Cybercrime

Cyber defence effort returns to US ports post-pandemic

The US Cybersecurity and Infrastructure Security Agency (CISA) has resumed its seaport cybersecurity exercise programme. Initially paused due to the pandemic and other delays, the initiative is now returning to ports such as Savannah, Charleston, Wilmington and potentially Tampa.

These proof-of-concept tabletop exercises are intended to help ports prepare for cyber threats by developing a flexible, replicable framework. Each port functions uniquely, yet common infrastructure and shared vulnerabilities make standardised preparation critical for effective crisis response.

CISA warns that threats targeting ports have grown more severe, with nation states exploiting AI-powered techniques. Some US ports, including Houston, have already fended off cyberattacks, and Chinese-made systems dominate critical logistics, raising national security concerns.

Private ownership of most port infrastructure demands strong public-private partnerships to maintain cybersecurity. CISA aims to offer a shared model that ports across the country can adapt to improve cooperation, resilience, and threat awareness.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Greece seizes crypto tied to record Bybit hack

Greek authorities have successfully seized digital assets linked to a major international cybercrime case, marking the country’s first-ever recovery of cryptocurrency. The operation followed a months-long investigation into suspicious blockchain activity in collaboration with blockchain analytics firm Chainalysis.

The recovered funds are part of a record-breaking $1.5 billion theft from crypto exchange Bybit earlier this year. In February, hackers exploited a vulnerability in one of the platform’s Ethereum wallets, transferring the entire contents to an unknown address.

The incident, considered one of the largest crypto heists in history, has been widely attributed to North Korea’s Lazarus Group.

A suspect wallet was identified and frozen, cutting off access to the assets and transferring the case to prosecutors for further legal proceedings.

Officials hailed the move as a significant advance in combating digital crime. Analysts say the operation shows how blockchain transparency and forensic tools, combined with international cooperation, can disrupt even the most complex laundering networks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Activision pulls game after PC hacking reports

Activision has removed Call of Duty: WWII from the Microsoft Store and PC Game Pass following reports that hackers exploited a serious vulnerability in the game. Only the PC versions from Microsoft’s platforms are affected, while the game remains accessible via Steam and consoles.

The decision came after several players reported their computers being hijacked during gameplay. Streamed footage showed remote code execution attacks, where malicious code was deployed through the game to seize control of victims’ devices.

AN outdated and insecure build of the game, which had previously been patched elsewhere, was uploaded to the Microsoft platforms. Activision has yet to restore access and continues to investigate the issue.

Call of Duty: WWII was only added to Game Pass in June. The vulnerability highlights the dangers of pushing old game builds without sufficient review, exposing users to significant cybersecurity risks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S urges UK firms to report cyberattacks

Marks & Spencer has called for a legal obligation requiring UK companies to report major cyberattacks to national authorities. Chairman Archie Norman told parliament that two serious cyberattacks on prominent firms in recent months had gone unreported.

He argued that underreporting leaves a significant gap in cybersecurity knowledge. It would not be excessive regulation to require companies to report material incidents to the National Cyber Security Centre.

The retailer was hit in April by what is believed to be a ransomware attack involving DragonForce, with links to the Scattered Spider hacking group.

The breach forced a seven-week suspension of online clothing orders, costing the business around £300 million in lost operating profit.

M&S had fortunately doubled its cyber insurance last year, though it may take 18 months to process the claim.

General counsel Nick Folland added that companies must be prepared to operate manually, using pen and paper, when systems go down.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Over 2.3 million users hit by Chrome and Edge extension malware

A stealthy browser hijacking campaign has infected over 2.3 million users through Chrome and Edge extensions that appeared safe and even displayed Google’s verified badge.

According to cybersecurity researchers at Koi Security, the campaign, dubbed RedDirection, involves 18 malicious extensions offering legitimate features like emoji keyboards and VPN tools, while secretly tracking users and backdooring their browsers.

One of the most popular extensions — a colour picker developed by ‘Geco’ — continues to be available on the Chrome and Edge stores with thousands of positive reviews.

While it works as intended, the extension also hijacks sessions, records browsing activity, and sends data to a remote server controlled by attackers.

What makes the campaign more insidious is how the malware was delivered. The extensions began as clean, valuable tools, but malicious code was quietly added during later updates.

Due to how Google and Microsoft handle automatic updates, most users receive spyware without taking action or clicking anything.

Koi Security’s Idan Dardikman describes the campaign as one of the largest documented. Users are advised to uninstall any affected extensions, clear browser data, and monitor accounts for unusual activity.

Despite the serious breach, Google and Microsoft have not responded publicly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI-powered imposter poses as US Secretary of State Rubio

An imposter posing as US Secretary of State Marco Rubio used an AI-generated voice and text messages to contact high-ranking officials, including foreign ministers, a senator, and a state governor.

The messages, sent through SMS and the encrypted app Signal, triggered an internal warning across the US State Department, according to a classified cable dated 3 July.

The individual created a fake Signal account using the name ‘Marco.Rubio@state.gov’ and began contacting targets in mid-June.

At least two received AI-generated voicemails, while others were encouraged to continue the chat via Signal. US officials said the aim was likely to gain access to sensitive information or compromise official accounts.

The State Department confirmed it is investigating the breach and has urged all embassies and consulates to remain alert. While no direct cyber threat was found, the department warned that shared information could still be exposed if targets were deceived.

A spokesperson declined to provide further details for security reasons.

The incident appears linked to a broader wave of AI-driven disinformation. A second operation, possibly tied to Russian actors, reportedly targeted Gmail accounts of journalists and former officials.

The FBI has warned of rising cases of ‘smishing’ and ‘vishing’ involving AI-generated content.

Experts now warn that deepfakes are becoming harder to detect, as the technology advances faster than defences.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fraudsters exploit dormant Bitcoin addresses to steal data

Analysts at BitMEX Research have revealed a new scam aimed at early Bitcoin holders, particularly those with dormant wallets dating back to 2011. Attackers use Bitcoin’s OP_Return field to send false transactions and messages to deceive owners into sharing sensitive data.

One high-profile victim is the ‘1Feex’ wallet, known for holding around 80,000 BTC stolen from the Mt. Gox hack.

Scammers made a fake Salomon Brothers site claiming that wallets are abandoned unless owners prove ownership with signed messages or personal documents. The site bears no genuine link to the original financial firm or its former executives.

Crypto community members recommend a safer approach: moving a small amount of Bitcoin to demonstrate wallet activity instead of risking the full balance. BitMEX urges users to avoid interacting with fake sites or sharing personal data.

The scam exemplifies growing sophistication in crypto fraud, with losses exceeding $2.1 billion in just the first half of 2025.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Cybercrime soars as firms underfund defences

Nearly four in ten UK businesses (38 %) do not allocate a dedicated cybersecurity budget, even as cybercrime costs hit an estimated £64 billion over three years.

Smaller enterprises are particularly vulnerable, with 15 % reporting breaches linked to underfunding.

Almost half of organisations (45 %) rely solely on in‑house defences, with only 8 % securing standalone cyber insurance, exposing many to evolving threats.

Common attacks include phishing campaigns, AI‑powered malware and DDoS, yet cybersecurity typically receives just 11 % of IT budgets.

Security professionals call for stronger board‑level involvement and increased collaboration with specialists and regulators.

They caution that businesses risk suffering further financial and reputational damage without proactive budgeting and external expertise.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers ramp up attacks on employee credentials

Recent research highlights a surge in identity‑focused cyberattacks aimed at stealing employee credentials.

Corporate login information is harvested using sophisticated tools like infostealer malware, phishing campaigns, and automated credential stuffing.

Security experts warn that compromised credentials allow attackers to masquerade as staff, access internal systems, and move laterally across organisations.

While some major firms rely solely on passwords, rigorous measures such as strong multifactor authentication, proactive monitoring, and cyber awareness training are more effective defences.

Despite awareness of these threats, many companies do not thoroughly scan for leaked credentials or flag suspicious login activity promptly.

However, this hesitancy often stems from budget limitations, competing priorities or bureaucratic inertia.

Security specialists stress the need for coordinated investment in layered security measures to protect against evolving identity‑based attacks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI locks down operations after DeepSeek model concerns

OpenAI has significantly tightened its internal security following reports that DeepSeek may have replicated its models. DeepSeek allegedly used distillation techniques to launch a competing product earlier this year, prompting a swift response.

OpenAI has introduced strict access protocols to prevent information leaks, including fingerprint scans, offline servers, and a policy restricting internet use without approval. Sensitive projects such as its AI o1 model are now discussed only by approved staff within designated areas.

The company has also boosted cybersecurity staffing and reinforced its data centre defences. Confidential development information is now shielded through ‘information tenting’.

These actions coincide with OpenAI’s $30 billion deal with Oracle to lease 4.5 gigawatts of data centre capacity across the United States. The partnership plays a central role in OpenAI’s growing Stargate infrastructure strategy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!