Cybercrime

Major internet outage disrupts Google Cloud and popular platforms

A sweeping internet outage on Wednesday, 12 June 2025, caused significant disruptions to services relying on Google Cloud and Cloudflare. Popular platforms such as Spotify, Discord, Twitch, and Fubo experienced widespread downtime, with many users reporting service interruptions through Downdetector.

Despite rampant speculation online about a large-scale cyberattack, neither Google nor Cloudflare has confirmed any such link. Google Cloud reported an incident affecting users globally, stating engineers had identified the root cause and were actively working on mitigation.

While some services have begun to recover, there is no definitive timeline for full restoration. Google attributed the issue to internal authentication problems, though details remain limited.

Adding to the confusion, social media posts speculated that multiple cloud providers, including AWS and Azure, were affected. However, this was quickly challenged, and Cloudflare clarified that only a small portion of its services, which rely on Google Cloud, experienced issues—its core systems remained fully operational.

While investigations are ongoing and recovery efforts are in progress, the full extent and exact cause of the outage remain unclear. For now, users are advised to monitor official updates from service providers as the situation develops.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NSA and allies set AI data security standards

The National Security Agency (NSA), in partnership with cybersecurity agencies from the UK, Australia, New Zealand, and others, has released new guidance aimed at protecting the integrity of data used in AI systems.

The Cybersecurity Information Sheet (CSI), titled AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems, outlines emerging threats and sets out 10 recommendations for mitigating them.

The CSI builds on earlier joint guidance from 2024 and signals growing global urgency around safeguarding AI data instead of allowing systems to operate without scrutiny.

The report identifies three core risks across the AI lifecycle: tampered datasets in the supply chain, deliberately poisoned data intended to manipulate models, and data drift—where changes in data over time reduce performance or create new vulnerabilities.

These threats may erode accuracy and trust in AI systems, particularly in sensitive areas like defence, cybersecurity, and critical infrastructure, where even small failures could have far-reaching consequences.

To reduce these risks, the CSI recommends a layered approach—starting with sourcing data from reliable origins and tracking provenance using digital credentials. It advises encrypting data at every stage, verifying integrity with cryptographic tools, and storing data securely in certified systems.

Additional measures include deploying zero trust architecture, using digital signatures for dataset updates, and applying access controls based on data classification instead of relying on broad administrative trust.

The CSI also urges ongoing risk assessments using frameworks like NIST’s AI RMF, encouraging organisations to anticipate emerging challenges such as quantum threats and advanced data manipulation.

Privacy-preserving techniques, secure deletion protocols, and infrastructure controls round out the recommendations.

Rather than treating AI as a standalone tool, the guidance calls for embedding strong data governance and security throughout its lifecycle to prevent compromised systems from shaping critical outcomes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fake DeepSeek ads deliver ‘BrowserVenom’ malware to curious AI users

Cybercriminals are exploiting the surge in interest around local AI tools by spreading a new malware strain via Google ads.

According to antivirus firm Kaspersky, attackers use fake ads for DeepSeek’s R1 AI model to deliver ‘BrowserVenom,’ malware designed to intercept and manipulate a user’s internet traffic instead of merely infecting the device.

The attackers purchased ads appearing in Google search results for ‘deep seek r1.’ Users who clicked were redirected to a fake website—deepseek-platform[.]com—which mimicked the official DeepSeek site and offered a file named AI_Launcher_1.21.exe.

Kaspersky’s analysis of the site’s source code uncovered developer notes in Russian, suggesting the campaign is operated by Russian-speaking actors.

Once launched, the fake installer displayed a decoy installation screen for the R1 model, but silently deployed malware that altered browser configurations.

BrowserVenom rerouted web traffic through a proxy server controlled by the hackers, allowing them to decrypt browsing sessions and capture sensitive data, while evading most antivirus tools.

Kaspersky reports confirmed infections across multiple countries, including Brazil, Cuba, India, and South Africa.

The malicious domain has since been taken down. However, the incident highlights the dangers of downloading AI tools from unofficial sources. Open-source models like DeepSeek R1 require technical setup, typically involving multiple configuration steps, instead of a simple Windows installer.

As interest in running local AI grows, users should verify official domains and avoid shortcuts that could lead to malware.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Crypto conferences face rising phishing risks

Crypto events have grown rapidly worldwide in recent years. Unfortunately, this expansion has led to an increase in scams targeting attendees, according to Kraken’s chief security officer, Nick Percoco.

Recent conferences have seen lax personal security, with exposed devices and careless sharing of sensitive information. These lapses make it easier for criminals to launch phishing campaigns and impersonation attacks.

Phishing remains the top threat at these events, exploiting typical conference activities such as QR code scanning and networking. Attackers distribute malicious links disguised as legitimate follow-ups, allowing them to gain access to wallets and sensitive data with minimal technical skill.

Use of public Wi-Fi, unverified QR codes, and openly discussing high-value trades in public areas further increase risks. Attendees are urged to use burner wallets and verify every QR code carefully.

The dangers have become very real, highlighted by violent crimes in France, where prominent crypto professionals were targeted in kidnappings and ransom demands. These incidents show that risks are no longer confined to the digital world.

Basic security mistakes such as leaving devices unlocked or oversharing personal information can have severe consequences. Experts call for a stronger security culture at events and beyond, including multi-factor authentication, cautious password management, and heightened situational awareness.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Hackers target recruiters with fake CVs and malware

A financially driven hacking group known as FIN6 has reversed the usual job scam model by targeting recruiters instead of job seekers. Using realistic LinkedIn and Indeed profiles, the attackers pose as candidates and send malware-laced CVs hosted on reputable cloud platforms.

to type in resume URLs, bypassing email security tools manually. These URLs lead to fake portfolio sites hosted on Amazon Web Services that selectively deliver malware to users who pass as humans.

Victims receive a zip file containing a disguised shortcut that installs the more_eggs malware, which is capable of credential theft and remote access.

However, this JavaScript-based tool, linked to another group known as Venom Spider, uses legitimate Windows utilities to evade detection.

The campaign includes stealthy techniques such as traffic filtering, living-off-the-land binaries, and persistent registry modifications. Domains used include those mimicking real names, allowing attackers to gain trust while launching a powerful phishing operation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI tools are not enough without basic cybersecurity

At London Tech Week, Darktrace and UK officials warned that many firms are over-relying on AI tools while failing to implement basic cybersecurity practices.

Despite the hype around AI, essential measures like user access control and system segmentation remain missing in many organisations.

Cybercriminals are already exploiting AI to automate phishing and accelerate intrusions in the UK, while outdated infrastructure and short-term thinking leave companies vulnerable.

Boards often struggle to assess AI tools properly, buying into trends rather than addressing real threats.

Experts stressed that AI is not a silver bullet and must be used alongside human expertise and solid security foundations.

Domain-specific AI models, built with transparency and interpretability, are needed to avoid the dangers of overconfidence and misapplication in high-risk areas.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

French police detain suspects in crypto ransom case

French police have arrested several suspects in connection with a series of violent kidnappings aimed at cryptocurrency executives and their families. The latest arrests, made on Tuesday, are part of a broader crackdown on what authorities describe as a highly organised extortion ring.

The group is believed to be behind the 1 May abduction of a crypto entrepreneur’s father, who was kidnapped in broad daylight in Paris by men disguised as delivery workers. The kidnappers reportedly cut off a finger to demand cryptocurrency before police rescued the victim days later.

Investigators suspect Badiss Mohamed Amide Bajjou, a 24-year-old dual French-Moroccan national, of orchestrating the attacks. Moroccan police arrested him in Tangier last week, seizing weapons, electronics, and illicit funds.

He is also linked to the January kidnapping of Ledger co-founder David Balland, with French authorities now seeking his extradition.

By the end of May, prosecutors had charged 25 people, mostly under 24, who were recruited online and promised financial rewards. Many were used as operatives in kidnapping attempts, including a failed effort to abduct the family of Paymium CEO Pierre Noizat.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

INTERPOL cracks down on global cybercrime networks

Over 20,000 malicious IP addresses and domains linked to data-stealing malware have been taken down during Operation Secure, a coordinated cybercrime crackdown led by INTERPOL between January and April 2025.

Law enforcement agencies from 26 countries worked together to locate rogue servers and dismantle criminal networks instead of tackling threats in isolation.

The operation, supported by cybersecurity firms including Group-IB, Kaspersky and Trend Micro, led to the removal of nearly 80 per cent of the identified malicious infrastructure. Authorities seized 41 servers, confiscated over 100GB of stolen data and arrested 32 suspects.

More than 216,000 individuals and organisations were alerted, helping them act quickly by changing passwords, freezing accounts or blocking unauthorised access.

Vietnamese police arrested 18 people, including a group leader found with cash, SIM cards and business records linked to fraudulent schemes. Sri Lankan and Nauruan authorities carried out home raids, arresting 14 suspects and identifying 40 victims.

In Hong Kong, police traced 117 command-and-control servers across 89 internet providers. INTERPOL hailed the effort as proof of the impact of cross-border cooperation in dismantling cybercriminal infrastructure instead of allowing it to flourish undisturbed.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo highlights cybersecurity at AfriSIG

The African School of Internet Governance (AfriSIG) convened in Dar Es Salaam, Tanzania, from 23 to 28 May 2025, bringing together a broad mix of African and international stakeholders for intensive internet, ICT, and data governance training. As a precursor to the African Internet Governance Forum (AfIGF), the school aimed to strengthen civil society, public, and private sector expertise in navigating Africa’s rapidly evolving digital landscape.

Representing Diplo, Dr Katherine Getao delivered a keynote on ‘Cybersecurity and Cybercrime in Africa,’ emphasising the continent’s urgent need to build strong digital defences amid rising cyber threats. While the challenges are pressing, she pointed out that they also open avenues for youth employment and entrepreneurship, especially in the cybersecurity sector.

Dr Getao also stressed the significance of African participation in global policy dialogues, such as the Geneva Dialogue, to ensure the continent’s digital priorities are heard and reflected in international frameworks. Drawing from her experience with the UN Group of Governmental Experts, she advocated for Africa to be more active in shaping responsible state behaviour in cyberspace.

The event’s panel discussions and workshops further explored how African voices can better leverage platforms like the Internet Governance Forum to influence global tech governance. For Diplo and initiatives like the Geneva Dialogue, AfriSIG was a key venue for aligning African digital development with international policy momentum.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Germany sees spike in suspicious crypto activity

Germany’s Financial Intelligence Unit (FIU) has recorded a record number of cryptocurrency-related suspicious activity reports (SARs) in 2024 despite an overall decline in total filings. The FIU reported 8,711 crypto-linked SARs, an 8.2% rise from the previous year.

Most flagged transactions involved Bitcoin, followed by Ethereum, Tether, and Litecoin. These were often tied to trading platforms, mixing services, or online gambling—tools frequently used to hide the origin of illicit funds. The agency said digital assets continue to play a growing role in money laundering operations.

Germany’s trend reflects broader international concerns. In the UK, the National Crime Agency said cryptocurrency exchanges were linked to 6.6% of all SARs during the 2023–24 period, as overall filings rose to around 872,000.

Authorities also observed a rise in counter-terrorism financing reports and account freezes. In the US, FinCEN received over 8,600 crypto-related SARs in fiscal year 2023.

Meanwhile, blockchain analytics firm Chainalysis reported laundered crypto volumes dropped from $31.5 billion in 2022 to $22.2 billion in 2023, though total criminal crypto usage remained stable at about $50 billion annually.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot