Cyberconflict and warfare

Netherlands expands espionage laws to include cyber activities

The Dutch government has adopted new legislation expanding the scope of its espionage laws to include digital espionage and other activities carried out on behalf of foreign states that may harm Dutch national interests. The updated law complements existing provisions that criminalise the disclosure of state secrets by adding penalties for leaking sensitive, but not classified, information and for conducting harmful activities linked to foreign entities.

Under the revised legal framework, penalties for computer-related offenses associated with espionage have been increased. Individuals found guilty of such offenses could face up to eight years in prison, or up to twelve years in particularly severe cases.

Netherlands Justice and Security Minister David van Weel stated that the measures aim to enhance national resilience against foreign threats.

In parallel, the government is moving forward with plans to implement vetting procedures for researchers and students seeking access to sensitive technologies at Dutch academic institutions. This follows growing concern over foreign interest in strategic research, particularly from China, as noted by Dutch intelligence services.

In recent assessments, Dutch authorities have reported both Chinese cyber activities targeting intellectual property and Russian state-linked attempts to disrupt national infrastructure. Incidents include reported efforts to infiltrate institutions based in The Hague, such as the International Criminal Court and the Organisation for the Prohibition of Chemical Weapons.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Japan approves preemptive cyberdefence law

Japan’s parliament has passed a new law enabling active cyberdefence measures, allowing authorities to legally monitor communications data during peacetime and neutralise foreign servers if cyberattacks occur.

Instead of reacting only after incidents, this law lets the government take preventive steps to counter threats before they escalate.

Operators of vital infrastructure, such as electricity and railway companies, must now report cyber breaches directly to the government. The shift follows recent cyber incidents targeting banks and an airline, prompting Japan to put a full framework in place by 2027.

Although the law permits monitoring of IP addresses in communications crossing Japanese borders, it explicitly bans surveillance of domestic messages and their contents.

A new independent panel will authorise all monitoring and response actions beforehand, instead of leaving decisions solely to security agencies.

Police will handle initial countermeasures, while the Self-Defense Forces will act only when attacks are highly complex or planned. The law, revised to address opposition concerns, includes safeguards to ensure personal rights are protected and that government surveillance remains accountable.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Masked cybercrime groups rise as attacks escalate worldwide

Cybercrime is thriving like never before, with hackers launching attacks ranging from absurd ransomware demands of $1 trillion to large-scale theft of personal data. Despite efforts from Microsoft, Google and even the FBI, these threat actors continue to outpace defences.

A new report by Group-IB has analysed over 1,500 cybercrime investigations to uncover the most active and dangerous hacker groups operating today.

Rather than fading away after arrests or infighting, many cybercriminal gangs are re-emerging stronger than before.

Group-IB’s May 2025 report highlights a troubling increase in key attack types across 2024 — phishing rose by 22%, ransomware leak sites by 10%, and APT (advanced persistent threat) attacks by 58%. The United States was the most affected country by ransomware activity.

At the top of the cybercriminal hierarchy now sits RansomHub, a ransomware-as-a-service group that emerged from the collapsed ALPHV group and has already overtaken long-established players in attack numbers.

Behind it is GoldFactory, which developed the first iOS banking trojan and exploited facial recognition data. Lazarus, a well-known North Korean state-linked group, also remains highly active under multiple aliases.

Meanwhile, politically driven hacktivist group NoName057(16) has been targeting European institutions using denial-of-service attacks.

With jurisdictional gaps allowing cybercriminals to flourish, these masked hackers remain a growing concern for global cybersecurity, especially as new threat actors emerge from the shadows instead of disappearing for good.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber attack disrupts Edinburgh school networks

Thousands of Edinburgh pupils were forced to attend school on Saturday after a phishing attack disrupted access to vital online learning resources.

The cyber incident, discovered on Friday, prompted officials to lock users out of the system as a precaution, just days before exams.

Approximately 2,500 students visited secondary schools to reset passwords and restore their access. Although the revision period was interrupted, the council confirmed that no personal data had been compromised.

Scottish Council staff acted swiftly to contain the threat, supported by national cyber security teams. Ongoing monitoring is in place, with authorities confident that exam schedules will continue unaffected.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft bans DeepSeek app for staff use

Microsoft has confirmed it does not allow employees to use the DeepSeek app, citing data security and propaganda concerns.

Speaking at a Senate hearing, company president Brad Smith explained the decision stems from fears that data shared with DeepSeek could end up on Chinese servers and be exposed to state surveillance laws.

Although DeepSeek is open source and widely available, Microsoft has chosen not to list the app in its own store.

Smith warned that DeepSeek’s answers may be influenced by Chinese government censorship and propaganda, and its privacy policy confirms data is stored in China, making it subject to local intelligence regulations.

Interestingly, Microsoft still offers DeepSeek’s R1 model via its Azure cloud service. The company argued this is a different matter, as customers can host the model on their servers instead of relying on DeepSeek’s infrastructure.

Even so, Smith admitted Microsoft had to alter the model to remove ‘harmful side effects,’ although no technical details were provided.

While Microsoft blocks DeepSeek’s app for internal use, it hasn’t imposed a blanket ban on all chatbot competitors. Apps like Perplexity are available in the Windows store, unlike those from Google.

The stance against DeepSeek marks a rare public move by Microsoft as the tech industry navigates rising tensions over AI tools with foreign links.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Indian stock exchanges curb foreign access amid cybersecurity concerns

India’s two largest stock exchanges, the National Stock Exchange (NSE) and BSE Ltd, have temporarily restricted overseas access to their websites amid rising concerns over cyber threats. The move does not affect foreign investors’ ability to trade on Indian markets.

Sources familiar with the matter confirmed the decision followed a joint meeting between the exchanges, although no recent direct attack has been specified.

Despite the restrictions, market operations remain fully functional, with officials emphasising that the measures are purely preventive.

The precautionary step comes during heightened regional tensions between India and Pakistan, though no link to the geopolitical situation has been confirmed. The NSE has yet to comment publicly on the situation.

A BSE spokesperson noted that the exchanges are monitoring cyber risks both domestically and internationally and that website access is now granted selectively to protect users and infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyberattacks against US soar in early 2025

Cyberattacks targeting the US surged dramatically in early 2025, according to a new report from cybersecurity firm Trellix. Between October 2024 and March 2025, advanced persistent threats (APTs) increased by 136% compared to the previous quarter.

China’s cyber operations showed significant sophistication, with groups such as APT40 and Mustang Panda leading the charge. APT41, another Chinese-affiliated group, intensified its activities by 113%, focusing on exploiting both new and known vulnerabilities rather than relying on phishing tactics.

Analysts noted that nearly half of these threats originated from China, while over a third were linked to Russia. Meanwhile, Russia’s APT29, also known as Midnight Blizzard, primarily targeted transportation, shipping, and telecommunications sectors.

The report highlighted that government institutions remained the primary focus of hostile cyber actors. However, the telecommunications industry experienced a sharp 92% increase in APT attacks, while the technology sector faced a staggering 119% rise.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

France accuses Russia of cyberattacks on Olympic and election targets

France has publicly accused Russia’s military intelligence agency of launching cyberattacks against key French institutions, including the 2017 presidential campaign of Emmanuel Macron and organisations tied to the Paris 2024 Olympics.

The allegations were presented by Foreign Minister Jean-Noël Barrot at the UN Security Council, where he condemned the attacks as violations of international norms. French authorities linked the operations to APT28, a well-known Russian hacking group connected to the GRU.

The group also allegedly orchestrated the 2015 cyberattack on TV5 Monde and attempted to manipulate voters during the 2017 French election by leaking thousands of campaign documents. A rise in attacks has been noted ahead of major events like the Olympics and future elections.

France’s national cybersecurity agency recorded a 15% increase in Russia-linked attacks in 2024, targeting ministries, defence firms, and cultural venues. French officials warn the hacks aim to destabilise society and erode public trust.

France plans closer cooperation with Poland and pledged to counter Russia’s cyber operations with all available means.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cybercriminals target Gmail accounts in sophisticated new attack

Gmail users are facing a serious new threat that could lead to their accounts being hijacked by cybercriminals.

Experts at Malwarebytes have issued an urgent warning about a sophisticated scam that is bypassing Gmail’s usually reliable spam filters, putting billions of accounts at risk.

The scam was first noticed by Nick Johnson, a developer with the Ethereum Name Service, who received an official-looking email supposedly from Google.

Although it appeared genuine and even passed all verification checks, the link inside redirected users to a fraudulent site hosted via Google’s own website creation platform. Cybercriminals exploited the fact that anyone can create pages on sites.google.com to make the scam look credible.

Google has acknowledged the attack, linked to the Rockfoils threat group, and confirmed that new protections are being rolled out.

While measures are underway to address the vulnerability, security experts strongly advise Gmail users to remain cautious and follow essential safety practices to avoid falling victim.

Simple actions, such as avoiding links in unsolicited emails, double-checking email headers, and refusing to use Google credentials to sign into other services, can significantly reduce the risk. Staying vigilant is now more important than ever to protect personal data and online security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SK Telecom begins SIM card replacement after data breach

South Korea’s largest carrier, SK Telecom, began replacing SIM cards for its 23 million customers on Monday following a serious data breach.

Instead of revealing the full extent of the damage or the perpetrators, the company has apologised and offered free USIM chip replacements at 2,600 stores nationwide, urging users to either change their chips or enrol in an information protection service.

The breach, caused by malicious code, compromised personal information and prompted a government-led review of South Korea’s data protection systems.

However, SK Telecom has secured less than five percent of the USIM chips required, planning to procure an additional five million by the end of May instead of having enough stock ready for immediate replacement.

Frustrated customers, like 30-year-old Jang waiting in line in Seoul, criticised the company for failing to be transparent about the amount of data leaked and the number of users affected.

Instead of providing clear answers, SK Telecom has focused on encouraging users to seek chip replacements or protective measures.

South Korea, often regarded as one of the most connected countries globally, has faced repeated cyberattacks, many attributed to North Korea.

Just last year, police confirmed that North Korean hackers had stolen over a gigabyte of sensitive financial data from a South Korean court system over a two-year span.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!