Cybercrime

Fake Telegram Premium site spreads dangerous malware

A fake Telegram Premium website infects users with Lumma Stealer malware through a drive-by download, requiring no user interaction.

The domain, telegrampremium[.]app, hosts a malicious executable named start.exe, which begins stealing sensitive data as soon as it runs.

The malware targets browser-stored credentials, crypto wallets, clipboard data and system files, using advanced evasion techniques to bypass antivirus tools.

Obfuscated with cryptors and hidden behind real services like Telegram, the malware also communicates with temporary domains to avoid takedown.

Analysts warn that it manipulates Windows systems, evades detection, and leaves little trace by disguising its payloads as real image files.

To defend against such threats, organisations are urged to implement better cybersecurity controls, such as behaviour-based detection and enforce stronger download controls.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Bitcoin case deepens in Czech politics with arrest

Czech police have detained convicted drug trafficker Tomas Jirikovsky in connection with a $45 million Bitcoin donation that triggered a political crisis earlier this year. Assets linked to him were seized in raids by the National Centre for Combating Organised Crime.

Prosecutors confirmed the case is now focused on suspected money laundering and drug trafficking, separated from a more exhaustive investigation disclosed in May. Jirikovsky, identified as the donor of 468 Bitcoin to the Ministry of Justice, was taken into custody in Breclav.

Former Justice Minister Pavel Blazek accepted the donation without verifying its origins. He resigned in May after revelations that Jirikovsky was behind the transfer. An audit later concluded the ministry should never have accepted the funds.

The scandal has shaken Czech politics, prompting a failed no-confidence vote and renewed calls from the opposition for further ministerial departures. Current Justice Minister Eva Decroix has pledged to release a detailed case timeline as scrutiny mounts before the October elections.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK links Lazarus Group to Lykke cryptocurrency theft

The British Treasury has linked state-backed North Korean hackers to a significant theft of Bitcoin, Ethereum, and other cryptocurrencies from the Swiss platform Lykke. The hack forced Lykke to suspend trading and enter liquidation, leaving founder Richard Olsen bankrupt and under legal scrutiny.

The Lazarus Group, Pyongyang’s cyber unit, has reportedly carried out a series of global cryptocurrency heists to fund weapons programmes and bypass international sanctions. Although evidence remains inconclusive, Stolen Lykke funds may have been laundered through crypto firms.

Regulators had previously warned that Lykke was not authorised to offer financial services in the UK. Over 70 customers have filed claims totalling £5.7 million in UK courts, while Olsen’s Swiss parent company entered liquidation last year.

He was declared bankrupt in January and faces ongoing criminal investigations in Switzerland.

The Lazarus Group continues to be implicated in high-profile cryptocurrency attacks worldwide, highlighting vulnerabilities in digital asset exchanges and the challenges authorities face in recovering stolen funds.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Top cybersecurity vendors double down on AI-powered platforms

The cybersecurity market is consolidating as AI reshapes defence strategies. Platform-based solutions replace point tools to cut complexity, counter AI threats, and ease skill shortages. IDC predicts that security spending will rise 12% in 2025 to $377 billion by 2028.

Vendors embed AI agents, automation, and analytics into unified platforms. Palo Alto Networks’ Cortex XSIAM reached $1 billion in bookings, and its $25 billion CyberArk acquisition expands into identity management. Microsoft blends Azure, OpenAI, and Security Copilot to safeguard workloads and data.

Cisco integrates AI across networking, security, and observability, bolstered by its acquisition of Splunk. CrowdStrike rebounds from its 2024 outage with Charlotte AI, while Cloudflare shifts its focus from delivery to AI-powered threat prediction and optimisation.

Fortinet’s platform spans networking and security, strengthened by Suridata’s SaaS posture tools. Zscaler boosts its Zero Trust Exchange with Red Canary’s MDR tech. Broadcom merges Symantec and Carbon Black, while Check Point pushes its AI-driven Infinity Platform.

Identity stays central, with Okta leading access management and teaming with Palo Alto on integrated defences. The companies aim to platformise, integrate AI, and automate their operations to dominate an increasingly complex cyberthreat landscape.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

North Korean hackers switch to ransomware in major cyber campaign

A North Korean hacking unit has launched a ransomware campaign targeting South Korea and other countries, marking a shift from pure espionage. Security firm S2W identified the subgroup, ‘ChinopuNK’, as part of the ScarCruft threat actor.

The operation began in July, utilising phishing emails and a malicious shortcut file within a RAR archive to deploy multiple malware types. These included a keylogger, stealer, ransomware, and a backdoor.

ScarCruft, active since 2016, has targeted defectors, journalists, and government agencies. Researchers say the move to ransomware indicates either a new revenue stream or a more disruptive mission.

The campaign has expanded beyond South Korea to Japan, Vietnam, Russia, Nepal, and the Middle East. Analysts note the group’s technical sophistication has improved in recent years.

Security experts advise monitoring URLs, file hashes, behaviour-based indicators, and ongoing tracking of ScarCruft’s tools and infrastructure, to detect related campaigns from North Korea and other countries early.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

State-controlled messaging alters crypto usage in Russia

The Russian government limits secure calls on WhatsApp and Telegram, citing terrorism and fraud concerns. The measures aim to push users toward state-controlled platforms like MAX, raising privacy concerns.

With over 100 million users relying on encrypted messaging, these restrictions threaten the anonymity essential for cryptocurrency transactions. Government-monitored channels may let authorities track crypto transactions, deterring users and businesses from adopting digital currencies.

State-backed messaging platforms also open the door to regulatory oversight, complicating private crypto exchanges and noncustodial wallets.

In response, fintech startups and SMEs may turn to decentralised applications and privacy-focused tools, including zero-knowledge proofs, to maintain secure communication and financial operations.

The clampdown could boost crypto payroll adoption in Russia, reducing costs and shielding firms from economic instability. Using decentralised finance tools in alternative channels allows companies to protect privacy and support cross-border payments and remote work.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Employee data compromised in cyberattack on Canada’s parliament

Canada’s House of Commons is investigating a data breach after a cyberattack reportedly exploited a Microsoft vulnerability, granting unauthorised access to a database for managing parliamentary computers and mobile devices. Staff were notified of the breach this past Monday via internal communications.

The compromised information includes employees’ names, job titles, office locations, email addresses, and device-related details. Authorities have warned individuals to be alert for potential impersonation or phishing attempts using the stolen data.

Canada’s Communications Security Establishment (CSE) supports the investigation and confirms its involvement. No attribution has been made yet, as identifying specific threat actors remains challenging.

While the exact Microsoft vulnerability has not been publicly confirmed, cybersecurity experts point to a critical SharePoint zero-day (CVE-2025-53770), which has seen wide exploitation. The attack underscores the pressing need for robust cyber defence across government essential infrastructures.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S grapples with lingering IT fallout from cyberattack

Marks & Spencer is still grappling with the after-effects of the cyberattack experienced during the Easter bank holiday weekend in April.

While customer-facing services, including click and collect, have been restored, internal systems used by buying and merchandising teams remain affected, hampering smooth operations.

The attack, which disabled contactless payments and forced the temporary shutdown of online orders, has had severe financial consequences. M&S estimates a hit to group operating profits of approximately £300 million, though mitigation is expected through insurance and cost controls.

While the rest of its e-commerce operations have largely resumed, lingering technical problems within internal systems continue to disrupt critical back-office functions.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Russia restricts Telegram and WhatsApp calls

Russian authorities have begun partially restricting calls on Telegram and WhatsApp, citing the need for crime prevention. Regulator Roskomnadzor accused the platforms of enabling fraud, extortion, and terrorism while ignoring repeated requests to act. Neither platform commented immediately.

Russia has long tightened internet control through restrictive laws, bans, and traffic monitoring. VPNs remain a workaround, but are often blocked. During this summer, further limits included mobile internet shutdowns and penalties for specific online searches.

Authorities have introduced a new national messaging app, MAX, which is expected to be heavily monitored. Reports suggest disruptions to WhatsApp and Telegram calls began earlier this week. Complaints cited dropped calls or muted conversations.

With 96 million monthly users, WhatsApp is Russia’s most popular platform, followed by Telegram with 89 million. Past clashes include Russia’s failed Attempt to ban Telegram (2018–20) and Meta’s designation as an extremist entity in 2022.

WhatsApp accused Russia of trying to block encrypted communication and vowed to keep it available. Lawmaker Anton Gorelkin suggested that MAX should replace WhatsApp. The app’s terms permit data sharing with authorities and require pre-installation on all smartphones sold in Russia.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Con artists pose as lawyers to steal from crypto scam victims

A new fraud tactic is emerging, with con artists posing as lawyers to target cryptocurrency scam victims. They exploit desperation by promising to recover lost funds, using elaborate ruses like fabricated government partnerships and forged documents.

Sophisticated tactics, including fake websites and staged WhatsApp chats, pressure people into paying additional fees.

The US Federal Bureau of Investigation has issued a warning about the scam. Fake law firms use detailed knowledge of a victim’s prior losses to appear credible, knowing the exact amounts and dates of fraudulent transactions.

The scheme often escalates when victims are directed to deposit money into what appear to be foreign bank accounts, which are sophisticated facades designed to steal more funds.

The FBI recommends a ‘Zero Trust’ approach to combat fraud. Any unsolicited recovery offer should be met with immediate scepticism. A major red flag is if a representative refuses to appear on camera or provide their licensing details.

The bureau also advises keeping detailed records of all interactions, like emails and video calls, as documentation could prove invaluable for investigators.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!