Cybercrime

Earthquake disrupts Myanmar internet and surveillance ops

A powerful earthquake in Myanmar has significantly disrupted the junta’s cyber operations, severely damaging the National Cyber Security Center and a major e-Government data hub in Naypyitaw.

The Ministry of Transport and Communications confirmed that repairs are underway, though many internet services in quake-affected areas remain unstable.

According to the opposition National Unity Government (NUG), the damage could weaken the military regime’s ability to monitor and suppress dissent online.

The National Cyber Security Center, which played a central role in tracking online activity and orchestrating arrests via surveillance tools, was among the worst-hit sites. Thousands of communication stations were also damaged, with less than half restored so far.

The quake has also taken down several junta ministry websites and left staff in Naypyitaw facing harsh living conditions. With Myanmar recording the highest number of internet shutdowns globally in 2024, activists fear the regime will attempt to regain control, but the full extent of the digital disruption may be greater than reported.

For more information on these topics, visit diplomacy.edu.

National Crime Agency responds to AI crime warning

The National Crime Agency (NCA) has pledged to ‘closely examine’ recommendations from the Alan Turing Institute after a recent report highlighted the UK’s insufficient preparedness for AI-enabled crime.

The report, from the Centre for Emerging Technology and Security (CETaS), urges the NCA to create a task force to address AI crime within the next five years.

Despite AI-enabled crime being in its early stages, the report warns that criminals are rapidly advancing their use of AI, outpacing law enforcement’s ability to respond.

CETaS claims that UK police forces have been slow to adopt AI themselves, which could leave them vulnerable to increasingly sophisticated crimes, such as child sexual abuse, cybercrime, and fraud.

The Alan Turing Institute emphasises that although AI-specific legislation may be needed eventually, the immediate priority is for law enforcement to integrate AI into their crime-fighting efforts.

An initiative like this would involve using AI tools to combat AI-enabled crimes effectively, as fraudsters and criminals exploit AI’s potential to deceive.

While AI crime remains a relatively new phenomenon, recent examples such as the $25 million Deepfake CFO fraud show the growing threat.

The report also highlights the role of AI in phishing scams, romance fraud, and other deceptive practices, warning that future AI-driven crimes may become harder to detect as technology evolves.

For more information on these topics, visit diplomacy.edu.

Law firm investigates potential fraud in Libra meme coin launch

The Treanor Law Firm is investigating potential fraud, market manipulation, and racketeering. These issues are related to the controversial launch of the Libra meme coin (LIBRA).

The token, which was heavily promoted by Argentine President Javier Milei, quickly soared to a market cap of $1.17 billion. It crashed 97% after Milei distanced himself from the project. The firm is seeking victims to support a potential lawsuit against those behind the token’s creation and promotion.

The Libra token was marketed as a project designed to boost the Argentine economy and fund small businesses. However, its rapid collapse has raised questions about the validity of the claims made to investors.

The Treanor Law Firm’s investigation is focused on whether investors were misled during the sale and whether market manipulation occurred. Over 75,000 wallets have reportedly lost money, with total losses exceeding $280 million.

In addition to investigating fraud and market manipulation, the firm is considering whether racketeering violations are involved. If racketeering is proven, victims could be entitled to triple damages.

For more information on these topics, visit diplomacy.edu.

Australia’s largest pension funds face coordinated cyber attacks

Several of Australia’s largest pension funds have recently been under suspected cyberattacks, exposing sensitive personal data and leading to confirmed financial losses in some cases.

AustralianSuper, the country’s biggest fund, confirmed that hackers used stolen passwords to access around 600 accounts, resulting in a reported A$500,000 loss from four members.

Rest Super, which manages A$93 billion for two million members, reported unauthorised access affecting about 8,000 accounts.

The fund quickly shut down its member portal and launched an investigation, stating that while personal information was accessed, no money was taken during the incident.

Other major superannuation providers, including Hostplus, Australian Retirement Trust (ART), and Insignia Financial, also reported suspicious activity.

ART detected login attempts across hundreds of accounts but confirmed no theft, while Insignia acknowledged attempted breaches with no reported losses.

Authorities believe the attacks were primarily conducted using ‘credential stuffing,’ a method where attackers use passwords leaked in unrelated breaches to access other platforms.

Here, the continued risks of weak password reuse are highlighted, as well as the importance of additional protections like two-factor authentication.

In response to the breaches, the National Cyber Security Coordinator of Australia, Michelle McGuinness, has initiated a government-wide review in cooperation with regulators and industry representatives.

Prime Minister Anthony Albanese addressed the attacks, reaffirming his administration’s commitment to strengthening cybersecurity defences.

Superannuation funds are contacting affected members and urging all users to update their credentials and take additional precautions.

For more information on these topics, visit diplomacy.edu.

UK’s Royal Mail investigates major data breach

Royal Mail is investigating a significant cybersecurity incident after a hacker known as ‘GHNA’ claimed to have leaked 144GB of sensitive customer data. The files were allegedly obtained through Spectos, a third-party analytics provider, and posted on the BreachForums platform. While the leaked information includes names, addresses, parcel data, and internal recordings, Royal Mail stated that its delivery services remain unaffected.

Spectos confirmed a breach on 29 March, explaining that the attack stemmed from a 2021 malware infection that compromised an employee’s credentials. Cybersecurity firm Hudson Rock linked the same login data to another recent attack involving Samsung. The exposed dataset includes thousands of files containing mailing lists from Mailchimp, Zoom meetings, logistics details, and a WordPress database, raising concerns about the security of Royal Mail’s extended network.

The breach is the latest in a series of cyber incidents targeting the UK’s Royal Mail, following a 2023 ransomware attack that halted international shipping and a 2022 outage in its tracking systems. While the full extent of the latest leak remains under investigation, experts warn that prolonged access to internal systems may have occurred before the data was released. No public notification procedures have yet been confirmed.

For more information on these topics, visit diplomacy.edu.

North Korean hacker group cashes in on crypto trade

A wallet linked to North Korea’s notorious Lazarus Group has reportedly sold 40.78 Wrapped Bitcoin (WBTC) for $3.51 million, exchanging it for 1,847 Ethereum (ETH), according to data from SpotOnChain.

Instead of holding onto the ETH, the wallet redistributed 2,507 ETH across three separate addresses, with the largest portion of 1,865 ETH sent to another wallet allegedly tied to the hacker group.

The wallet originally purchased the 40.78 WBTC in February 2023 for around $999,900, when the price of WBTC averaged $24,521. Instead of selling earlier, the group waited until WBTC surged to $83,459, securing a realised profit of $2.51 million, representing a 251% gain over two years.

Lazarus Group, instead of operating openly, has been using complex laundering techniques to move stolen funds, particularly after its attack on crypto exchange Bybit.

In March, the group allegedly laundered nearly 500,000 ETH—worth $1.39 billion—through various transactions in just ten days, instead of keeping the stolen assets in a single location. At least $605 million was processed via the THORChain platform in a single day.

According to Arkham Intelligence, a wallet linked to the group still holds approximately $1.1 billion in crypto, with substantial reserves in Bitcoin, Ethereum, and Tether.

Meanwhile, Google’s Threat Intelligence Group has reported increased efforts by North Korean IT workers to infiltrate European tech and crypto firms, acting as insider operatives for state-sponsored cybercrime networks like Lazarus Group instead of working as legitimate employees.

For more information on these topics, visit diplomacy.edu.

Google report exposes North Korea’s growing cyber presence in blockchain industry

North Korean cyber operatives have expanded their activities by targeting blockchain startups in the United Kingdom and European Union.

A report from Google’s Threat Intelligence Group (GTIG) revealed that IT workers linked to the Democratic People’s Republic of Korea (DPRK) have embedded themselves in crypto projects beyond the United States, across the UK, Germany, Portugal, and Serbia.

These operatives, posing as remote developers, have left compromised data and extortion attempts in their wake.

Affected projects include blockchain marketplaces, AI web applications, and Solana-based smart contracts. Some developers worked under multiple fake identities, using falsified university degrees and residency documents to gain employment.

Payments were routed through services like TransferWise and Payoneer, obscuring funds flowing back to the North Korean regime. Cybersecurity experts warn that companies hiring these workers risk espionage, data theft, and security breaches.

GTIG reports that these cyber operations are generating revenue for North Korea, which has been accused of using overseas IT specialists to finance its sanctioned weapons programmes.

Financial service providers, including Wise, have stated that they monitor transactions closely and report any suspicious activity. With increasing global scrutiny, experts caution businesses to remain vigilant against fraudulent hires in the blockchain sector.

For more information on these topics, visit diplomacy.edu.

Dutch police struggle with cyberattacks and underfunding

A leaked report has revealed serious financial and digital failings within the Dutch police, including unchecked spending on IT and cybersecurity.

Auditors from Ernst & Young found that the force must cut €160 million, raising concerns over national security and officer safety.

The Dutch Police Union warns that chronic understaffing, daily cyberattacks and a lack of digital resilience have pushed the system to breaking point.

A September data breach affected nearly all officers, and experts say over €300 million is needed to restore proper infrastructure.

Police Chief Janny Knol acknowledged the force underestimated the costs of digital transformation.

Merged systems from 24 regional departments have caused spiralling maintenance issues, while key tech projects run over budget and behind schedule. Urgent reforms are now planned.

For more information on these topics, visit diplomacy.edu.

ECB warns Euro zone banks on geopolitical risks

Euro zone banks must remain resilient and prepared for geopolitical shocks, including the risk of liquidity drying up amid volatile financial markets, according to Claudia Buch, the European Central Bank’s supervisory chief.

She highlighted concerns about the potential impact of policy reversals by the US government, particularly under President Donald Trump, which have unsettled investors and created uncertainty about future growth and stability.

Buch also pointed to the ongoing financial and political pressures arising from Russia’s war in Ukraine and the sanctions that followed.

She emphasised the need for banks to maintain sufficient capital, robust governance, and effective risk management systems in the face of potential asset quality deterioration and economic disruptions caused by geopolitical conflicts or sanctions.

Additionally, Buch noted the increasing threat of cybersecurity attacks, which have become more frequent and severe. The ECB’s annual report warned that geopolitical risks could strain liquidity and funding, particularly in foreign currencies, leading to higher borrowing costs and increased use of credit lines.

Buch called for progress in creating a crisis management and deposit insurance framework to protect depositors in the event of bank failures.

For more information on these topics, visit diplomacy.edu.

How to protect your business from infostealer malware and credential theft

Cybercriminals stole billions of login credentials last year using infostealer malware, putting businesses worldwide at serious risk.

These malicious tools quietly harvest passwords and session tokens from infected devices, often within minutes.

To fight back, companies must use strong multi-factor authentication, store passwords in dedicated managers, and protect devices with advanced endpoint security.

Simple browser-stored logins are no longer safe, and attackers are getting better at bypassing weak defences.

Reducing session lifespans, using hardware-backed logins, and training staff to spot phishing threats are all key to staying secure.

By combining tech with human vigilance, organisations can stay ahead of attackers and safeguard their systems and data.

For more information on these topics, visit diplomacy.edu.