Cybercrime

Lawmakers at IGF 2025 call for global digital safeguards

At the Internet Governance Forum (IGF) 2025 in Norway, a high‑level parliamentary roundtable convened global lawmakers to tackle the pressing challenge of digital threats to democracy. Led by moderator Nikolis Smith, the discussion included Martin Chungong, Secretary‑General of the Inter‑Parliamentary Union (via video), and MPs from Norway, Kenya, California, Barbados, and Tajikistan. The central concern was how AI, disinformation, deepfakes, and digital inequality jeopardise truth, electoral integrity, and public trust.

Grunde Almeland, Member of the Norwegian Parliament, warned: ‘Truth is becoming less relevant … it’s hard and harder to pierce [confirmation‑bias] bubbles with factual debate and … facts.’ He championed strong, independent media, noting Norway’s success as “number one on the press freedom index” due to its editorial independence and extensive public funding. Almeland emphasised that legislation exists, but practical implementation and international coordination are key.

Kenyan Senator Catherine Mumma described a comprehensive legal framework—including cybercrime, data protection, and media acts—but admitted gaps in tackling misinformation. ‘We don’t have a law that specifically addresses misinformation and disinformation,’ she said, adding that social‑media rumours ‘[sometimes escalate] to violence’ especially around elections. Mumma called for balanced regulation that safeguards innovation, human rights, and investment in digital infrastructure and inclusion.

California Assembly Member Rebecca Bauer‑Kahn outlined her state’s trailblazing privacy and AI regulations. She highlighted a new law mandating watermarking of AI‑generated content and requiring political‑advert disclosures, although these face legal challenges as potentially ‘forced speech.’ Bauer‑Kahn stressed the need for ‘technology for good,’ including funding universities to develop watermarking and authentication tools—like Adobe’s system for verifying official content—emphasising that visual transparency restores trust.

Barbados MP Marsha Caddle recounted a recent deepfake falsely attributed to her prime minister, saying it risked ‘put[ting] at risk … global engagement.’ She promoted democratic literacy and transparency, explaining that parliamentary meetings are broadcast live to encourage public trust. She also praised local tech platforms such as Zindi in Africa, saying they foster home‑grown solutions to combat disinformation.

Tajikistan MP Zafar Alizoda highlighted regional disparities in data protections, noting that while EU citizens benefit from GDPR, users in Central Asia remain vulnerable. He urged platforms to adopt uniform global privacy standards: ‘Global platforms … must improve their policies for all users, regardless of the country of the user.’

Several participants—including John K.J. Kiarie, MP from Kenya—raised the crucial issue of ‘technological dumping,’ whereby wealthy nations and tech giants export harmful practices to vulnerable regions. Kiarie warned: ‘My people will be condemned to digital plantations… just like … slave trade.’ The consensus called for global digital governance treaties akin to nuclear or climate accords, alongside enforceable codes of conduct for Big Tech.

Despite challenges—such as balancing child protection, privacy, and platform regulation—parliamentarians reaffirmed shared goals: strengthening independent media, implementing watermarking and authentication technologies, increasing public literacy, ensuring equitable data protections, and fostering global cooperation. As Grunde Almeland put it: ‘We need to find spaces where we work together internationally… to find this common ground, a common set of rules.’ Their unified message: safeguarding democracy in the digital age demands national resilience and collective global action.

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

Cybersecurity vs freedom of expression: IGF 2025 panel calls for balanced, human-centred digital governance

At the 2025 Internet Governance Forum in Lillestrøm, Norway, experts from government, civil society, and the tech industry convened to discuss one of the thorniest challenges of the digital age: how to secure cyberspace without compromising freedom of expression and fundamental human rights. The session, moderated by terrorism survivor and activist Bjørn Ihler, revealed a shared urgency across sectors to move beyond binary thinking and craft nuanced, people-centred approaches to online safety.

Paul Ash, head of the Christchurch Call Foundation, warned against framing regulation and inaction as the only options, urging legislators to build human rights safeguards directly into cybersecurity laws. Echoing him, Mallory Knodel of the Global Encryption Coalition stressed the foundational role of end-to-end encryption, calling it a necessary boundary-setting tool in an era where digital surveillance and content manipulation pose systemic risks. She warned that weakening encryption compromises privacy and invites broader security threats.

Representing the tech industry, Meta’s Cagatay Pekyrour underscored the complexity of moderating content across jurisdictions with over 120 speech-restricting laws. He called for more precise legal definitions, robust procedural safeguards, and a shift toward ‘system-based’ regulatory frameworks that assess platforms’ processes rather than micromanage content.

Meanwhile, Romanian regulator and former MP Pavel Popescu detailed his country’s recent struggles with election-related disinformation and cybercrime, arguing that social media companies must shoulder more responsibility, particularly in responding swiftly to systemic threats like AI-driven scams and coordinated influence operations.

While perspectives diverged on enforcement and regulation, all participants agreed that lasting digital governance requires sustained multistakeholder collaboration grounded in transparency, technical expertise, and respect for human rights. As the digital landscape evolves rapidly under the influence of AI and new forms of online harm, this session underscored that no single entity or policy can succeed alone, and that the stakes for security and democracy have never been higher.

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

Spyware accountability demands Global South leadership at IGF 2025

At the Internet Governance Forum 2025 in Lillestrøm, Norway, a powerful roundtable titled ‘Spyware Accountability in the Global South’ brought together experts, activists, and policymakers to confront the growing threat of surveillance technologies in the world’s most vulnerable regions. Moderated by Nighat Dad of Pakistan’s Digital Rights Foundation, the session featured diverse perspectives from Mexico, India, Lebanon, the UK, and the private sector, each underscoring how spyware like Pegasus has been weaponised to target journalists, human rights defenders, and civil society actors across Latin America, South Asia, and the Middle East.

Ana Gaitán of R3D Mexico revealed how Mexican military forces routinely deploy spyware to obstruct investigations into abuses like the Ayotzinapa case. Apar Gupta from India’s Internet Freedom Foundation warned of the enduring legacy of colonial surveillance laws enabling secret spyware use. At the same time, Mohamad Najem of Lebanon’s SMEX explained how post-Arab Spring authoritarianism has fueled a booming domestic and export market for surveillance tools in the Gulf region. All three pointed to the urgent need for legal reform and international support, noting the failure of courts and institutions to provide effective remedies.

Representing regulatory efforts, Elizabeth Davies of the UK Foreign Commonwealth and Development Office outlined the Pall Mall Process, a UK-France initiative to create international norms for commercial cyber intrusion tools. Former UN Special Rapporteur David Kaye emphasised that such frameworks must go beyond soft law, calling for export controls, domestic legal safeguards, and litigation to ensure enforcement.

Rima Amin of Meta added a private sector lens, highlighting Meta’s litigation against NSO Group and pledging to reinvest any damages into supporting surveillance victims. Despite emerging international efforts, the panel agreed that meaningful spyware accountability will remain elusive without centring Global South voices, expanding technical and legal capacity, and bridging the North-South knowledge gap.

With spyware abuse expanding faster than regulation, the call from Lillestrøm was clear: democratic protections and digital rights must not be a privilege of geography.

Track all key moments from the Internet Governance Forum 2025 on our dedicated IGF page.

FC Barcelona documents leaked in ransomware breach

A recent cyberattack on French insurer SMABTP’s Spanish subsidiary, Asefa, has led to the leak of over 200GB of sensitive data, including documents related to FC Barcelona.

The ransomware group Qilin has claimed responsibility for the breach, highlighting the growing threat posed by such actors. With high-profile victims now in the spotlight, the reputational damage could be substantial for Asefa and its clients.

The incident comes amid growing concern among UK small and medium-sized enterprises (SMEs) about cyber threats. According to GlobalData’s UK SME Insurance Survey 2025, more than a quarter of SMEs have been influenced by media reports of cyberattacks when purchasing cyber insurance.

Meanwhile, nearly one in five cited a competitor’s victimisation as a motivating factor.

Over 300 organisations have fallen victim to Qilin in the past year alone, reflecting a broader trend in the rise of AI-enabled cybercrime.

AI allows cybercriminals to refine their methods, making attacks more effective and challenging to detect. As a result, companies are increasingly recognising the importance of robust cybersecurity measures.

With threats escalating, there is an urgent call for insurers to offer more tailored cyber coverage and proactive services. The breach involving FC Barcelona is a stark reminder that no organisation is immune and that better risk assessment and resilience planning are now business essentials.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Lazarus Group linked to Taiwan exchange hack

Taiwanese cryptocurrency exchange BitoPro has confirmed that North Korea’s state-sponsored Lazarus Group carried out a cyberattack on 9 May, resulting in the theft of approximately $11.5 million.

The company announced an internal investigation supported by an external cybersecurity firm. BitoPro detected suspicious outflows from its platform in early May, prompting immediate security measures and a comprehensive forensic review.

According to the exchange, the attackers employed tactics, techniques, and procedures (TTPs) consistent with previous operations attributed to Lazarus—an elite cybercrime unit from North Korea linked to numerous high-profile financial and cryptocurrency heists worldwide.

‘The methodology observed during the breach strongly resembles known Lazarus Group activity,’ BitoPro stated. ‘We are working closely with law enforcement and blockchain security experts to recover stolen assets and prevent further incidents.’

The breach adds to a growing list of Lazarus-linked attacks targeting decentralised finance (DeFi) platforms, exchanges, and cross-chain bridges—sectors often lacking the robust security infrastructure of traditional banking systems.

BitoPro’s disclosure highlights the escalating threat that state-affiliated hacking groups pose to the digital asset industry. Experts warn that these attacks are becoming more frequent and sophisticated as bad actors continue to exploit vulnerabilities in emerging financial technologies.

Currently, BitoPro has not confirmed whether any of the stolen funds have been recovered. The company has assured users that affected systems have been secured and that additional security measures are being implemented to protect its infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TCS clears its name in M&S data breach

Tata Consultancy Services (TCS) has publicly denied any involvement in the cyberattack that disrupted Marks & Spencer earlier this year. The attack, described as highly sophisticated, led to significant data theft and weeks-long disruption of online operations.

During the company’s annual shareholder meeting, TCS independent director Keki Mistry confirmed that none of the company’s systems or users were compromised. He said TCS is not under investigation by M&S and assured shareholders no other clients were affected.

TCS has worked with M&S for more than a decade and was awarded a $1bn contract in 2023 to overhaul the retailer’s supply chain systems. Although TCS reviewed its systems, Mistry’s comments suggest the breach did not stem from its infrastructure.

The retailer has not responded to TCS’s latest remarks but earlier stated it hopes to fully restore its online services by July.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

TxTag users targeted in sophisticated phishing scheme

A new phishing campaign targets employees with fake TxTag toll payment alerts, using legitimate-looking government domains to trick recipients into handing over sensitive information. The emails warn users of an impending account suspension unless they urgently pay a small fee, creating a false alarm to prompt quick action.

While the messages appear to come from official sources, researchers found they actually originate from an Indiana-based GovDelivery system—not Texas toll authorities—highlighting a subtle but crucial red flag. Once victims click the link, they are taken to a convincing replica of the TxTag payment site hosted at a fraudulent domain.

The page displays a believable debt of $6.69 to make the request seem routine and non-threatening. However, instead of simply logging in, users are asked to provide full personal details and, later, complete credit card information—including CVV codes.

The phishing site even validates card data to ensure the theft yields high-quality credentials. After submitting the data, victims see a fake processing message, which may be followed by an error claiming the card is unsupported.

That trick often leads users to input additional card details, giving attackers access to multiple financial accounts. The scam exemplifies the growing sophistication of phishing attacks in the US that combine technical misdirection with emotional manipulation, preying on trust in government branding and the fear of financial penalties.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

North Korea’s BlueNoroff uses deepfakes in Zoom calls to hack crypto workers

The North Korea-linked threat group BlueNoroff has been caught deploying deepfake Zoom meetings to target an employee at a cryptocurrency foundation, aiming to install malware on macOS systems.

According to cybersecurity firm Huntress, the attack began through a Telegram message that redirected the victim to a fake Zoom site. Over several weeks, the employee was lured into a group video call featuring AI-generated replicas of company executives.

When the employee encountered microphone issues during the meeting, the fake participants instructed them to download a Zoom extension, which instead executed a malicious AppleScript.

The script covertly fetched multiple payloads, installed Rosetta 2, and prompted for the system password while wiping command histories to hide forensic traces. Eight malicious binaries were uncovered on the compromised machine, including keyloggers, information stealers, and remote access tools.

BlueNoroff, also known as APT38 and part of the Lazarus Group, has a track record of targeting financial and blockchain organisations for monetary gain. The group’s past operations include the Bybit and Axie Infinity breaches.

Their campaigns often combine deep social engineering with sophisticated multi-stage malware tailored for macOS, with new tactics now mimicking audio and camera malfunctions to trick remote workers.

Cybersecurity analysts have noted that BlueNoroff has fractured into subgroups like TraderTraitor and CryptoCore, specialising in cryptocurrency theft.

Recent offshoot campaigns involve fake job interview portals and dual-platform malware, such as the Python-based PylangGhost and GolangGhost trojans, which harvest sensitive data from victims across operating systems.

The attackers have impersonated firms like Coinbase and Uniswap, mainly targeting users in India.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Massive data leak exposes 16 billion login credentials from Google, Facebook, and more

One of the largest-ever leaks of stolen login data has come to light, exposing more than 16 billion records across widely used services, including Facebook, Google, Telegram, and GitHub. The breach, uncovered by researchers at Cybernews, highlights a growing threat to individuals and organisations.

The exposed data reportedly originated from info stealer malware, previous leaks, and credential-stuffing tools. A total of 30 separate datasets were identified, some containing over 3.5 billion entries.

These were briefly available online due to unsecured cloud storage before being removed. Despite the swift takedown, the data had already been collected and analysed.

Experts have warned that the breach could lead to identity theft, phishing, and account takeovers. Smaller websites and users with poor cybersecurity practices are especially vulnerable. Many users continue to reuse passwords or minor variations of them, increasing the risk of exploitation.

While the leak is severe, users employing two-factor authentication (2FA), password managers, or passkeys are less likely to be affected.

Passkeys, increasingly adopted by companies like Google and Apple, offer a phishing-resistant login method that bypasses the need for passwords altogether.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Iran enforces crypto exchange curfew after Nobitex breach

Iran’s central bank has imposed strict operating hours on domestic crypto exchanges following a massive $100 million hack on Nobitex, the country’s largest digital asset platform. The move comes amid accusations that the incident was politically motivated.

According to blockchain analytics firm Chainalysis, exchanges in Iran are now required to operate between 10 am and 8 pm only. Analysts believe the curfew is aimed at improving monitoring capabilities and limiting capital flight during heightened Iran-Israel hostilities.

Andrew Fierman, head of national security intelligence at Chainalysis, suggested the decision was both a technical response to the hack and a strategic move to maintain tighter control over outflows.

The cyberattack, allegedly orchestrated by pro-Israel group Predatory Sparrow, targeted Nobitex’s internal systems, draining hot wallets of Bitcoin, Ether, Dogecoin, XRP, and Solana.

Cybersecurity experts say the stolen assets were transferred to burner wallets without access keys, effectively destroying them in a rare politically charged crypto burn. Nobitex stated it has isolated its systems and will compensate users using its reserve fund.

Nobitex plays a crucial role in Iran’s crypto economy, having processed over $11 billion in inflows, far outpacing all other domestic exchanges. Chainalysis notes the platform also has ties to sanctioned entities and terrorist-linked groups.

The incident is one in a series of recent cyberattacks on Iranian infrastructure, suggesting a growing digital front in the long-standing Iran-Israel conflict.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!