Cybercrime

UK’s Royal Mail investigates major data breach

Royal Mail is investigating a significant cybersecurity incident after a hacker known as ‘GHNA’ claimed to have leaked 144GB of sensitive customer data. The files were allegedly obtained through Spectos, a third-party analytics provider, and posted on the BreachForums platform. While the leaked information includes names, addresses, parcel data, and internal recordings, Royal Mail stated that its delivery services remain unaffected.

Spectos confirmed a breach on 29 March, explaining that the attack stemmed from a 2021 malware infection that compromised an employee’s credentials. Cybersecurity firm Hudson Rock linked the same login data to another recent attack involving Samsung. The exposed dataset includes thousands of files containing mailing lists from Mailchimp, Zoom meetings, logistics details, and a WordPress database, raising concerns about the security of Royal Mail’s extended network.

The breach is the latest in a series of cyber incidents targeting the UK’s Royal Mail, following a 2023 ransomware attack that halted international shipping and a 2022 outage in its tracking systems. While the full extent of the latest leak remains under investigation, experts warn that prolonged access to internal systems may have occurred before the data was released. No public notification procedures have yet been confirmed.

For more information on these topics, visit diplomacy.edu.

North Korean hacker group cashes in on crypto trade

A wallet linked to North Korea’s notorious Lazarus Group has reportedly sold 40.78 Wrapped Bitcoin (WBTC) for $3.51 million, exchanging it for 1,847 Ethereum (ETH), according to data from SpotOnChain.

Instead of holding onto the ETH, the wallet redistributed 2,507 ETH across three separate addresses, with the largest portion of 1,865 ETH sent to another wallet allegedly tied to the hacker group.

The wallet originally purchased the 40.78 WBTC in February 2023 for around $999,900, when the price of WBTC averaged $24,521. Instead of selling earlier, the group waited until WBTC surged to $83,459, securing a realised profit of $2.51 million, representing a 251% gain over two years.

Lazarus Group, instead of operating openly, has been using complex laundering techniques to move stolen funds, particularly after its attack on crypto exchange Bybit.

In March, the group allegedly laundered nearly 500,000 ETH—worth $1.39 billion—through various transactions in just ten days, instead of keeping the stolen assets in a single location. At least $605 million was processed via the THORChain platform in a single day.

According to Arkham Intelligence, a wallet linked to the group still holds approximately $1.1 billion in crypto, with substantial reserves in Bitcoin, Ethereum, and Tether.

Meanwhile, Google’s Threat Intelligence Group has reported increased efforts by North Korean IT workers to infiltrate European tech and crypto firms, acting as insider operatives for state-sponsored cybercrime networks like Lazarus Group instead of working as legitimate employees.

For more information on these topics, visit diplomacy.edu.

Google report exposes North Korea’s growing cyber presence in blockchain industry

North Korean cyber operatives have expanded their activities by targeting blockchain startups in the United Kingdom and European Union.

A report from Google’s Threat Intelligence Group (GTIG) revealed that IT workers linked to the Democratic People’s Republic of Korea (DPRK) have embedded themselves in crypto projects beyond the United States, across the UK, Germany, Portugal, and Serbia.

These operatives, posing as remote developers, have left compromised data and extortion attempts in their wake.

Affected projects include blockchain marketplaces, AI web applications, and Solana-based smart contracts. Some developers worked under multiple fake identities, using falsified university degrees and residency documents to gain employment.

Payments were routed through services like TransferWise and Payoneer, obscuring funds flowing back to the North Korean regime. Cybersecurity experts warn that companies hiring these workers risk espionage, data theft, and security breaches.

GTIG reports that these cyber operations are generating revenue for North Korea, which has been accused of using overseas IT specialists to finance its sanctioned weapons programmes.

Financial service providers, including Wise, have stated that they monitor transactions closely and report any suspicious activity. With increasing global scrutiny, experts caution businesses to remain vigilant against fraudulent hires in the blockchain sector.

For more information on these topics, visit diplomacy.edu.

Dutch police struggle with cyberattacks and underfunding

A leaked report has revealed serious financial and digital failings within the Dutch police, including unchecked spending on IT and cybersecurity.

Auditors from Ernst & Young found that the force must cut €160 million, raising concerns over national security and officer safety.

The Dutch Police Union warns that chronic understaffing, daily cyberattacks and a lack of digital resilience have pushed the system to breaking point.

A September data breach affected nearly all officers, and experts say over €300 million is needed to restore proper infrastructure.

Police Chief Janny Knol acknowledged the force underestimated the costs of digital transformation.

Merged systems from 24 regional departments have caused spiralling maintenance issues, while key tech projects run over budget and behind schedule. Urgent reforms are now planned.

For more information on these topics, visit diplomacy.edu.

ECB warns Euro zone banks on geopolitical risks

Euro zone banks must remain resilient and prepared for geopolitical shocks, including the risk of liquidity drying up amid volatile financial markets, according to Claudia Buch, the European Central Bank’s supervisory chief.

She highlighted concerns about the potential impact of policy reversals by the US government, particularly under President Donald Trump, which have unsettled investors and created uncertainty about future growth and stability.

Buch also pointed to the ongoing financial and political pressures arising from Russia’s war in Ukraine and the sanctions that followed.

She emphasised the need for banks to maintain sufficient capital, robust governance, and effective risk management systems in the face of potential asset quality deterioration and economic disruptions caused by geopolitical conflicts or sanctions.

Additionally, Buch noted the increasing threat of cybersecurity attacks, which have become more frequent and severe. The ECB’s annual report warned that geopolitical risks could strain liquidity and funding, particularly in foreign currencies, leading to higher borrowing costs and increased use of credit lines.

Buch called for progress in creating a crisis management and deposit insurance framework to protect depositors in the event of bank failures.

For more information on these topics, visit diplomacy.edu.

How to protect your business from infostealer malware and credential theft

Cybercriminals stole billions of login credentials last year using infostealer malware, putting businesses worldwide at serious risk.

These malicious tools quietly harvest passwords and session tokens from infected devices, often within minutes.

To fight back, companies must use strong multi-factor authentication, store passwords in dedicated managers, and protect devices with advanced endpoint security.

Simple browser-stored logins are no longer safe, and attackers are getting better at bypassing weak defences.

Reducing session lifespans, using hardware-backed logins, and training staff to spot phishing threats are all key to staying secure.

By combining tech with human vigilance, organisations can stay ahead of attackers and safeguard their systems and data.

For more information on these topics, visit diplomacy.edu.

Russian hackers exploit smart home devices for crypto mining and cyberattacks

The Russian Ministry of Internal Affairs has warned citizens that hackers are infecting smart home devices with crypto mining malware.

Officials claim cybercriminals aim to create networks of compromised devices that could also be used for DDoS attacks, surveillance, and even robbery.

To mitigate risks, the ministry advises regularly changing passwords, updating firmware, and purchasing devices from reputable manufacturers.

Crypto-related fraud is also rising in Russia, with criminals posing as brokerage employees to lure victims into fake exchanges.

Prosecutors in Yakutsk are investigating a case where a resident allegedly lost $4,600 to such a scheme. Authorities have launched a criminal case and a broader inquiry into fraudulent crypto operations.

Illegal crypto mining remains a pressing issue, particularly in regions like the North Caucasus and Siberia. Moscow has enforced seasonal bans on crypto mining until 2031, aiming to conserve electricity during peak winter months.

However, officials in Irkutsk report that while 308 MW of power was freed up, the unused capacity provided no tangible benefit to consumers.

Despite concerns, some government officials argue that mining bans are improving energy reliability. Transbaikal authorities claim no legal mining operations remain in the region and have found no evidence of illegal mining activity. Industry experts remain sceptical about the overall impact of these restrictions.

For more information on these topics, visit diplomacy.edu.

Canada warns of foreign election interference

Canada’s intelligence agency has warned that China and India are highly likely to interfere in the country’s general election on 28 April, with Russia and Pakistan also having the potential to do so.

The Canadian Security Intelligence Service (CSIS) stated that while previous interference attempts in the 2019 and 2021 elections did not alter the results, the country had been slow to respond at the time. Both China and India have denied previous allegations of meddling in Canada’s internal affairs.

Vanessa Lloyd, CSIS’s deputy director of operations, said hostile states are increasingly using AI to influence elections, with China being particularly likely to exploit such tools.

The warning comes amid tense diplomatic relations between Canada and Beijing, following China’s recent tariffs on $2.6 billion worth of Canadian agricultural products and Ottawa’s strong condemnation of China’s execution of four Canadian citizens on drug charges.

India has also been under scrutiny, with Canada expelling six Indian diplomats last year over allegations of involvement in a plot against Sikh separatists.

Lloyd stated that India has both the intent and capability to interfere in Canadian politics and communities, though the Indian diplomatic mission in Ottawa has yet to comment.

She added that while it is difficult to directly link foreign interference with election outcomes, such activities undermine public trust in Canada’s democratic institutions.

For more information on these topics, visit diplomacy.edu.

Hackers use fake Semrush ads to steal Google accounts

Cybercriminals are using fake adverts for popular SEO platform Semrush to trick users into giving up access to their Google accounts, researchers have warned.

The malvertising campaign features ads that link to a bogus Semrush login page, which only allows users to sign in via Google, a tactic designed to steal high-value credentials.

According to Malwarebytes, Semrush accounts are often linked to critical Google services such as Analytics and Search Console.

These tools store confidential business insights, which threat actors could exploit for strategic and financial gain. The scammers may also access names, phone numbers, business details, and partial card information through compromised Semrush accounts.

By impersonating Semrush support, attackers could deceive users into revealing full card details under the pretence of payment or billing updates. However, this may open the door to wider fraud, such as redirecting funds from vendors or business partners.

With Semrush serving over 117,000 customers, including a significant share of Fortune 500 firms, the attack underscores the growing risks of malvertising on platforms like Google.

Security experts are urging businesses to tighten account access controls and remain cautious when engaging with search ads, even from seemingly reputable brands.

For more information on these topics, visit diplomacy.edu.

Australian police warn of Binance-themed crypto scam targeting users

Australian authorities have issued warnings about a sophisticated scam in which fraudsters impersonate Binance via SMS, tricking users into transferring their crypto assets.

The Australian Federal Police (AFP) revealed that scammers use sender ID spoofing to make fraudulent messages appear in the same thread as legitimate Binance communications.

Victims are falsely informed of a security breach and urged to move their funds to a ‘trust wallet,’ which is controlled by the scammers.

The AFP has identified at least 130 potential victims and launched a campaign to warn them. Cybercrime officials explained that once funds are transferred to the scammers’ wallets, they are swiftly moved across multiple accounts, making recovery difficult.

Similar scams have also targeted users of Coinbase and Gemini, exploiting pre-generated recovery phrases to seize control of wallets.

Binance Chief Security Officer Jimmy Su advised users to verify official communications through Binance’s security tools and website.

The Australian government is taking steps to combat these scams, planning to launch an SMS Sender ID Register in late 2025. The initiative will require telecom providers to verify brand-name messages, reducing the risk of spoofing.

Investment scams remain a significant issue in Australia, with AU$382 million ($269 million) lost in the past year, nearly half of which was crypto-related.

Authorities continue to urge caution, warning users to be sceptical of unsolicited messages and requests for seed phrases or urgent transfers.

For more information on these topics, visit diplomacy.edu