In a report published this week, analysts at Google have uncovered a campaign in which a China-linked group known as APT41 targeted government ministries and other organisations.
Victims received spearphishing emails directing them to a ZIP file hosted on a compromised official website. Inside, a PDF and some insect images were designed to tempt users into clicking.
Opening the PDF quietly installed a programme called ToughProgress, which runs entirely in a device’s memory to evade antivirus checks. Once active, the malware stole sensitive files and prepared them for exfiltration.
Google Calendar became the hackers’ secret communication channel. An event dated 30 May 2023 carried encrypted data stolen from victims in its description.
Further entries in July contained new instructions. ToughProgress regularly checked the attacker-controlled calendar, decrypted any commands and uploaded its results back as new calendar events.
APT41 is one of China’s most active state-linked cyber groups. US authorities charged five members in 2020 with over a hundred intrusions worldwide and issued arrest warrants for operatives including Zhang Haoran and Tan Dailin.
Earlier investigations tie the group to long-running breaches of Southeast Asian government agencies and a Taiwanese research institute working on strategic technology.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The UK’s Ministry of Defence (MoD) will establish a Cyber and Electromagnetic Command to unify defensive cyber operations and coordinate offensive capabilities alongside the National Cyber Force.
However, this move follows recommendations in the upcoming strategic defence review, due on 2 June 2025, which will define the UK’s force structure and investment priorities.
The rapid sharing of intelligence across ships, aircraft, tanks and personnel is a core aim of the new formation. Defence Secretary John Healey has stressed that future conflicts ‘will be won through forces that are better connected, better equipped and innovating faster than their adversaries.’
However, a major concern is the lack of digital expertise, as Strategic Command chief Gen. Sir Jim Hockenhull warned: ‘the first battle of the next war is the battle for talent.’ To tackle this shortfall, the MoD has launched an accelerated recruitment pipeline, reducing basic training from ten weeks to just four, followed by three months of specialised cyber instruction.
Insights from Russia’s campaign in Ukraine have underlined the importance of electromagnetic capabilities such as jamming drones, intercepting communications and degrading enemy command and control.
Strategic Command chief Sir Jim Hockenhull warned that siloed cyber efforts must be fully integrated into operational planning to seize the advantage in modern warfare.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Prague has formally accused China of launching a malicious cyber campaign against its Foreign Affairs ministry’s unclassified communications network. Beijing’s embassy in Prague dismissed the allegations and urged an end to what it called ‘microphone diplomacy.’
Investigators trace the operation back to the Czech Republic’s 2022 EU presidency, attributing it to APT31, a group allegedly operating under China’s Ministry of State Security. After detecting the intrusion, officials rolled out a more secure communications platform in 2024.
Foreign Minister Jan Lipavský summoned China’s ambassador to stress the severity of the breach, which targeted emails and other documents related to Asia. The government condemned the incident as an attack on its critical infrastructure.
International partners have rallied behind Prague. NATO and the EU have condemned the attack and the US Bureau of Cyberspace and Digital Policy has called on China to meet its international cybersecurity commitments.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Chinese AI startup DeepSeek has rolled out an updated version of its R1 reasoning model on the popular developer platform Hugging Face. The release was quietly announced via a WeChat post and marks a continuation of DeepSeek’s effort to challenge leading players in the AI field, including US-based OpenAI.
The new R1 model is a minor update, released under the permissive MIT license, allowing commercial use. However, the Hugging Face repository only includes the model’s configuration files and internal weights, with no public documentation describing the model’s capabilities.
These ‘weights’ — the parameters that determine how an AI model behaves — total a massive 685 billion, making the model too large to run on standard consumer hardware without special adaptations. DeepSeek gained attention earlier this year when the original R1 demonstrated competitive performance against leading models from OpenAI.
That advancement hasn’t gone unnoticed by international observers; US regulators have expressed concern over the potential national security risks posed by DeepSeek’s technologies. Despite the controversy, the company continues to make bold moves on the global AI stage.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The UK and the EU have agreed to step up cooperation on cybersecurity as part of a wider defence and security pact.
The new framework, signed on 19 May, marks a major shift towards joint efforts in countering digital threats and hybrid warfare.
Instead of managing these challenges separately, the UK and EU will hold structured dialogues to address cyberattacks, disinformation campaigns, and other forms of foreign interference.
The deal outlines regular exchanges between national security officials, supported by thematic discussions focused on crisis response, infrastructure protection, and online misinformation.
A key aim is to boost resilience against hostile cyber activity by working together on detection, defence, and prevention strategies. The agreement encourages joint efforts to safeguard communication networks, protect energy grids, and strengthen public awareness against information manipulation.
The cooperation is expected to extend into coordinated drills and real-time threat sharing.
While the UK remains outside the EU’s political structure, the agreement positions it as a close cyber security partner.
Future plans include exploring deeper collaboration through EU defence projects and potentially forming a formal link with the European Defence Agency, ensuring that both sides can respond more effectively to emerging digital threats.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The European Maritime Safety Agency (EMSA) is set to take on an expanded role in maritime security, following a provisional agreement between the European Parliament and the Council.
Instead of focusing solely on traditional safety tasks, EMSA will now help tackle modern challenges, including cyber attacks and hybrid threats that increasingly target critical maritime infrastructure across Europe.
The updated mandate enables EMSA to support EU member states and the European Commission with technical, operational and scientific assistance in areas such as cybersecurity, pollution response, maritime surveillance and decarbonisation.
Rather than remaining confined to its original scope, the agency may also adopt new responsibilities as risks evolve, provided such tasks are requested by the Commission or individual countries.
The move forms part of a broader EU legislative package aimed at reinforcing maritime safety rules, improving environmental protections and updating inspection procedures.
The reforms ensure EMSA is equipped with adequate human and financial resources to handle its wider remit and contribute to strategic resilience in an increasingly digital and geopolitically unstable world.
Created in 2002 and based in Lisbon, EMSA plays a central role in safeguarding maritime transport, which remains vital for Europe’s economy and trade.
With more than 2,000 marine incidents reported annually, the agency’s modernised mandate is expected to strengthen the EU’s ability to prevent disruptions at sea and support its broader green and security goals.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Taiwan has rejected accusations from Beijing that its ruling party orchestrated cyberattacks against Chinese infrastructure. Authorities in Taipei instead accused China of spreading false claims in an effort to manipulate public perception and escalate tensions.
On Tuesday, Chinese officials alleged that a Taiwan-backed hacker group linked to the Democratic Progressive Party (DPP) had targeted a technology firm in Guangzhou.
They claimed more than 1,000 networks, including systems tied to the military, energy, and government sectors, had been compromised across ten provinces in recent years.
Taiwan’s National Security Bureau responded on Wednesday, stating that the Chinese Communist Party is manipulating false information to mislead the international community.
Rather than acknowledging its own cyber activities, Beijing is attempting to shift blame while undermining Taiwan’s credibility, the agency said.
Taipei further accused China of long-running cyberattacks aimed at stealing funds and destabilising critical infrastructure. Officials described such campaigns as part of cognitive warfare designed to widen social divides and erode public trust within Taiwan.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
An Iranian man has pleaded guilty to charges stemming from a ransomware campaign that disrupted public services across several US cities, including a major 2019 attack in Baltimore.
The US Department of Justice announced that 37-year-old Sina Gholinejad admitted to computer fraud and conspiracy to commit wire fraud, offences that carry a maximum combined sentence of 30 years.
Rather than targeting private firms, Gholinejad and his accomplices deployed Robbinhood ransomware against local governments, hospitals and non-profit organisations from early 2019 to March 2024.
The attack on Baltimore alone resulted in over $19 million in damage and halted critical city functions such as water billing, property tax collection and parking enforcement.
Instead of simply locking data, the group demanded Bitcoin ransoms and occasionally threatened to release sensitive files. Cities including Greenville, Gresham and Yonkers were also affected.
Although no state affiliation has been confirmed, US officials have previously warned of cyber activity tied to Iran, allegations Tehran continues to deny.
Gholinejad was arrested at Raleigh-Durham International Airport in January 2025. The FBI led the investigation, with support from Bulgarian authorities. Sentencing is scheduled for August.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Chinese authorities have accused Taiwan’s ruling Democratic Progressive Party of backing a cyberattack on a tech company based in Guangzhou.
According to public security officials in the city, an initial police investigation linked the attack to a foreign hacker group allegedly supported by the Taiwanese government.
The unnamed technology firm was reportedly targeted in the incident, with local officials suggesting political motives behind the cyber activity. They claimed Taiwan’s Democratic Progressive Party had provided backing instead of the group acting independently.
Taiwan’s Mainland Affairs Council has not responded to the allegations. The ruling DPP has faced similar accusations before, which it has consistently rejected, often describing such claims as attempts to stoke tension rather than reflect reality.
A development like this adds to the already fragile cross-strait relations, where cyber and political conflicts continue to intensify instead of easing, as both sides exchange accusations in an increasingly digital battleground.
Would you like to learn more aboutAI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A coalition of leading technology and cybersecurity firms, including Carahsoft, Dell Technologies, Forescout, Google Cloud, Trellix, and Velos, has launched the Strategic Cybersecurity Coalition (SCC). The group is dedicated to advocating for a more efficient and streamlined US approach to foreign cybersecurity assistance.
Their goal is to accelerate the deployment of sustainable, interoperable cybersecurity solutions that can effectively respond to the growing global cyber threat landscape. The US government continues to face significant bureaucratic and legal barriers that slow the delivery of timely cybersecurity support to its allies.
Despite the Biden administration’s introduction of a rapid-response fund, the broader foreign aid framework remains outdated and ill-equipped to keep pace with fast-evolving cyber incidents. Progress was further stalled by a pause in foreign assistance during the previous administration.
Moreover, existing military aid programs focus largely on traditional weaponry, which often requires years-long procurement processes, an impractical timeline for urgently needed cybersecurity tools and training. Restrictive regulations also hinder US companies from providing cybersecurity services abroad, limiting critical threat intelligence sharing vital to national security.
Strengthening allied cybersecurity is crucial for US security, as threats often target both partners and the US. The SCC calls for faster, streamlined cyber aid through military programs by easing contracting rules and funding limits, aiming to reduce procurement from years to months.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
