Cybercrime

Cybersecurity researchers identify ransomware using open-source tools

A ransomware group calling itself Yurei first emerged on 5 September, targeting a food manufacturing company in Sri Lanka. Within days, the group had added victims in India and Nigeria, bringing the total confirmed incidents to three.

The Check Point researchers identified that Yurei’s code is largely derived from Prince-Ransomware, an open-source project, and this reuse includes retaining function and module names because the developers did not strip symbols from the compiled binary, making the link to Prince-Ransomware clear.

Yurei operates using a double-extortion model, combining file encryption with theft of sensitive data. Victims are pressured to pay not only for a decryption key but also to prevent stolen data from being leaked.

Yurei’s extortion workflow involves posting victims on a darknet blog, sharing proof of compromise such as internal document screenshots, and offering a chat interface for negotiation. If a ransom is paid, the group promises a decryption tool and a report detailing the vulnerabilities exploited during the attack, akin to a pen-test report.

Preliminary findings (with ‘low confidence’) suggest that Yurei may be based in Morocco, though attribution remains uncertain.

The emergence of Yurei illustrates how open-source ransomware projects lower the barrier to entry, enabling relatively unsophisticated actors to launch effective campaigns. The focus on data theft rather than purely encryption may represent an escalating trend in modern cyberextortion.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Prolonged JLR shutdown threatens UK export targets

Jaguar Land Rover (JLR) has confirmed that its production halt will continue until at least Wednesday, 24 September, as it works to recover from a major cyberattack that disrupted its IT systems and paralysed production at the end of August.

JLR stated that the extension was necessary because forensic investigations were ongoing and the controlled restart of operations was taking longer than anticipated. The company stressed that it was prioritising a safe and stable restart and pledged to keep staff, suppliers, and partners regularly updated.

Reports suggest recovery could take weeks, impacting production and sales channels for an extended period. Approximately 33,000 employees remain at home as factory and sales processes are not fully operational, resulting in estimated losses of £1 billion in revenue and £70 million in profits.

The shutdown also poses risks to the wider UK economy, as JLR represents roughly four percent of British exports. The incident has renewed calls for the Cyber Security and Resilience Bill, which aims to strengthen defenses against digital threats to critical industries.

No official attribution has been made, but a group calling itself Scattered Lapsus$ Hunters has claimed responsibility. The group claims to have deployed ransomware and published screenshots of JLR’s internal SAP system, linking itself to extortion groups, including Scattered Spider, Lapsus$, and ShinyHunters.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cyberattack compromises personal data used for DBS checks at UK college

Bracknell and Wokingham College has confirmed a cyberattack that compromised data collected for Disclosure and Barring Service (DBS) checks. The breach affects data used by Activate Learning and other institutions, including names, dates of birth, National Insurance numbers, and passport details.

Access Personal Checking Services (APCS) was alerted by supplier Intradev on August 17 that its systems had been accessed without authorisation. While payment card details and criminal conviction records were not compromised, data submitted between December 2024 and May 8, 2025, was copied.

APCS stated that its own networks and those of Activate Learning were not breached. The organisation is contacting only those data controllers where confirmed breaches have occurred and has advised that its services can continue to be used safely.

Activate Learning reported the incident to the Information Commissioner’s Office following a risk assessment. APCS is still investigating the full scope of the breach and has pledged to keep affected institutions and individuals informed as more information becomes available.

Individuals have been advised to closely monitor their financial statements, exercise caution when opening phishing emails, and regularly update security measures, including passwords and two-factor authentication. Activate Learning emphasised the importance of staying vigilant to minimise risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Miljodata hack exposes data of nearly 15% of Swedish population

Swedish prosecutors have confirmed that a cyberattack on IT systems provider Miljodata exposed the personal data of 1.5 million people, nearly 15% of Sweden’s population. The attack occurred during the weekend of August 23–24.

Authorities said the stolen data has been leaked online and includes names, addresses, and contact details. Prosecutor Sandra Helgadottir said the group Datacarry has claimed responsibility, though no foreign state involvement is suspected.

Media in Sweden reported that the hackers demanded 1.5 bitcoin (around $170,000) to prevent the release of the data. Miljodata confirmed the information has now been published on the darknet.

The Swedish Authority for Privacy Protection has received over 250 breach notifications, with 164 municipalities and four regional authorities impacted. Employees in Gothenburg were among those affected, according to SVT.

Private companies, including Volvo, SAS, and GKN Aerospace, also reported compromised data. Investigators are working to identify the perpetrators as the breach’s scale continues to raise concerns nationwide.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Australia outlines guidelines for social media age ban

Australia has released its regulatory guidance for the incoming social media age restriction law, which takes effect on December 10. Users under 16 will be barred from holding accounts on most major platforms, including Instagram, TikTok, and Facebook.

The new guidance details what are considered ‘reasonable steps’ for compliance. Platforms must detect and remove underage accounts, communicating clearly with affected users. It remains uncertain whether removed accounts will have their content deleted or if they can be reactivated once the user turns 16.

Platforms are also expected to block attempts to re-register, including the use of VPNs or other workarounds. Companies are encouraged to implement a multi-step age verification process and provide users with a range of options, rather than relying solely on government-issued identification.

Blanket age verification won’t be required, nor will platforms need to store personal data from verification processes. Instead, companies must demonstrate effectiveness through system-level records. Existing data, such as an account’s creation date, may be used to estimate age.

Under-16s will still be able to view content without logging in, for example, watching YouTube videos in a browser. However, shared access to adult accounts on family devices could present enforcement challenges.

Communications Minister Anika Wells stated that there is ‘no excuse for non-compliance.’ Each platform must now develop its own strategy to meet the law’s requirements ahead of the fast-approaching deadline.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

China proposes independent oversight committees to strengthen data protection

The Cyberspace Administration of China (CAC) has proposed new rules requiring major online platforms to establish independent oversight committees focused on personal data protection. The draft regulation, released Friday, 13 September 2025, is open for public comment until 12 October 2025.

Under the proposal, platforms with large user bases and complex operations must form committees of at least seven members, two-thirds of whom must be external experts without ties to the company. These experts must have at least three years of experience in data security and be well-versed in relevant laws and standards.

The committees will oversee sensitive data handling, cross-border transfers, security incidents, and regulatory compliance. They are also tasked with maintaining open communication channels with users about data concerns.

If a platform fails to act and offers unsatisfactory reasons, the issue can be escalated to provincial regulators in China.

The CAC says the move aims to enhance transparency and accountability by involving independent experts in monitoring and flagging high-risk data practices.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Millions of customer records stolen in Kering luxury brand data breach

Kering has confirmed a data breach affecting several of its luxury brands, including Gucci, Balenciaga, Brioni, and Alexander McQueen, after unauthorised access to its Salesforce systems compromised millions of customer records.

Hacking group ShinyHunters has claimed responsibility, alleging it exfiltrated 43.5 million records from Gucci and nearly 13 million from the other brands. The stolen data includes names, email addresses, dates of birth, sales histories, and home addresses.

Kering stated that the incident occurred in June 2025 and did not compromise bank or credit card details or national identifiers. The company has reported the breach to the relevant regulators and is notifying the affected customers.

Evidence shared by ShinyHunters suggests Balenciaga made an initial ransom payment of €500,000 before negotiations broke down. The group released sample data and chat logs to support its claims.

ShinyHunters has exploited Salesforce weaknesses in previous attacks targeting luxury, travel, and financial firms. Questions remain about the total number of affected customers and the potential exposure of other Kering brands.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

European regulators push for stronger oversight in crypto sector

European regulators from Italy, France, and Austria have called for changes to the EU’s Markets in Crypto-Assets Regulation (MiCA). Their proposals aim to fix supervisory gaps, improve cybersecurity, and simplify token white paper approvals.

The regulation, which came into force in December 2024, requires prior authorisation for firms offering crypto-related services in Europe. However, early enforcement has shown significant gaps in how national authorities apply the rules.

Regulators argue these differences undermine investor protection and threaten the stability of the European internal market.

Concerns have also been raised about non-EU platforms serving European clients through intermediaries outside MiCA’s scope. To counter this, authorities recommend restricting such activity and ensuring intermediaries only use platforms compliant with MiCA or equivalent standards.

Additional measures include independent cybersecurity audits, mandatory both before and after authorisation, to bolster resilience against cyber-attacks.

The proposals suggest giving ESMA direct oversight of major crypto providers and centralising white paper filings. Regulators say the changes would boost legal clarity, cut investor risks, and level the field for European firms against global rivals.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Generative AI enables rapid phishing attacks on older users

A recent study has shown that AI chatbots can generate compelling phishing emails for older people. Researchers tested six major chatbots, including Grok, ChatGPT, Claude, Meta AI, DeepSeek, and Google’s Gemini, by asking them to draft scam emails posing as charitable organisations.

Of 108 senior volunteers, roughly 11% clicked on the AI-written links, highlighting the ease with which cybercriminals could exploit such tools.

Some chatbots initially declined harmful requests, but minor adjustments, such as stating the task was for research purposes, or circumvented these safeguards.

Grok, in particular, produced messages urging recipients to ‘click now’ and join a fictitious charity, demonstrating how generative AI can amplify the persuasiveness of scams. Researchers warn that criminals could use AI to conduct large-scale phishing campaigns at minimal cost.

Phishing remains the most common cybercrime in the US, according to the FBI, with seniors disproportionately affected. Last year, Americans over 60 lost nearly $5 billion to phishing attacks, an increase driven partly by generative AI.

The study underscores the urgent need for awareness and protection measures among vulnerable populations.

Experts note that AI’s ability to generate varied scam messages rapidly poses a new challenge for cybersecurity, as it allows fraudsters to scale operations quickly while targeting specific demographics, including older people.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Telecom industry outlines vision for secure 6G

Telecom experts say 6G must be secure by design as planning for the next generation of mobile networks accelerates.

Industry leaders warn that 6G will vastly expand the attack surface, with autonomous vehicles, drones, industrial robots and AR systems all reliant on ultra-low latency connections. AI will be embedded at every layer, creating opportunities for optimisation but also new risks such as model poisoning.

Quantum threats are also on the horizon, with adversaries potentially able to decrypt sensitive data. Quantum-resistant cryptography is expected to be a cornerstone of 6G defences.

With standards due by 2029, experts stress cooperation among regulators, equipment vendors and operators. Security, they argue, must be as fundamental to 6G as speed and sustainability.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot