Cyberconflict and warfare

FBI issues warning as airline cyberattacks rise, posing national security threat

Less than a year after the cyberattack that shut down Sea-Tac Airport, the FBI has issued a stark new warning: America’s airlines are now targets. The agency confirmed that the cybercrime gang Scattered Spider is actively attacking aviation systems.

This group, known for crippling MGM Resorts, uses social engineering to bypass security. By posing as airline staff, they access systems, steal data and deploy ransomware within hours of a breach.

WestJet, Hawaiian Airlines and Qantas have all been hit in the last two months alone. Qantas reported a data breach affecting more than six million passengers.

Today’s airlines depend on interconnected digital infrastructure. Disruption to crew scheduling, flight planning or maintenance can trigger chaos across entire networks.

The FBI says these attacks are shifting from isolated incidents to coordinated campaigns. Experts fear that state and non-state actors are watching closely, ready to exploit aviation vulnerabilities.

Aircraft are now flying data centres. Their connectivity brings both efficiency and risk. Flight safety could be at stake if attackers compromise weather feeds or ground systems.

Sea-Tac was a warning. What happens when multiple airports are targeted at once? Fictional scenarios are edging closer to reality.

Previous attacks — from Warsaw to London — exposed system weaknesses. The threat has only grown. It is no longer a question of if, but when.

The industry must act decisively. Stronger identity checks, hardened systems, and real-time intelligence sharing are no longer optional. Cybersecurity must become as essential as flight safety.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK plans new laws to tackle undersea cable sabotage

The UK government’s evolving defence and security policies aim to close legal gaps exposed by modern threats such as cyberattacks and sabotage of undersea cables. As set out in the recent Strategic Defence Review, ministers plan to introduce a new defence readiness bill to protect critical subsea infrastructure better and prepare for hostile acts that fall outside traditional definitions of war.

The government is also considering revising the outdated Submarine Telegraph Act of 1885, whose penalties, last raised in 1982 to £1,000, are now recognised as inadequate. Instead of merely increasing fines, officials from the Ministry of Defence and the Department for Science, Innovation and Technology intend to draft comprehensive legislation that balances civil and military needs, clarifies how to prosecute sabotage, and updates the UK’s approach to national defence in the digital age.

These policy initiatives reflect growing concern about ‘grey zone’ threats—deliberate acts of sabotage or cyber aggression that stop short of open conflict yet pose serious national security risks. Recent suspected sabotage incidents, including damage to subsea cables connecting Sweden, Latvia, Finland, and Estonia, have highlighted how vulnerable undersea infrastructure remains.

Investigations have linked several of these operations to Russian and Chinese interests, emphasising the urgency of modernising UK law. By updating its legislative framework, the UK government aims to ensure it can respond effectively to attacks that blur the line between peace and conflict, safeguarding both national interests and critical international data flows.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

FBI warns cybercriminals are targeting airline security systems

The FBI has warned that a notorious cybercrime group known as Scattered Spider has broadened its attacks to target the airline sector. The gang, previously linked to breaches at Caesars, MGM, Aflac, and UK retailers, employs sophisticated social‑engineering methods.

These criminals impersonate employees or contractors and persuade IT help‑desk staff to register unauthorised devices, bypassing multi‑factor authentication. FBI and cybersecurity experts stress that airlines and third‑party suppliers are at serious risk.

While their flight operations remained unaffected, recent incidents at WestJet and Hawaiian Airlines are consistent with Scattered Spider’s modus operandi. Help‑desk teams are urged to reinforce identity verification protocols to prevent such incursions.

The FBI is collaborating with aviation partners to share intelligence and assist victims. Warnings emphasise prompt reporting of suspicious requests and reviews of help‑desk procedures. In particular, staff should resist pressure to add MFA devices or reset credentials without rigorous authentication, no matter how credible or urgent the request may appear.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Pentagon backs $10M deal with AI firm to integrate LLMs across its command centres

Pentagon officials have awarded AI firm Ask Sage a $10 million contract to integrate large language models (LLMs) across all US Combatant Commands, the Joint Staff, and the Office of the Secretary of Defence. The collaboration seeks to harness generative AI to speed up battlefield decision‑making and streamline workflows.

Application benefits include operational planning, logistics, command and control, intelligence, cybersecurity, and weapons development. Ask Sage’s AI‑powered tools will be deployed through the US Army’s LLM workspace, seamlessly linking classified and unclassified networks.

Deployment of these models is expected to support more agile, informed military operations while navigating security and data‑sharing challenges inherent to classified environments. The deal marks a strategic continuation of the Pentagon’s wider AI and digital transformation efforts.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Ransomware attack hits Swiss government data

A ransomware attack on the Swiss non-profit Radix has led to the theft and online publication of sensitive government data. Radix, which carries out projects for various federal offices and public authorities, confirmed that the Sarcoma ransomware group breached its systems on 16 June.

According to the Swiss government, some stolen data has already appeared on the dark web.
Authorities are working with the National Cyber Security Centre (NCSC) to assess which federal offices were impacted and how severely.

While Radix has notified affected individuals, it states there is no evidence that sensitive data from its partner organisations was compromised. However, Sarcoma reportedly leaked 1.3TB of documents online, including financial records, contracts, and private correspondence.

Sarcoma is a relatively new but aggressive cybercrime group that began operating in late 2024. It typically gains access through phishing emails, outdated software vulnerabilities, and supply chain weaknesses.

The group has claimed dozens of victims and is known for publishing stolen data if ransom demands are not met.

However, this marks the second serious incident involving Swiss government data in recent months. In March, the government disclosed that a breach at another third-party provider, Xplain, had exposed tens of thousands of documents containing personal details.

The Swiss authorities are urging continued vigilance as investigations into the Radix breach continue.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hacktivist attacks surge in Iran–Israel tensions

The Iran–Israel conflict has now expanded into cyberspace, with rival hacker groups launching waves of politically driven attacks.

Following Israel’s military operation against Iran, pro-Israeli hackers known as ‘Predatory Sparrow‘ struck Iran’s Sepah Bank, deleting data and causing significant service disruption.

A day later, the same group targeted Nobitex, Iran’s largest crypto exchange, stealing and destroying over $90 million in assets.

Cyber attacks intensified in the days before and after Israeli strikes. According to NSFOCUS, cyberattacks on Iran peaked three days before the military operation, suggesting pre-attack reconnaissance.

In retaliation, pro-Iranian hackers escalated attacks on Israel on 16 June, focusing on government systems, aerospace, and education.

While attacks on Iran have been fewer, Israeli systems have faced over 1,300 attacks in 2025 alone, with 37% of all global hacktivist activity aimed at Israel since the conflict began.

However, analysts note these attacks have been high in volume but limited in impact. Their malware tactics involve evading antivirus software, deleting data, and turning off recovery systems.

NSFOCUS warns that geopolitical tensions are turning hacktivist groups into informal cyber proxies. Though not formally state-backed, these loosely organised actors align closely with national interests.

As traditional defences lag, cybersecurity experts argue that national infrastructure must adopt more strategic, coordinated defence measures instead of fragmented responses, especially during crises and conflicts.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber Command and Coast Guard establish task force for port cyber defence

US Cyber Command has joined forces with the Coast Guard in a major military exercise designed to simulate cyberattacks on key port infrastructure.

Known as Cyber Guard, the training scenario marked a significant evolution in defensive readiness, integrating for the first time with Pacific Sentry—an Indo-Pacific Command exercise simulating conflict over Taiwan.

The joint effort included the formation of Task Force Port, a temporary unit tasked with coordinating defence of coastal infrastructure.

The drill reflected real-world concerns over the vulnerability of US ports in times of geopolitical tension, and brought together multiple combatant commands under a unified operational framework.

Rear Admiral Dennis Velez described the move as part of a broader shift from isolated training to integrated joint force operations.

Cyber Guard also marked the activation of the Department of Defense Cyber Defense Command (DCDC), previously known as Joint Force Headquarters–DOD Information Network.

The unit worked closely with the Coast Guard, signalling the increasing importance of cyber coordination across military branches when protecting critical infrastructure.

Port security has featured in past exercises but was previously handled as a separate scenario. Its inclusion within the core structure of Cyber Guard suggests a strategic realignment, ensuring cyber defence is embedded in wider contingency planning for future conflicts.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Irish businesses face cybersecurity reality check

Most Irish businesses believe they are well protected from cyberattacks, yet many neglect essential defences. Research from Gallagher shows most firms do not update software regularly or back up data as needed.

The survey of 300 companies found almost two-thirds of Irish firms feel very secure, with another 28 percent feeling quite safe. Despite this, nearly six in ten fail to apply software updates, leaving systems vulnerable to attacks.

Cybersecurity training is provided by just four in ten Irish organisations, even though it is one of the most effective safeguards. Gallagher warns that overconfidence may lead to complacency, putting businesses at risk of disruption and financial loss.

Laura Vickers of Gallagher stressed the importance of basic measures like updates and data backups to prevent serious breaches. With four in ten Irish companies suffering attacks in the past five years, firms are urged to match confidence with action.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New SparkKitty malware targets crypto wallets

A new Trojan dubbed SparkKitty is stealing sensitive data from mobile phones, potentially giving hackers access to cryptocurrency wallets.

Cybersecurity firm Kaspersky says the malware hides in fake crypto apps, gambling platforms, and TikTok clones, spread through deceptive installs.

Once installed, SparkKitty accesses photo galleries and uploads images to a remote server, likely searching for screenshots of wallet seed phrases. Though mainly active in China and Southeast Asia, experts warn it could spread globally.

SparkKitty appears linked to the SparkCat spyware campaign, which also targeted seed phrase images.

The malware is found on iOS and Android platforms, joining other crypto-focused threats like Noodlophile and LummaC2.

TRM Labs recently reported that nearly 70% of last year’s $2.2 billion in stolen crypto came from infrastructure attacks involving seed phrase theft.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI data risks prompt new global cybersecurity guidance

A coalition of cybersecurity agencies, including the NSA, FBI, and CISA, has issued joint guidance to help organisations protect AI systems from emerging data security threats. The guidance explains how AI systems can be compromised by data supply chain flaws, poisoning, and drift.

Organisations are urged to adopt security measures throughout all four phases of the AI life cycle: planning, data collection, model building, and operational monitoring.

The recommendations include verifying third-party datasets, using secure ingestion protocols, and regularly auditing AI system behaviour. Particular emphasis is placed on preventing model poisoning and tracking data lineage to ensure integrity.

The guidance encourages firms to update their incident response plans to address AI-specific risks, conduct audits of ongoing projects, and establish cross-functional teams involving legal, cybersecurity, and data science experts.

With AI models increasingly central to critical infrastructure, treating data security as a core governance issue is essential.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot