A wave of cyber attacks hit around 20 Italian websites, including those of banks and airports, in an incident linked to rising tensions between Rome and Moscow.
Italy‘s cybersecurity agency attributed the attacks to the pro-Russian hacker group Noname057(16), which targeted websites such as Intesa Sanpaolo, Banca Monte dei Paschi, Iccrea Banca, and Milan’s Linate and Malpensa airports. Authorities reported no major disruptions.
The attack followed recent remarks by Italian President Sergio Mattarella, who compared Russia‘s war on Ukraine to Nazi Germany‘s expansionism.
Moscow condemned the statement, while Italian Prime Minister Giorgia Meloni defended it. The hackers cited Mattarella’s comments as motivation for their actions, according to Italy’s cybersecurity agency.
Noname057(16) previously claimed responsibility for a cyber attack on Italy in December, which targeted around 10 institutional websites. Some of the affected organisations declined to comment on the latest breach, while others reported no operational impact. Italian authorities continue to monitor the situation.
For more information on these topics, visit diplomacy.edu.
A new report from Google states that cybercrime continues to expand, intersecting with state-backed cyber operations. Released ahead of the Munich Security Conference, research from Google’s Threat Intelligence Group and Mandiant outlines findings from their investigations in 2024 and trends observed over the past four years.
According to Google, financially motivated and state-backed cyber activities are becoming more interconnected. Cybercriminal ecosystems facilitate the acquisition of malware, vulnerabilities, and operational support, offering lower-cost alternatives to state-developed capabilities.
The report emphasises that while cybercrime and state-backed cyber operations increasingly overlap, responses to these threats require distinct strategies. Cybercrime often involves networks operating across jurisdictions, necessitating international collaboration to address its impact effectively.
For more information on these topics, visit diplomacy.edu.
A controversy has emerged over the British government’s reported attempt to compel Apple to grant authorities access to encrypted iCloud accounts, leading to calls for increased transparency from intelligence agencies. Sir Jeremy Fleming, the former head of the UK’s GCHQ from 2017 to 2023, addressed this issue at the Munich Cyber Security Conference, highlighting the need for public understanding and trust in intelligence operations. He emphasised that an agency’s ‘license to operate’ should be grounded in transparency.
The UK government has contested the description of a ‘back door’ in relation to the notice, clarifying that it seeks to ensure Apple maintains the capability to provide iCloud data in response to lawful warrants, a function that existed prior to the introduction of end-to-end encryption for iCloud in December 2022.
Since 2020, Apple has provided iCloud data to UK authorities in response to four of more than 6,000 legal requests for customer information under non-IPA laws. However, this data excludes requests made under the Investigatory Powers Act (IPA), the UK’s primary law for accessing tech company data.
Fleming emphasised the importance of intelligence agencies providing clear explanations of their operations, particularly in relation to new technologies. He pointed out the need for a better understanding of how intelligence agencies operate in practice, particularly as technological advancements change their methods.
For more information on these topics, visit diplomacy.edu.
Authorities have arrested four Russian nationals suspected of deploying Phobos ransomware to extort payments from victims across Europe and beyond. Europol announced that law enforcement agencies from 14 countries worked together to dismantle the network, taking down 27 servers linked to the cybercriminals. The individuals arrested were reportedly leaders of the 8Base ransomware group, a key player in distributing Phobos malware.
The operation follows a series of recent arrests targeting Phobos-related cybercrime. In June 2024, a key administrator of the ransomware was apprehended in South Korea and later extradited to the United States, while another major affiliate was arrested in Italy last year. Authorities have since issued warnings to over 400 companies worldwide about imminent cyberattacks.
Phobos ransomware has been particularly damaging to small and medium-sized businesses, which often lack strong cybersecurity protections. Europol’s latest Russian crackdown is a significant step in weakening the ransomware network and preventing further cyber extortion efforts.
For more information on these topics, visit diplomacy.edu
Google has removed a key passage from its AI principles that previously committed to steering clear of potentially harmful applications, including weapons. The now-missing section, titled ‘AI applications we will not pursue,’ explicitly stated that the company would not develop technologies likely to cause harm, as seen in archived versions of the page reviewed by Bloomberg.
The change has sparked concern among AI ethics experts. Margaret Mitchell, former co-lead of Google’s ethical AI team and now chief ethics scientist at Hugging Face, criticised the move. ‘Having that removed is erasing the work that so many people in the ethical AI space and the activist space as well had done at Google, and more problematically, it means Google will probably now work on deploying technology directly that can kill people,’ she said.
With ethics guardrails shifting, questions remain about how Google will navigate the evolving AI landscape—and whether its revised stance signals a broader industry trend toward prioritising market dominance over ethical considerations.
Multiple Russian cybersecurity firms have published research reports on emerging threats, including a large-scale information-stealing campaign targeting local organisations using the Nova malware.
According to a report from Moscow-based BI.ZONE, Nova is a commercial malware sold as a service on dark web marketplaces. Prices range from $50 for a monthly license to $630 for a lifetime license. Nova is a variant of SnakeLogger, a widely used malware known for stealing sensitive information.
While the developers of Nova remain unidentified, the code contains strings in Polish, and a Telegram group dedicated to promoting and supporting the malware was created in August 2024. The scale of the campaign and the full extent of its impact on Russian organisations remain unclear.
Over the weekend, F.A.C.C.T. reported a cyberespionage campaign targeting chemical, food, and pharmaceutical companies in Russia, attributing the attacks to a state-backed group named Rezet (or Rare Wolf). Meanwhile, Solar reported an attack on Russian industrial facilities by the newly identified group APT NGC4020, which exploited a vulnerability in a SolarWinds tool.
The Nova malware collects a wide range of data, including saved authentication credentials, keystrokes, screenshots, and clipboard content. This stolen data can be used in a variety of malicious activities, such as facilitating ransomware attacks. The malware is distributed through phishing emails, often disguised as contracts, to trick employees in organisations that handle high volumes of email correspondence.
Swedish authorities have ruled out sabotage in the recent Baltic Sea fibre optic cable break, attributing the damage to adverse weather, faulty equipment, and poor seamanship.
Senior prosecutor Mats Ljungqvist of Sweden’s National Security Unit stated Monday that the vessel responsible for the 26 January incident, which severed an undersea cable between Latvia and Sweden, did not act with malicious intent.
Swedish officials, including the coast guard, police, and military, participated in the probe. While the vessel had been seized during the investigation, authorities have now lifted that restriction.
Google identified more than 57 cyber threat actors linked to China, Iran, North Korea, and Russia leveraging the company’s AI technology to enhance their cyber and information warfare efforts. According to a new report by Google’s Threat Intelligence Group (GTIG), the state-sponsored hacking groups, known as Advanced Persistent Threats (APTs), primarily use AI for tasks such as researching vulnerabilities, writing malicious code, and creating targeted phishing campaigns.
The company says that Iranian APT actors, particularly APT42, were identified as the most frequent users of Google’s AI tool, Gemini. They used it for reconnaissance on cybersecurity experts and organizations, and phishing operations.
Beyond APT groups, underground cybercriminal forums have begun advertising illicit AI models, such as WormGPT, WolfGPT, FraudGPT, and GhostGPT—AI systems designed to bypass ethical safeguards and facilitate phishing, fraud, and cyberattacks.
In the report, Google stated that the company has implemented countermeasures to prevent abuse of its AI system and has called for stronger collaboration between government and private industry to bolster cybersecurity defenses.
With Germany’s parliamentary elections just weeks away, lawmakers are warning that authoritarian states, including Russia, are intensifying disinformation efforts to destabilise the country. Authorities are particularly concerned about a Russian campaign, known as Doppelgänger, which has been active since 2022 and aims to undermine Western support for Ukraine. The campaign has been linked to fake social media accounts and misleading content in Germany, France, and the US.
CSU MP Thomas Erndl confirmed that Russia is attempting to influence European elections, including in Germany. He argued that disinformation campaigns are contributing to the rise of right-wing populist parties, such as the AfD, by sowing distrust in state institutions and painting foreigners and refugees as a problem. Erndl emphasised the need for improved defences, including modern technologies like AI to detect disinformation, and greater public awareness and education.
The German Foreign Ministry recently reported the identification of over 50,000 fake X accounts associated with the Doppelgänger campaign. These accounts mimic credible news outlets like Der Spiegel and Welt to spread fabricated articles, amplifying propaganda. Lawmakers stress the need for stronger cooperation within Europe and better tools for intelligence agencies to combat these threats, even suggesting that a shift in focus from privacy to security may be necessary to tackle the issue effectively.
Greens MP Konstantin von Notz highlighted the security risks posed by disinformation campaigns, warning that authoritarian regimes like Russia and China are targeting democratic societies, including Germany. He called for stricter regulation of online platforms, stronger counterintelligence efforts, and increased media literacy to bolster social resilience. As the election date approaches, lawmakers urge both government agencies and the public to remain vigilant against the growing threat of foreign interference.
WhatsApp has identified an advanced hacking campaign targeting nearly 90 users across more than two dozen countries. The attack, linked to Israeli spyware firm Paragon Solutions, exploited a zero-click vulnerability, meaning victims’ devices were compromised without them needing to interact with any malicious files. The messaging platform, owned by Meta, has since taken steps to block the hacking attempts and has issued a cease-and-desist letter to Paragon.
While WhatsApp has not disclosed the identities of those targeted, reports indicate that journalists and members of civil society were among the victims. The company has referred affected users to Citizen Lab, a Canadian watchdog that investigates digital security threats. Law enforcement agencies and industry partners have also been alerted, though specifics remain undisclosed.
Paragon, which was recently acquired by US investment firm AE Industrial Partners, has not commented on the allegations. The company presents itself as a responsible player in the spyware industry, claiming to sell its technology only to governments in stable democracies. However, critics argue that the continued spread of surveillance tools increases the risk of human rights abuses, with spyware repeatedly found on the devices of activists, journalists, and officials worldwide.
Cybersecurity experts warn that the growing use of commercial spyware poses an ongoing threat to digital privacy. Despite claims of ethical safeguards, the latest revelations suggest that even companies with supposedly responsible practices may be engaging in questionable surveillance activities.
