysis suggests that GamaCopy’s operations are part of a deliberate false-flag campaign and links the group to another state-sponsored actor known as Core Werewolf, which has similarly targeted Russian defense systems since 2021.
This discovery follows recent reports of other hacker groups, conducting cyber-espionage campaigns against Russian entities, highlighting the increasing complexity and state-backed nature of these threats.
The Trump administration has terminated all members of the Cyber Safety Review Board (CSRB), along with the Cybersecurity and Infrastructure Agency’s Cybersecurity Advisory Committee and other Department of Homeland Security (DHS) advisory panels. This move has halted the investigation into hacking group Salt Typhoon’s cyberattack on US telecommunications firms, raising significant concerns among cybersecurity advocates, according to CyberScoop.
While Acting DHS Secretary Benjamin Huffman suggested that outgoing members could reapply for their positions, the decision has faced criticism from lawmakers and experts. Representative Bennie Thompson (D-Miss.), of the House Homeland Security Committee, warned that this decision could delay the Salt Typhoon probe, which he emphasised must be ‘completed expeditiously.’
Cybersecurity expert Kevin Beaumont argued that dismantling the CSRB could shield Microsoft from accountability over security lapses tied to a separate Chinese hacking incident. Meanwhile, Jake Williams of IANS Research highlighted the broader implications of this decision, stating that removing such panels could undermine US national security.
However, House Homeland Security Chair Mark Green (R-Tenn.) defended the move, stating it offers the Trump administration an opportunity to appoint new members or reevaluate the mission of the CSRB for more effective oversight.
An agreement signed between Iran and Russia last week outlines commitments to enhance military, security, cyber and technological cooperation between the two nations. The comprehensive strategic partnership agreement, signed in Moscow by Russian President Vladimir Putin and Iranian President Masoud Pezeshkian, seeks to deepen bilateral relations and includes specific provisions for cooperation in cybersecurity and internet regulation.
The agreement aims to counter the use of information and communication technologies for criminal activities and includes plans to exchange expertise on managing national internet infrastructure. The text also adds that two countries will ‘promote the establishment of a United Nations-led system for ensuring international information security and the creation of a legally binding regime for the prevention and peaceful resolution of conflicts, based on the principles of sovereign equality and non-interference in the internal affairs of states’.
The agreement emphasises strengthening sovereignty and state-centric approach to international information security and internet governance. Other key commitments on cybersecurity also include:
Expanding joint efforts to combat the criminal misuse of ICTs, exchanging expertise, and promoting sovereignty in the international information domain.
Advocating for the internationalization of internet governance, equal rights for states in managing internet segments, and rejecting limitations on national sovereignty in regulating and securing the internet.
Enhancing sovereignty through regulating global ICT companies, sharing expertise on internet management, developing ICT infrastructure, and advancing digital development.
President Donald Trump’s executive order delaying the enforcement of a US TikTok ban has created new legal uncertainties for the platform and its service providers, including Google and Apple. Signed on Monday, the order pauses for 75 days a law requiring TikTok’s Chinese parent company, ByteDance, to divest the app over national security concerns.
While the order directs the Justice Department to halt enforcement and assures app distributors of no liability during the review period, legal experts warn that the promise offers little protection. Courts do not consider executive orders binding, and Trump could alter or selectively enforce the policy at any time, potentially exposing companies to massive penalties.
The ban, passed by Congress and upheld by the Supreme Court days before Trump’s order, imposes steep fines of $5,000 per user for violations, making compliance a high-stakes gamble for service providers. Critics argue that the legal ambiguity could also open companies to shareholder lawsuits if they ignore the ban based solely on Trump’s directive.
Trump’s move has reignited tensions between the White House and lawmakers, who overwhelmingly supported the ban over fears of Chinese influence. The coming weeks may bring further legal battles and political manoeuvring as the future of TikTok in the US hangs in the balance.
Russian state-linked hackers, operating under the unit Star Blizzard, have launched a new phishing campaign targeting the WhatsApp accounts of government ministers and officials worldwide. According to Britain’s National Cyber Security Centre (NCSC), Star Blizzard, linked to Russia’s FSB spy agency, aims to undermine political trust in the UK and other similar nations.
Victims receive an email impersonating a US government official, inviting them to join a WhatsApp group. The email contains a QR code that, when scanned, links the victim’s WhatsApp account to an attacker-controlled device or WhatsApp Web, granting the hacker access to sensitive messages. Microsoft confirmed that this tactic allows hackers to exfiltrate data but did not specify whether data was successfully stolen.
The campaign has targeted individuals involved in diplomacy, defence, and Ukraine-related initiatives. This marks the latest attempt by Star Blizzard, which had previously targeted British MPs, universities, and journalists. Microsoft noted that while the campaign seemed to have wound down by November, the use of QR codes in phishing attacks, or ‘quishing,’ shows the hackers’ continued efforts to gain access to sensitive information.
WhatsApp, owned by Meta, emphasised that users should avoid scanning suspicious QR codes and should only link their accounts through official services. Experts also recommend verifying suspicious emails by contacting the sender directly through a known, trusted email address.
US authorities, including the Commerce Department and the FBI, are investigating Baicells Technologies, a telecom hardware company with ties to China, over potential security risks. Founded by former Huawei executives, Baicells has supplied telecom equipment to 700 networks across the US since opening its North American branch in 2015. The investigations focus on national security concerns, particularly around the company’s Chinese origins and its equipment’s potential vulnerability to espionage. The FBI’s interest in Baicells goes back to 2019, and recent reports suggest that the Pentagon has added the company to a list of entities connected to China’s military.
While Baicells has denied any wrongdoing and pledged full cooperation with US authorities, the company faces mounting scrutiny amid fears that Chinese-made telecom equipment could be used for surveillance or cyber attacks. In particular, base stations and routers provided by Baicells have been flagged for vulnerabilities that could allow hackers to compromise sensitive networks. The FBI has already contacted local US entities, such as the city of Las Vegas, to raise security concerns regarding Baicells’ technology.
Despite Baicells’ claims that it no longer has ties to its Chinese parent company, its history and ownership structure continue to raise doubts. Many of its top executives and a significant portion of its staff have links to Huawei, further fueling suspicions about the company’s operations. In recent years, Baicells has attempted to distance itself from its Chinese roots, stating that its infrastructure is increasingly built in Taiwan, though much of its equipment still originates from China. The ongoing investigations highlight the broader concerns in Washington about the risks posed by Chinese-linked technology in critical infrastructure.
The US Justice Department has removed malware from over 4,200 computers worldwide in an operation targeting a hacking group linked to the Chinese government. The malware, known as ‘PlugX,’ was used to steal information and compromise systems across the United States, Europe, and Asia. Investigators identified the cybercriminals behind the attack as ‘Mustang Panda’ and ‘Twill Typhoon,’ groups believed to have received financial support from China.
Court documents filed in the US District Court for the Eastern District of Pennsylvania allege that the Chinese government paid Mustang Panda to develop PlugX. The malware has been active since at least 2014 and was used not only to target governments and businesses but also Chinese political dissidents. Officials described the operation as a critical step in neutralising cyber threats backed by foreign states.
Authorities emphasised the growing risks posed by state-sponsored hacking groups and their ability to infiltrate global networks. The Justice Department remains committed to dismantling cyber threats and preventing adversaries from exploiting sensitive information. The scale of the attack highlights the persistent threat of cyber espionage and the need for international cooperation in addressing cybersecurity challenges.
Elon Musk is working to expand his aerospace firm SpaceX and its satellite broadband service Starlink in Italy. Talks are underway for potential supply agreements, with Musk offering Italy secure and advanced connectivity. Prime Minister Giorgia Meloni has built a close relationship with Musk, aligning with her ties to incoming US President Donald Trump.
Starlink, operating 6,700 satellites, dominates the low-Earth orbit market and provides broadband to over four million customers worldwide, including around 55,000 in Italy. The Italian government is considering using Starlink’s technology for secure communications among diplomats and defence personnel, a project valued at €1.5 billion over five years.
Israeli cybersecurity companies raised $4 billion in 2024, more than doubling the previous year’s total, according to venture capital firm YL Ventures. The sector, a key driver of Israel’s economy, saw strong investment growth despite geopolitical challenges. Cloud security and AI played a significant role in attracting funding, with early-stage startups securing $400 million across 50 seed rounds.
Investment in later-stage cybersecurity firms also surged, with growth-stage funding rounds raising $2.9 billion—an increase of 300% from 2023. The expansion reflects growing global confidence in Israel’s cybersecurity industry, which is increasingly recognised as a leader in the field. YL Ventures highlighted the role of Israeli military intelligence units in fostering a culture of innovation and entrepreneurship that strengthens the sector.
The ongoing war following Hamas’s October 2023 attack has added pressure on tech founders, many of whom have been called into military service. Industry leaders have had to navigate operational challenges while maintaining business continuity. Looking ahead to 2025, venture capital firms anticipate continued investment growth, particularly in early and mid-stage funding rounds, as cybersecurity remains a global priority.
Cyberattacks on Taiwan’s government departments doubled in 2024, reaching an average of 2.4 million attacks per day, according to the island’s National Security Bureau. Most of the attacks were attributed to Chinese cyber forces, with key targets including telecommunications, transportation, and defence. The report highlighted the increasing severity of China’s hacking activities, noting that many of the attacks were timed to coincide with Chinese military drills around Taiwan.
Taiwan has long accused Beijing of using cyberwarfare as part of broader “grey-zone harassment” efforts, which also include military exercises and surveillance balloons. The latest report detailed how China’s cyber forces employed advanced hacking techniques, such as distributed denial-of-service (DDoS) attacks and social engineering, in an attempt to steal confidential government data. These attacks were aimed at disrupting Taiwan’s infrastructure, including highways and ports, and gaining strategic advantages in politics, military affairs, and technology.
China has not responded to the allegations, though it routinely denies involvement in hacking operations. However, Taiwan’s findings come amid growing international concerns over Chinese cyber activities, with the United States recently accusing Chinese hackers of stealing sensitive documents from the US Treasury Department. Taiwan’s government has warned that Beijing’s cyber threats are intensifying and pose a growing risk to national security.
