Cybercrime

FCC names Royal Tiger as first official AI robocall scammer gang

The US Federal Communications Commission (FCC) has identified Royal Tiger as the first official AI robocall scammer gang, marking a milestone in efforts to combat sophisticated cyber fraud. Royal Tiger has used advanced techniques like AI voice cloning to impersonate government agencies and financial institutions, deceiving millions of Americans through robocall scams.

These scams involve automated systems that mimic legitimate entities to trick individuals into divulging sensitive information or making fraudulent payments. Despite the FCC’s actions, experts warn that AI-driven scams will likely increase, posing significant challenges in protecting consumers from evolving tactics such as caller ID spoofing and persuasive social engineering.

While the FCC’s move aims to raise awareness and disrupt criminal operations, individuals are urged to remain vigilant. Tips include scepticism towards unsolicited calls, utilisation of call-blocking services, and verification of caller identities by contacting official numbers directly. Avoiding sharing personal information over the phone without confirmation of legitimacy is crucial to mitigating the risks posed by these scams.

Why does it matter?

As technology continues to evolve, coordinated efforts between regulators, companies, and the public are essential in staying ahead of AI-enabled fraud and ensuring robust consumer protection measures are in place. Vigilance and proactive reporting of suspicious activities remain key in safeguarding against the growing threat of AI-driven scams.

International Criminal Court investigates cyberattacks on Ukraine as possible war crimes

The International Criminal Court (ICC) is examining alleged Russian cyberattacks on Ukrainian civilian infrastructure as potential war crimes, marking the first instance of such an investigation by international prosecutors. According to sources, this could lead to arrest warrants if sufficient evidence is collected. The investigation focuses on cyberattacks that have endangered lives by disrupting power and water supplies, hindering emergency response communications, and disabling mobile data services used for air raid warnings.

Ukraine is actively gathering evidence to support the ICC investigation. Although the ICC prosecutor’s office has declined to comment on specific details, it has previously stated its jurisdiction over cybercrimes and its policy of not discussing ongoing cases. It should also be noted that since the invasion began, the ICC has issued four arrest warrants against senior Russian officials, including President Vladimir Putin, for war crimes related to the deportation of Ukrainian children to Russia. Russia, which is not a member of the ICC, has rejected these warrants as illegitimate. Despite not being a member state, Ukraine has granted the ICC jurisdiction over crimes committed within its borders.

In April, the ICC issued arrest warrants for two Russian commanders accused of crimes against humanity for their roles in attacks on civilian infrastructure. The Russian defense ministry did not respond to requests for comment. Sources indicated that at least four major attacks on energy infrastructure are being investigated.

Why does it matter?

The ICC case could set a significant precedent in international law. The Geneva Conventions prohibit attacks on civilian objects, but there is no universally accepted definition of cyber war crimes. The Tallinn Manual, a 2017 handbook on the application of international law to cyberwarfare, addresses this issue, but experts remain divided on whether data can be considered an ‘object’ under international humanitarian law and whether its destruction can be classified as a war crime. Professor Michael Schmitt of the University of Reading, who leads the Tallinn Manual initiative, emphasised the importance of the ICC’s potential ruling on this issue. He argued that the cyberattack on Kyivstar could be considered a war crime due to its foreseeable consequences for human safety.

Qilin group claims responsibility for the cyberattack on London hospitals

The Qilin ransomware group has claimed responsibility for a cyberattack on Synnovis labs, a key partner of the National Health Service (NHS) in England. The attack, which began on Monday, has severely disrupted services at five major hospitals in London, including King’s College Hospital and Guy’s and St Thomas’ NHS Foundation Trust. The NHS declared the situation a ‘critical incident,’ noting that the full extent and impact of the attack on patient data remain unclear.

Synnovis, a prominent pathology service provider, runs over 100 specialised labs offering diagnostics for various conditions. Due to the ransomware attack, several critical services, such as blood testing and certain operations, have been postponed, prioritising only the most urgent cases. NHS England has deployed a cyber incident response team to assist Synnovis and minimise patient care disruption, though longer wait times for emergency services are expected.

The Qilin group, operating a ransomware-as-a-service model, typically targets victims via phishing emails. The attack on Synnovis has raised significant concerns about the security of healthcare systems and the reliance on third-party providers. Kevin Kirkwood from LogRhythm emphasised that the attack causes operational disruptions and undermines public trust in healthcare institutions. He called for robust security measures, including continuous monitoring and comprehensive incident response plans, to protect healthcare infrastructure better and ensure patient safety.

TikTok battles cyberattacks amid national security concerns

TikTok has recently thwarted a cyberattack targeting several high-profile accounts, including CNN and Paris Hilton, though Hilton’s account remained uncompromised. The company is working closely with affected users to restore access and enhance security measures to prevent future breaches.

The number of compromised accounts is minimal, according to TikTok, which is actively assisting those affected. The incident occurred as TikTok’s parent company, ByteDance, faced a legal battle against a US law that demands the app be sold or face a national ban by January.

The US government has raised national security concerns over Chinese ownership of TikTok. Still, the company maintains that it has taken significant steps to safeguard user data and privacy, asserting that it will not share American user information with the Chinese government.

Chinese national behind 911 S5 botnet arrested in Singapore

The US Department of Justice (DOJ) announced the arrest of a Chinese national, Wang Yunhe, in an international operation targeting cybercrime. Wang, aged 35, was apprehended in Singapore on 24 May for allegedly creating and using malware responsible for cyberattacks, large-scale fraud, and child exploitation. This arrest comes on the heels of a similar high-profile sweep last August, involving 10 Chinese citizens charged with laundering over $2 billion through Singapore.

According to the US Treasury Department, the botnet, known as ‘911 S5,’ was used by criminals to compromise personal devices to further conduct identity theft, financial fraud, and child exploitation.

The Treasury’s Office of Foreign Assets Control has now imposed sanctions on three Chinese nationals behind the platform—Yunhe Wang, Jingping Liu, and Yanni Zheng—and on three entities owned or controlled by Yunhe Wang. FBI Director Christopher Wray described the ‘911 S5’ botnet as likely the world’s largest, comprising malware-infected computers in nearly 200 countries.

According to the DOJ, Wang and unnamed accomplices developed and distributed malware that compromised millions of residential Windows computers worldwide. From 2018 to July 2022, Wang accrued $99 million from selling access to hijacked IP addresses, facilitating cybercriminals in bypassing financial fraud detection systems. These criminals committed fraud, resulting in losses exceeding $5.9 billion, including 560,000 fraudulent unemployment insurance claims.

Wang used the illicitly obtained proceeds to acquire assets globally, spanning properties in the USA, Saint Kitts and Nevis, China, Singapore, Thailand, and the UAE. His possessions included luxury sports cars, numerous bank accounts, cryptocurrency wallets, luxury watches, and 21 properties across multiple countries. Matthew S. Axelrod from the US Department of Commerce’s Bureau of Industry and Security described the case as resembling a screenplay, highlighting the extensive criminal enterprise and lavish expenditures financed by nearly $100 million in profits.

The operation is a collaborative effort led by law enforcement agencies from the US, Singapore, Thailand, and Germany. It underscores the international cooperation required to combat cybercrime effectively.

The FBI has published information at fbi.gov/911S5 to help identify and remove 911 S5’s VPN applications from infected devices.

Israeli private investigator questioned by FBI over hack allegations

An Israeli private investigator, Amit Forlit, who is wanted by the US over hack-for-hire allegations, had reportedly been questioned by FBI agents regarding his work for the Washington public affairs firm DCI Group, according to sources familiar with the matter. This revelation sheds light on a broader US probe into cyber-mercenary activities, suggesting a deeper investigation than previously acknowledged.

Forlit was arrested at London’s Heathrow Airport on 30 April on cybercrime and wire fraud charges related to a ‘hack for hire scheme’ allegedly conducted on behalf of various clients. Following a procedural error by British authorities, he was released two days later but was rearrested on the same charges on Thursday. Forlit has since been released on bail, with conditions including surrendering his passport and remaining in the country.

Despite Forlit’s denial of commissioning or paying for hacking, his connection to convicted Israeli private investigator Aviram Azari, who was sentenced last year, raises questions. Forlit allegedly expressed concern about potential arrest by American law enforcement following Azari’s case. Additionally, Forlit is facing a separate lawsuit in New York federal court over allegations of email theft in 2016, although he denies any involvement. Court records suggest Forlit had business ties with DCI Group, further implicating him in the ongoing investigations.

FCC proposes $6 million fine for scammer impersonating US President Biden in robocalls

The FCC has proposed a $6 million fine against a scammer who used voice-cloning technology to impersonate US President Biden in a series of illegal robocalls during the New Hampshire primary election. This incident serves as a stern warning to other potential high-tech scammers about the misuse of generative AI in such schemes. In January, many New Hampshire voters received fraudulent calls mimicking President Biden, urging them not to vote in the primary. The voice-cloning technology, which has become widely accessible, enabled this deception with just a few minutes of Biden’s publicly available speeches.

The FCC and other law enforcement agencies have made it clear that using fake voices to suppress votes or for other malicious activities is strictly prohibited. Loyaan Egal, the chief of the FCC’s Enforcement Bureau, emphasised their commitment to preventing the misuse of telecommunications networks for such purposes. The primary perpetrator, political consultant Steve Kramer, collaborated with the disreputable Life Corporation and telecom company Lingo, among others, to execute the robocall scheme.

While Kramer faces violations of several rules, there are currently no criminal charges against him or his associates. The FCC’s power is limited to civil penalties, requiring cooperation with local or federal law enforcement for further action. Although the $6 million fine represents a significant penalty, the actual amount paid may be lower due to various factors. Kramer has the opportunity to respond to the allegations, and additional actions are being taken against Lingo, which could lead to further fines or the loss of licenses.

Following this case, the FCC officially declared in February that AI-generated voices are illegal to use in robocalls. This decision underscores the agency’s stance on generative AI and its potential for abuse, aiming to prevent future incidents of voter suppression and other fraudulent activities.

North Korea’s alleged $147.5 million crypto laundering revealed by UN

According to confidential findings by UN sanctions monitors, North Korea utilised the virtual currency platform Tornado Cash to launder $147.5 million in March, following its theft from a cryptocurrency exchange last year. The monitors revealed to a UN Security Council sanctions committee that they had been investigating 97 suspected cyberattacks by North Korea on cryptocurrency companies between 2017 and 2024, totalling approximately $3.6 billion.

As can be seen in these confidential findings, one notable incident involved the theft of $147.5 million from the HTX cryptocurrency exchange late last year, which was then laundered in March. The monitors cited information from crypto analytics firm PeckShield and blockchain research firm Elliptic. In 2024 alone, they investigated 11 cryptocurrency thefts valued at $54.7 million, suggesting possible involvement by North Korean IT workers hired by small crypto-related companies.

North Korea, officially known as the Democratic People’s Republic of Korea (DPRK), has faced UN sanctions since 2006, aimed at curbing funding for its ballistic missile and nuclear programs. The US has previously sanctioned Tornado Cash over alleged support for North Korea, with two co-founders charged with facilitating money laundering. Virtual currency ‘mixer’ platforms like Tornado Cash blend cryptocurrencies to obscure their source and ownership.

Additionally, the monitors highlighted ongoing concerns about illicit arms trade between North Korea and Russia, with suspected shipments between North Korea’s Rajin port and Russian ports. There were also reports of North Korean cargo ships offloading coal in Chinese waters, potentially evading sanctions. Both China and Russia declined to comment on the monitors’ findings.

Hack exposes Indian police facial recognition data amid growing surveillance concerns

In India, a breach of the Tamil Nadu Police Facial Recognition Portal by the hacker group ‘Valerie’ exposed data on over 50,000 people, including police officers and First Information Reports (FIRs). The stolen information is now being sold on the dark web and could be exploited for scams, as reported by The New Indian Express.

Deployed in 2021, the Tamil Nadu police’s facial recognition system uses software from the Centre for Development of Advanced Computing (CDAC) Kolkata. It was intended for officers to verify suspects on patrol but has been criticised for its broad criteria in identifying potential suspects.

Despite the risks, India continues to expand its use of facial recognition since Meghalaya is deploying 300 cameras in Shillong, Jammu, and Kashmir using AI facial recognition on highways. Telangana police are upgrading to a more comprehensive biometric system under the new Criminal Procedure (Identification) Act, 2022.

Why does it matter?

As India advances its digital transformation with major projects like Aadhaar and Digi Yatra, biometric monitoring has become common, and much of the technology powering these initiatives comes from Japan. According to a report from The Wire, Japanese tech firms, particularly NEC, supply many of India’s police forces with biometric tools. Although NEC has a human rights policy, domestic misuse remains a concern.

Cybercriminals exploit Facebook ads for fake AI tools and malware

Cybersecurity researchers from Bitdefender have uncovered a disturbing trend where cybercriminals exploit Facebook’s advertising platform to promote counterfeit versions of popular generative AI tools, including OpenAI’s Sora, DALL-E, ChatGPT 5, and Midjourney. These fraudulent Facebook ads are designed to trick unsuspecting users into downloading malware-infected software, leading to the theft of sensitive personal information.

The hackers hijack legitimate Facebook pages of well-known AI tools like Midjourney to impersonate these services, making false claims about exclusive access to new features. The malicious ads direct users to join related Facebook communities, where they are prompted to download supposed ‘desktop versions’ of the AI tools. However, these downloads contain Windows executables packed with harmful viruses like Rilide, Nova, Vidar, and IceRAT, which can steal stored credentials, cryptocurrency wallet data, and credit card details for illicit use.

The cybercrime scheme goes beyond fake ads and hijacked pages; it involves setting up multiple websites to avoid suspicion and using platforms like GoFile to distribute malware through fake Midjourney landing pages. Bitdefender’s analysis highlighted that hackers particularly targeted European Facebook users, with a prominent fake Midjourney page amassing 1.2 million followers before being shut down on 8 March 2024. The reach of these scams extended across countries like Sweden, Romania, Belgium, Germany, and others, with ads primarily targeting European males aged 25-55.

Bitdefender’s report also exposed the cybercriminals’ comprehensive distribution network for malware, known as Malware-as-a-Service (MaaS), enabling anyone to conduct sophisticated attacks. These include data theft, online account compromise, ransom demands after encrypting data, and fraudulent activities.

The case mirrors previous incidents, such as Google’s lawsuit against scammers in 2023 for using fake ads to spread malware. In that case, scammers posed as official Google channels to entice users into downloading purported AI products, highlighting a broader trend of exploiting trusted platforms for illicit gains.

Diplo chatbot can make mistakes. Consider checking important information.