Cybercrime

France accuses Russia of cyberattacks on Olympic and election targets

France has publicly accused Russia’s military intelligence agency of launching cyberattacks against key French institutions, including the 2017 presidential campaign of Emmanuel Macron and organisations tied to the Paris 2024 Olympics.

The allegations were presented by Foreign Minister Jean-Noël Barrot at the UN Security Council, where he condemned the attacks as violations of international norms. French authorities linked the operations to APT28, a well-known Russian hacking group connected to the GRU.

The group also allegedly orchestrated the 2015 cyberattack on TV5 Monde and attempted to manipulate voters during the 2017 French election by leaking thousands of campaign documents. A rise in attacks has been noted ahead of major events like the Olympics and future elections.

France’s national cybersecurity agency recorded a 15% increase in Russia-linked attacks in 2024, targeting ministries, defence firms, and cultural venues. French officials warn the hacks aim to destabilise society and erode public trust.

France plans closer cooperation with Poland and pledged to counter Russia’s cyber operations with all available means.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

4chan returns after major cyberattack

After suffering what it called a ‘catastrophic’ cyberattack earlier this month, controversial image board 4chan has returned online, admitting its systems were breached through outdated software.

The attacker, reportedly using a UK-based IP address, gained entry by uploading a malicious PDF, allowing access to 4chan’s database and administrative dashboard. The intruder exfiltrated source code and sensitive data before vandalising the site, which led to its temporary shutdown on 14 April.

Although 4chan avoided directly naming the software vulnerability, it indirectly confirmed suspicions that a severely outdated backend—possibly an old version of PHP—was at fault. The site confessed that slow progress in updating its infrastructure resulted from a chronic lack of funds and technical support.

It blamed years of financial instability on advertisers, payment processors, and providers pulling away under external pressure, leaving it dependent on second-hand hardware and a stretched, largely volunteer development team.

Despite purchasing new servers in mid-2024, the transition was slow and incomplete, meaning key services still ran on legacy equipment when the breach occurred. Following the attack, 4chan replaced the compromised server and implemented necessary software updates.

PDF uploads have been suspended, and the Flash board permanently closed due to the difficulty in preventing similar exploits through .swf files.

Now relying on volunteer tech workers to support its recovery efforts, the site insists it won’t be shut down. ‘4chan is back,’ it declared, claiming no other site could replace its unique community, despite long-standing criticism over its content and lax moderation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

FBI warns users not to click on suspicious messages

Cybersecurity experts are raising fresh alarms following an FBI warning that clicking on a single link could lead to disaster.

With cyberattacks becoming more sophisticated, hackers now need just 60 seconds to compromise a victim’s device after launching an attack.

Techniques range from impersonating trusted brands like Google to deploying advanced malware and using AI tools to scale attacks even further.

The FBI has revealed that internet crimes caused $16 billion in losses during 2024 alone, with more than 850,000 complaints recorded.

Criminals exploit emotional triggers like fear and urgency in phishing emails, often sent from what appear to be genuine business accounts. A single click could expose sensitive data, install malware automatically, or hand attackers access to personal accounts by stealing browser session cookies.

To make matters worse, many attacks now originate from smartphone farms targeting both Android and iPhone users. Given the evolving threat landscape, the FBI has urged everyone to be extremely cautious.

Their key advice is clear: do not click on anything received via unsolicited emails or text messages, no matter how legitimate it might appear.

Remaining vigilant, avoiding interaction with suspicious messages, and reporting any potential threats are critical steps in combating the growing tide of cybercrime.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cybercriminals target Gmail accounts in sophisticated new attack

Gmail users are facing a serious new threat that could lead to their accounts being hijacked by cybercriminals.

Experts at Malwarebytes have issued an urgent warning about a sophisticated scam that is bypassing Gmail’s usually reliable spam filters, putting billions of accounts at risk.

The scam was first noticed by Nick Johnson, a developer with the Ethereum Name Service, who received an official-looking email supposedly from Google.

Although it appeared genuine and even passed all verification checks, the link inside redirected users to a fraudulent site hosted via Google’s own website creation platform. Cybercriminals exploited the fact that anyone can create pages on sites.google.com to make the scam look credible.

Google has acknowledged the attack, linked to the Rockfoils threat group, and confirmed that new protections are being rolled out.

While measures are underway to address the vulnerability, security experts strongly advise Gmail users to remain cautious and follow essential safety practices to avoid falling victim.

Simple actions, such as avoiding links in unsolicited emails, double-checking email headers, and refusing to use Google credentials to sign into other services, can significantly reduce the risk. Staying vigilant is now more important than ever to protect personal data and online security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SK Telecom begins SIM card replacement after data breach

South Korea’s largest carrier, SK Telecom, began replacing SIM cards for its 23 million customers on Monday following a serious data breach.

Instead of revealing the full extent of the damage or the perpetrators, the company has apologised and offered free USIM chip replacements at 2,600 stores nationwide, urging users to either change their chips or enrol in an information protection service.

The breach, caused by malicious code, compromised personal information and prompted a government-led review of South Korea’s data protection systems.

However, SK Telecom has secured less than five percent of the USIM chips required, planning to procure an additional five million by the end of May instead of having enough stock ready for immediate replacement.

Frustrated customers, like 30-year-old Jang waiting in line in Seoul, criticised the company for failing to be transparent about the amount of data leaked and the number of users affected.

Instead of providing clear answers, SK Telecom has focused on encouraging users to seek chip replacements or protective measures.

South Korea, often regarded as one of the most connected countries globally, has faced repeated cyberattacks, many attributed to North Korea.

Just last year, police confirmed that North Korean hackers had stolen over a gigabyte of sensitive financial data from a South Korean court system over a two-year span.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Lazarus Group uses fake firms to spread malware to the crypto industry

North Korean hackers, believed to be part of the Lazarus Group, have created fake US businesses to target cryptocurrency developers. According to cybersecurity firm Silent Push, two companies, Blocknovas LLC and Softglide LLC, were set up to infect victims with malicious software.

These companies were established using false information in New York and New Mexico, violating international sanctions.

The attacks involved job offers that led to ‘sophisticated malware deployments,’ aimed at compromising cryptocurrency wallets and stealing credentials. The FBI has since seized the Blocknovas website, which had been used to deceive individuals and distribute malware.

Silent Push noted that multiple victims had fallen victim to the scam, with Blocknovas being the most active front in the campaign.

The phishing operation is just one example of North Korea’s ongoing cyber activities. The Lazarus Group has previously been responsible for high-profile hacks, including the $1.4 billion attack on crypto exchange Bybit in February.

The FBI continues to focus on imposing risks and consequences for those facilitating these cyber operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

MTN confirms cybersecurity breach and data exposure

MTN Group has confirmed a cybersecurity breach that exposed personal data of some customers in certain markets. The telecom giant assured the public, however, that its core infrastructure remains secure and fully operational.

The breach involved an unknown third party gaining unauthorised access to parts of MTN’s systems, though the company emphasised that critical services, including mobile money and digital wallets, were unaffected.

In a statement released on Thursday, MTN clarified that investigations are ongoing, but no evidence suggests any compromise of its central infrastructure, such as its network, billing, or financial service platforms.

MTN has alerted the law enforcement of South Africa and is collaborating with regulatory bodies in the affected regions.

The company urged customers to take steps to safeguard their data, such as monitoring financial statements, using strong passwords, and being cautious with suspicious communications.

MTN also recommended enabling multi-factor authentication and avoiding sharing sensitive information like PINs or passwords through unsecured channels.

While investigations continue, MTN has committed to providing updates as more details emerge, reiterating its dedication to transparency and customer protection.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

North Korean hackers create fake US firms to target crypto developers

North Korea’s Lazarus Group has launched a sophisticated campaign to infiltrate the cryptocurrency industry by registering fake companies in the US and using them to lure developers into downloading malware.

According to a Reuters investigation, these US-registered shell companies, including Blocknovas LLC and Softglide LLC, were set up using false identities and addresses, giving the operation a veneer of legitimacy instead of drawing suspicion.

Once established, the fake firms posted job listings through legitimate platforms like LinkedIn and Upwork to attract developers. Applicants were guided through fake interview processes and instructed to download so-called test assignments.

Instead of harmless software, the files installed malware that enabled the hackers to steal passwords, crypto wallet keys, and other sensitive information.

The FBI has since seized Blocknovas’ domain and confirmed its connection to Lazarus, labelling the campaign a significant evolution in North Korea’s cyber operations.

These attacks were supported by Russian infrastructure, allowing Lazarus operatives to bypass North Korea’s limited internet access.

Tools such as VPNs and remote desktop software enabled them to manage operations, communicate over platforms like GitHub and Telegram, and even record training videos on how to exfiltrate data.

Silent Push researchers confirmed that the campaign has impacted hundreds of developers and likely fed some stolen access to state-aligned espionage units instead of limiting the effort to theft.

Officials from the US, South Korea, and the UN say the revenue from such cyberattacks is funneled into North Korea’s nuclear missile programme. The FBI continues to investigate and has warned that not only the hackers but also those assisting their operations could face serious consequences.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

FBI reports $9.3 billion lost to cryptocurrency fraud in 2024

The Federal Bureau of Investigation (FBI) has revealed that Americans lost approximately $9.3 billion to cryptocurrency fraud in 2024. The figure marks a 66% increase compared to the previous year.

The data was published in the FBI’s annual Internet Crime Complaint Center (IC3) report.

Individuals aged 60 and older were the most heavily impacted, accounting for $2.8 billion in losses across 33,000 complaints. Investment scams made up the largest share of monetary losses. ‘Sextortion’ scams, where fraudsters used manipulated explicit media, were the most frequently reported.

Despite efforts like the FBI’s ‘Operation Level Up’, which helped prevent $285 million in potential fraud, experts warn that scams may continue to rise in 2025.

Chainalysis pointed to generative AI as a major enabler for cybercriminals, estimating $41 billion in global illicit crypto volume in 2024 alone.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New research highlights escalating cyberthreats to global energy sector

Resecurity has published new research examining recent cyber threat activity targeting energy infrastructure across North America, Asia, and the European Union. The report, a continuation of Resecurity’s earlier analysis, focuses on incidents involving energy firms, including nuclear facilities and associated research entities.

According to the findings, these organisations are being targeted by various threat actors, including hacktivist groups, ransomware operators, and nation state entities. The report observes that geopolitical tensions remain a significant factor behind many of these activities, with actors associated with China, Iran, North Korea, and Russia among those identified.

The primary focus of these campaigns has been cyber-espionage, although incidents involving ransomware operations against operational technology (OT) systems have also been reported. The convergence of IT and OT systems, the growing use of cloud technologies, and the increased deployment of Industrial Internet of Things (IIoT) devices are noted as factors contributing to the expanded attack surface within the sector.

Resecurity’s HUNTER unit documented various threat actors engaged in targeting critical infrastructure. The report emphasises the need for energy firms to monitor potential exposure of credentials across dark web platforms, particularly due to vulnerabilities within IT and software supply chains.

Technological developments such as AI adoption within the energy sector are also discussed as contributing to the evolving threat landscape. AI is reported to lower entry barriers for certain types of cyber operations, while its integration into critical infrastructure networks introduces additional risks.

The Resecurity analysis also underscores the role of cyber supply chain risks, citing the MOVEit managed file transfer breach as an example of downstream impacts affecting multiple layers of vendors and service providers.

In response to these developments, the US Department of Energy (DOE), alongside the National Association of Regulatory Utility Commissioners (NARUC), issued updated cybersecurity guidelines in 2024 aimed at strengthening the resilience of electric distribution systems and distributed energy resources.

Overall, the research identifies an increase in cyberattacks targeting energy infrastructure globally, suggesting that some of these activities may be linked to broader geopolitical strategies. The report highlights the involvement of both state-sponsored and criminal actors in shaping this threat environment.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!