Cyberconflict and warfare

The US push for AI dominance through openness

In a bold move to maintain its edge in the global AI race—especially against China—the United States has unveiled a sweeping AI Action Plan with 103 recommendations. At its core lies an intriguing paradox: the push for open-source AI, typically associated with collaboration and transparency, is now being positioned as a strategic weapon.

As Jovan Kurbalija points out, this plan marks a turning point where open-weight models are framed not just as tools of innovation, but as instruments of geopolitical influence, with the US aiming to seed the global AI ecosystem with American-built systems rooted in ‘national values.’

The plan champions Silicon Valley by curbing regulations, limiting federal scrutiny, and shielding tech giants from legal liability—potentially reinforcing monopolies. It also underlines a national security-first mentality, urging aggressive safeguards against foreign misuse of AI, cyber threats, and misinformation. Notably, it proposes DARPA-led initiatives to unravel the inner workings of large language models, acknowledging that even their creators often can’t fully explain how these systems function.

Internationally, the plan takes a competitive, rather than cooperative, stance. Allies are expected to align with US export controls and values, while multilateral forums like the UN and OECD are dismissed as bureaucratic and misaligned. That bifurcation risks alienating global partners—particularly the EU, which favours heavy AI regulation—while increasing pressure on countries like India and Japan to choose sides in the US–China tech rivalry.

Despite its combative framing, the strategy also nods to inclusion and workforce development, calling for tax-free employer-sponsored AI training, investment in apprenticeships, and growing military academic hubs. Still, as Kurbalija warns, the promise of AI openness may clash with the plan’s underlying nationalistic thrust—raising questions about whether it truly aims to democratise AI, or merely dominate it.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft hacking campaign expands into ransomware attacks

A state-aligned cyber-espionage campaign exploiting Microsoft server software vulnerabilities has escalated to ransomware deployment, according to a Microsoft blog post published late Wednesday.

The group, dubbed ‘Storm-2603’ by Microsoft, is now using the SharePoint vulnerability to spread ransomware that can lock down systems and demand digital payments. This shift suggests a move from espionage to broader disruption.

according to Eye Security, a cybersecurity firm from the Netherlands, the number of known victims has surged from 100 to over 400, with the possibility that the true figure is likely much higher.

‘There are many more, because not all attack vectors have left artefacts that we could scan for,’ said Eye Security’s chief hacker, Vaisha Bernard.

One confirmed victim is the US National Institutes of Health, which isolated affected servers as a precaution. Reports also indicate that the Department of Homeland Security and several other agencies have been impacted.

The breach stems from an incomplete fix to Microsoft’s SharePoint software vulnerability. Both Microsoft and Google-owner Alphabet have linked the activity to Chinese hackers—a claim Beijing denies.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US lawmaker proposes to train young Americans in AI for cyberwarfare

In a Washington Post opinion piece, Rep. Elise Stefanik and Stephen Prince, CEO of TFG Asset Management, argue that the United States is already engaged in a new form of warfare — cyberwarfare — waged by adversaries like China, Russia, and Iran using tools such as malware, phishing, and zero-day exploits. They assert that the US is not adequately prepared to defend against these threats due to a significant shortage of cyber talent, especially within the military and government.

To address this gap, the authors propose the creation of the United States Advanced Technology Academy (USATA) — a tuition-free, government-supported institution that would train a new generation of Americans in cybersecurity, AI, and quantum computing. Modelled after military academies, USATA would be located in upstate New York and require a five-year public service commitment from graduates.

The goal is to rapidly develop a pipeline of skilled cyber defenders, close the Pentagon’s estimated 30,000-person cyber personnel shortfall, and maintain US leadership in strategic technologies. Stefanik and Prince argue that while investing in AI tools and infrastructure is essential, equally critical is the cultivation of human expertise to operate, secure, and ethically deploy these tools. They position USATA not just as an educational institution but as a national security imperative.

The article places the academy within a broader effort to outpace rivals like China, which is also actively investing in STEM education and tech capacity. The authors call on the President to establish USATA via executive order or bipartisan congressional support, framing it as a decisive and forward-looking response to 21st-century threats.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

EU and Japan deepen AI cooperation under new digital pact

In May 2025, the European Union and Japan formally reaffirmed their long-standing EU‑Japan Digital Partnership during the third Digital Partnership Council in Tokyo. Delegations agreed to deepen collaboration in pivotal digital technologies, most notably artificial intelligence, quantum computing, 5G/6G networks, semiconductors, cloud, and cybersecurity.

A joint statement committed to signing an administrative agreement on AI, aligned with principles from the Hiroshima AI Process. Shared initiatives include a €4 million EU-supported quantum R&D project named Q‑NEKO and the 6G MIRAI‑HARMONY research effort.

Both parties pledge to enhance data governance, digital identity interoperability, regulatory coordination across platforms, and secure connectivity via submarine cables and Arctic routes. The accord builds on the Strategic Partnership Agreement activated in January 2025, reinforcing their mutual platform for rules-based, value-driven digital and innovation cooperation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware activity drops 43% in Q2 despite year‑on‑year rise

Ransomware incidents fell sharply in Q2 2025, with public disclosures dropping 43% from Q1 (from 22.9 to 17.5 cases per day). However, attacks remain elevated compared to the same quarter last year, showing a 43% year‑on‑year increase. In total, 1,591 new victims appeared on leak sites, confirming ransomware is still a serious and growing threat.

This decline coincided with law enforcement disruption of major operations such as Alphv/BlackCat and LockBit, alongside seasonal lulls like Easter and Ramadan. Meanwhile, active ransomware groups surged to 71, up from 41 in Q2 2024, indicating a fragmented threat landscape populated by smaller actors.

North America continued to absorb over half of all attacks, with healthcare, industrial manufacturing, and business services among the most affected sectors. Although overall volume dipped, newer threat actors remain agile, and fragmentation may fuel more covert ransomware behaviour, not less.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK to retaliate against cyber attacks, minister warns

Britain’s security minister has warned that hackers targeting UK institutions will face consequences, including potential retaliatory cyber operations.

Speaking to POLITICO at the British Library — still recovering from a 2023 ransomware attack by Rysida — Security Minister Dan Jarvis said the UK is prepared to use offensive cyber capabilities to respond to threats.

‘If you are a cybercriminal and think you can attack a UK-based institution without repercussions, think again,’ Jarvis stated. He emphasised the importance of sending a clear signal that hostile activity will not go unanswered.

The warning follows a recent government decision to ban ransom payments by public sector bodies. Jarvis said deterrence must be matched by vigorous enforcement.

The UK has acknowledged its offensive cyber capabilities for over a decade, but recent strategic shifts have expanded its role. A £1 billion investment in a new Cyber and Electromagnetic Command will support coordinated action alongside the National Cyber Force.

While Jarvis declined to specify technical capabilities, he cited the National Crime Agency’s role in disrupting the LockBit ransomware group as an example of the UK’s growing offensive posture.

AI is accelerating both cyber threats and defensive measures. Jarvis said the UK must harness AI for national advantage, describing an ‘arms race’ amid rapid technological advancement.

Most cyber threats originate from Russia or its affiliated groups, though Iran, China, and North Korea remain active. The UK is also increasingly concerned about ‘hack-for-hire’ actors operating from friendly nations, including India.

Despite these concerns, Jarvis stressed the UK’s strong security ties with India and ongoing cooperation to curb cyber fraud. ‘We will continue to invest in that relationship for the long term,’ he said.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Amazon closes AI research lab in Shanghai as global focus shifts

Amazon is shutting down its AI research lab in Shanghai, marking another step in its gradual withdrawal from China. The move comes amid continuing US–China trade tensions and a broader trend of American tech companies reassessing their presence in the country.

The company said the decision was part of a global streamlining effort rather than a response to AI concerns.

A spokesperson for AWS said the company had reviewed its organisational priorities and decided to cut some roles across certain teams. The exact number of job losses has not been confirmed.

Before Amazon’s confirmation, one of the lab’s senior researchers noted on WeChat that the Shanghai site was the final overseas AWS AI research lab and attributed its closure to shifts in US–China strategy.

The team had built a successful open-source graph neural network framework known as DGL, which reportedly brought in nearly $1 billion in revenue for Amazon’s e-commerce arm.

Amazon has been reducing its footprint in China for several years. It closed its domestic online marketplace in 2019, halted Kindle sales in 2022, and recently laid off AWS staff in the US.

Other tech giants including IBM and Microsoft have also shut down China-based research units this year, while some Chinese AI firms are now relocating operations abroad instead of remaining in a volatile domestic environment.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hong Kong Post cyberattack exposes EC‑Ship user data

A cyberattack on the Hong Kong Post has been confirmed. Targeting its EC‑Ship online shipping portal, the attack compromised personal address‑book information for approximately 60,000 to 70,000 users.

The data breach included names, physical addresses, phone and fax numbers, and email addresses of both senders and recipients.

The incident, detected late Sunday into Monday, involved an attacker using a legitimate EC‑Ship account to exploit a code vulnerability. Though the system’s security protocols identified unusual activity and suspended the account, the hacker persisted until the flaw was fully patched.

Affected customers received email alerts and were advised to monitor their information closely and alert contacts of potential phishing attempts.

Hong Kong Post is now collaborating with the Hong Kong Police Force, the Digital Policy Office, and the Office of the Privacy Commissioner. It implements a layered cybersecurity solution managed by the government’s Digital Policy Office.

The Postmaster General emphasised that remediation steps have been taken to close the loophole and pledged ongoing infrastructure improvements. An official investigation is underway to reinforce resilience and safeguard user data.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Android malware infects millions of devices globally

Millions of Android-based devices have been infected by a new strain of malware called BadBox 2.0, prompting urgent warnings from Google and the FBI. The malicious software can trigger ransomware attacks and collect sensitive user data.

The infected devices are primarily cheap, off-brand products manufactured in China, many of which come preloaded with the malware. Models such as the X88 Pro 10, T95, and QPLOVE Q9 are among those identified as compromised.

Google has launched legal action to shut down the illegal operation, calling BadBox 2.0 the largest botnet linked to internet-connected TVs. The FBI has advised the public to disconnect any suspicious devices and check for unusual network activity.

The malware generates illicit revenue through adware and poses broader cybersecurity threats, including denial-of-service attacks. Consumers are urged to avoid unofficial products and verify devices are Play Protect-certified before use.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Iran’s digital economy suffers heavy losses from internet shutdowns

Iran’s Minister of Communications has revealed the country’s digital economy shrank by 30% in just one month, losing around $170 million due to internet restrictions imposed during its recent 12-day conflict with Israel.

Sattar Hashemi told parliament on 22 July that roughly 10 million Iranians rely on digital jobs, but widespread shutdowns caused severe disruptions across platforms and services.

Hashemi estimated that every two days of restrictions inflicted 10 trillion rials in losses, totalling 150 trillion rials — an amount he said rivals the annual budgets of entire ministries.

While acknowledging the damage, he clarified that his ministry was not responsible for the shutdowns, attributing them instead to decisions made by intelligence and security agencies for national security reasons.

Alongside the blackouts, Iran endured over 20,000 cyberattacks during the conflict. Many of these targeted banks and payment systems, with platforms for Bank Sepah and Bank Pasargad knocked offline, halting salaries for military personnel.

Hacktivist groups such as Predatory Sparrow and Tapandegan claimed credit for the attacks, with some incidents reportedly wiping out crypto assets and further weakening the rial by 12%.

Lawmakers are now questioning the unequal structure of internet access. Critics have accused the government of enabling a ‘class-based internet’ in which insiders retain full access while the public faces heavy censorship.

MP Salman Es’haghi warned that Iran’s digital future cannot rely on filtered networks, demanding transparency about who benefits from unrestricted use.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!