Cybercrime

Google spoofed in sophisticated phishing attack

A sophisticated phishing attack recently targeted Google users, exploiting a well-known email authentication method to bypass security measures.

The attackers sent emails appearing to be from Google’s legitimate address, no-reply@accounts.google.com, and claimed the recipient needed to comply with a subpoena.

The emails contained a link to a Google Sites page, prompting users to log in and revealing a fake legal support page.

What made this phishing attempt particularly dangerous was that it successfully passed both DMARC and DKIM email authentication checks, making it appear entirely genuine to recipients.

In another cyber-related development, Microsoft issued a warning regarding the use of Node.js in distributing malware. Attackers have been using the JavaScript runtime environment to deploy malware through scripts and executables, particularly targeting cryptocurrency traders via malvertising campaigns.

The new technique involves executing JavaScript directly from the command line, making it harder to detect by traditional security tools.

Meanwhile, the US has witnessed a significant change in its disinformation-fighting efforts.

The State Department has closed its Counter Foreign Information Manipulation and Interference group, previously known as the Global Engagement Center, after accusations that it was overreaching in its censorship activities.

The closure, led by Secretary of State Marco Rubio, has sparked criticism, with some seeing it as a victory for foreign powers like Russia and China.

Finally, gig workers face new challenges as the Tech Transparency Project revealed that Facebook groups are being used to trade fake gig worker accounts for platforms like Uber and Lyft.

Sellers offer access to verified accounts, bypassing safety checks, and putting passengers and customers at risk. Despite reports to Meta, many of these groups remain active, with the social media giant’s automated systems failing to curb the activity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fake banking apps leave sellers thousands out of pocket

Scammers are using fake mobile banking apps to trick people into handing over valuable items without receiving any payment.

These apps, which convincingly mimic legitimate platforms, display false ‘successful payment’ screens in person, allowing fraudsters to walk away with goods while the money never arrives.

Victims like Anthony Rudd and John Reddock have lost thousands after being targeted while selling items through social media marketplaces. Mr Rudd handed over £1,000 worth of tools from his Salisbury workshop, only to realise the payment notification was fake.

Mr Reddock, from the UK, lost a £2,000 gold bracelet he had hoped to sell to fund a holiday for his children.

BBC West Investigations found that some of these fake apps, previously removed from the Google Play store, are now being downloaded directly from the internet onto Android phones.

The Chartered Trading Standards Institute described this scam as an emerging threat, warning that in-person fraud is growing more complex instead of fading away.

With police often unable to track down suspects, small business owners like Sebastian Liberek have been left feeling helpless after being targeted repeatedly.

He has lost hundreds of pounds to fake transfers and believes scammers will continue striking, while enforcement remains limited and platforms fail to do enough to stop the spread of fraud.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US and Canadian authorities launch operation to combat Ethereum scam

The US Secret Service, in collaboration with Canadian officials, launched ‘Operation Avalanche‘ to target compromised wallets on the Ethereum blockchain.

The operation focused on disrupting an ongoing approval phishing scam, which had already cost victims $4.3 million.

Approval phishing occurs when scammers trick victims into signing illicit blockchain transactions, allowing fraudsters to drain funds from their wallets.

The US Secret Service assisted Canadian officials, helping to disrupt the scam and prevent further losses.

Both US and Canadian authorities have committed to continuing their efforts to identify stolen assets and return them to the victims. The operation highlights the importance of global law enforcement collaboration in combating crypto-related crimes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Hertz customer data stolen in vendor cyberattack

Hertz has disclosed a significant data breach involving sensitive customer information, including credit card and driver’s licence details, following a cyberattack on one of its service providers.

The breach stemmed from vulnerabilities in the Cleo Communications file transfer platform, exploited in October and December 2024.

Hertz confirmed the unauthorised access on 10 February, with further investigations revealing a range of exposed data, including names, birth dates, contact details, and in some cases, Social Security and passport numbers.

While the company has not confirmed how many individuals were affected, notifications have been issued in the US, UK, Canada, Australia, and across the EU.

Hertz stressed that no misuse of customer data has been identified so far, and that the breach has been reported to law enforcement and regulators. Cleo has since patched the exploited vulnerabilities.

The identity of the attackers remains unknown. However, Cleo was previously targeted in a broader cyber campaign last October, with the Clop ransomware group later claiming responsibility.

The gang published Cleo’s company data online and listed dozens of breached organisations, suggesting the incident was part of a wider, coordinated effort.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

KiloEX loses $7.5 million in oracle hack

A hacker has exploited decentralised exchange KiloEX, draining approximately US$7.5 million by manipulating its price oracle mechanism. The breach led to an immediate suspension of the platform and sparked a cross-industry investigation involving cybersecurity firms and blockchain networks.

The vulnerability centred on KiloEX’s price feed system, which allowed the attacker to manipulate the ETH/USD feed by inputting an artificial entry price of 100 and closing it at 10,000.

According to cybersecurity firm PeckShield, this simple flaw enabled the attacker to steal millions across multiple chains, including $3.3 million from Base, $3.1 million from opBNB, and $1 million from BNB Smart Chain.

KiloEX is working with various security experts and blockchain networks such as BNB Chain and Manta Network to recover the stolen assets.

Funds are reportedly being routed through cross-chain protocols like zkBridge and Meson. Co-founder of Fuzzland, Chaofan Shou, described the breach as stemming from a ‘very simple vulnerability’ in oracle verification, where only intermediaries were validated rather than the original transaction sender.

The attack caused KiloEX’s token price to plummet by over 29% and came just one day after the platform announced a strategic partnership with DWF Labs, aimed at fuelling growth. KiloEX has promised a full incident report and a bounty programme to encourage asset recovery.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Beijing blames NSA for hacking Asian Games systems

Chinese authorities have accused three alleged US operatives of orchestrating cyberattacks on national infrastructure during the Asian Games in Harbin this February.

The individuals, identified by Harbin police as Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson, are said to have worked through the US National Security Agency (NSA).

The attacks reportedly targeted systems critical to the Games’ operations, including athlete registration, travel, and competition management, which held sensitive personal data.

Chinese state media further claimed that the cyber intrusions extended beyond the sporting event, affecting key infrastructure in Heilongjiang province. Targets allegedly included energy, transport, water, telecoms, defence research institutions, and technology giant Huawei.

Authorities said the NSA used encrypted data to compromise Microsoft Windows systems in the region, with the aim of disrupting services and undermining national security.

The Foreign Ministry of China denounced the alleged cyberattacks as ‘extremely malicious,’ urging the United States to halt what it called repeated intrusions and misinformation.

The UD Embassy in Beijing has yet to respond, and the allegations come amid ongoing tensions, with both nations frequently accusing each other of state-backed hacking.

Only last month, the US government named and charged 12 Chinese nationals in connection with cyberespionage efforts against American interests.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers leak data from Indian software firm in major breach

A major cybersecurity breach has reportedly compromised a software company based in India, with hackers claiming responsibility for stealing nearly 1.6 million rows of sensitive data on 19 December 2024.

A hacker identified as @303 is said to have accessed and exposed customer information and internal credentials, with the dataset later appearing on a dark web forum via a user known as ‘frog’.

The leaked data includes email addresses linked to major Indian insurance providers, contact numbers, and possible administrative access credentials.

Analysts found that the sample files feature information tied to employees of companies such as HDFC Ergo, Bajaj Allianz, and ICICI Lombard, suggesting widespread exposure across the sector.

Despite the firm’s stated dedication to safeguarding data, the incident raises doubts about its cybersecurity protocols.

The breach also comes as India’s insurance regulator, IRDAI, has begun enforcing stricter cyber measures. In March 2025, it instructed insurers to appoint forensic auditors in advance and perform full IT audits instead of waiting for threats to surface.

A breach like this follows a string of high-profile incidents, including the Star Health Insurance leak affecting 31 million customers.

With cyberattacks in India up by 261% in early 2024 and the average cost of a breach now ₹19.5 crore, experts warn that insurance firms must adopt stronger protections instead of relying on outdated defences.

For more information on these topics, visit diplomacy.edu.

WooCommerce responds to alleged data breach claim

A hacker going by the alias ‘Satanic’ recently claimed responsibility for a significant data breach affecting websites that use WooCommerce, a leading eCommerce platform. The attacker alleged that over 4.4 million customer records were compromised, including personal and corporate data such as email addresses, phone numbers, physical addresses, and social media profiles, as well as company revenues, staff sizes, and tech stacks.

The original announcement was made on Breach Forums, a known cybercrime forum, where the hacker stated that the data was available for sale via private messages or Telegram. While initial reports—including one by HackRead—linked the breach to WooCommerce-based stores, WooCommerce has since issued an official statement denying that its systems were involved in the incident.

‘We can confirm that no WooCommerce data has been involved in the breach described in these articles. Our team quickly investigated the data samples and compared them against our own records. We determined that the data was not obtained through a breach of WooCommerce.com or any other Automattic services.’ — Jay Walsh, Director of Communications, WooCommerce.

The company believes that the leaked data originated from a third-party service that aggregates publicly available information about e-commerce sites. It is unclear whether the data was accessed legally or obtained through other means.

The attacker claimed the breach was achieved by exploiting vulnerabilities in third-party systems integrated with WooCommerce-powered websites—such as CRMs or marketing platforms—rather than through WooCommerce itself. However, no technical evidence has been shared to substantiate this claim.

The incident follows previous breach claims by the same hacker involving platforms like Magento and Twilio’s SendGrid, the latter of which was also denied by the company.

WooCommerce, owned by Automattic, powers a large share of global online shops. While the platform remains secure according to its developers, the case highlights ongoing concerns about the security of third-party tools and integrations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New rules in Thailand aim to tackle foreign P2P crypto services

Thailand has introduced a new legal framework targeting foreign, unregulated peer-to-peer (P2P) crypto platforms to combat online financial crime. The Thai SEC announced cabinet approval of updated emergency decrees, imposing strict measures on digital asset businesses in the country.

The amendments impose severe penalties on foreign crypto platforms, including up to three years in prison, fines of 300,000 baht (around $8,700), or both, for violations.

The SEC’s updated rules also empower authorities to block suspicious transactions and demand that crypto service providers report any scam-related activity. Other sectors, such as commercial banks, telecom companies, and social media platforms, now have joint responsibilities for preventing cybercrime.

SEC Secretary-General Pornanong Budsaratragoon stated that the aim is to reduce money laundering risks and minimise damage from online crimes. It will be achieved through stronger enforcement in collaboration with digital agencies.

Despite these stringent measures, Thailand remains open to innovation in the crypto sector. The country has made strides toward adopting blockchain technology, such as planning a blockchain-based trading platform for securities firms. It is also considering a stablecoin backed by government bonds.

For more information on these topics, visit diplomacy.edu

Guns N’ Roses’ Slash quits X after account hacked to promote fake Solana meme coin 

Guns N’ Roses guitarist Slash has permanently quit the social media platform X after his account was repeatedly hacked to promote a Solana-based meme coin. The attack, which occurred on 2 April, involved hackers using his verified account to falsely present the coin, called GUNS, as an official Guns N’ Roses project.

In his farewell tweet, Slash explained that his decision was driven by the repeated hacks. He signalled a shift in how he intends to stay connected with fans. He encouraged followers to explore his presence on other platforms.

The hack came just after April Fool’s Day, with hackers posting several promotional messages about the fake GUNS coin. The posts, which were eventually deleted, claimed the coin would launch soon and announced a $1M investment. While the token is still live, its market value has plummeted to around $3,300.

For more information on these topics, visit diplomacy.edu.