The Guardian reports on the shift in the USA digital diplomacy with a major impact on global cyber geopolitics. After rumours of dropping Russia as a cyber threat, the first public signal on this shift was the USA’s statement at the UN working group meeting on cybersecurity when Liesyl Franz, a US representative, did not indicate Russia as a cyber threat alongside China and Iran. It is a significant shift in the USA digital diplomacy and cyber geopolitics.
The US representative also omitted usual USA references to allies and partners in cyber politics. The Guardian reports on various concerns of this shift, including a view of James Lewis, USA cybersecurity veteran: ‘It’s incomprehensible to give a speech about threats in cyberspace and not mention Russia, and it’s delusional to think this will turn Russia and the FSB [the Russian security agency] into our friends.’
This repositioning aligns with ongoing efforts to improve US-Russia relations, contrasting starkly with European allies’ views on the threat posed by Russia. It remains to be seen if this shift relates only to cybersecurity or it the US will revisit other aspects related to AI and digital governance.
For more information on these topics, visit diplomacy.edu.
Democratic lawmakers are calling for an explanation from the Pentagon after reports surfaced about an order to pause offensive cyber operations against Russia during sensitive negotiations aimed at ending the war in Ukraine.
The decision to halt such operations, which disrupt rival computer networks, is not unusual in the context of diplomatic efforts but has raised concerns among lawmakers. The order was first reported by The Record and later confirmed by two anonymous sources familiar with the matter.
Senate Minority Leader Chuck Schumer criticised the move, calling it a ‘critical strategic mistake’ and arguing that ‘the best defence is always a strong offence’, especially in cybersecurity.
Representative Adam Smith, the top Democrat on the House Armed Services Committee, also demanded that the Pentagon provide Congress with details regarding the scope of the pause and its potential impact on US allies. He further questioned whether a risk assessment was made before the decision.
The Pentagon declined to comment on the matter, citing operational security concerns. The pause in cyber operations comes amid rising tensions surrounding President Donald Trump’s recent dealings with Russia, including a public clash with Ukrainian President Volodymyr Zelenskiy.
Trump has shifted US policy by engaging in talks with Moscow and openly criticising Zelenskiy, suggesting that America could pull its support for Ukraine if the war does not end soon.
For more information on these topics, visit diplomacy.edu.
US Defense Secretary Pete Hegseth has ordered a pause on all cyber operations against Russia, including offensive actions, as part of a broader reassessment of US operations related to Russia. The duration and specifics of the pause remain unclear, according to multiple US media reports. The Pentagon declined to comment on the matter, citing operational security concerns.
This move comes amid US President Donald Trump’s push for negotiations to end the war in Ukraine, as well as his recent criticism of Ukrainian President Volodymyr Zelensky. Trump has positioned himself as a mediator between Russian President Vladimir Putin and Zelensky, calling for less focus on Putin.
Despite media reports suggesting a shift in cyber strategy, US National Security Adviser Mike Waltz denied any policy change regarding cyber operations against Russia. He emphasised that efforts to end the war would continue with a range of diplomatic and strategic tools.
For more information on these topics, visit diplomacy.edu.
The hacker behind the $1.4 billion Bybit exploit has already laundered more than half of the stolen Ethereum, primarily swapping it for Bitcoin via THORChain. Blockchain analysts report that over $614 million has been moved in just five days, pushing THORChain’s daily transaction volumes from an average of $80 million to an astonishing $580 million. On 26 February alone, swaps reached a record $859 million.
The US Federal Bureau of Investigation has officially linked the attack to North Korean state-sponsored hackers, identifying it as part of a wider cybercrime operation. Security experts confirmed that Bybit’s core infrastructure remained intact, with the breach traced back to a compromised developer machine that injected malicious code into the Gnosis Safe UI. While the attack targeted Bybit’s cold wallet, the platform’s smart contracts were not affected.
In response, Bybit has launched a dedicated website to track the movement of stolen funds and is offering a bounty to exchanges that assist in their recovery. The incident underscores a growing trend where hackers are shifting focus from exchanges themselves to the infrastructure providers that support them.
For more information on these topics, visit diplomacy.edu.
Europol announced on Friday that two dozen people have been arrested for their involvement in a criminal network distributing AI-generated images of child sexual abuse. This operation marks one of the first of its kind, highlighting concerns over the use of AI in creating illegal content. Europol noted that there is currently a lack of national legislation addressing AI-generated child abuse material.
The primary suspect, a Danish national, operated an online platform where he distributed the AI-generated content he created. Users from around the world paid a ‘symbolic online payment’ to access the material. The platform has raised significant concerns about the potential misuse of AI tools for such criminal purposes.
The ongoing operation, which involves authorities from 19 countries, resulted in 25 arrests, with most occurring simultaneously on Wednesday under the leadership of Danish authorities. Europol indicated that more arrests are expected in the coming weeks as the investigation continues.
For more information on these topics, visit diplomacy.edu.
North Korean hackers have recorded the largest cryptocurrency theft, stealing approximately $1.5bn from the Dubai-based exchange ByBit. According to the FBI, the stolen funds have already been converted into Bitcoin and spread across thousands of blockchain addresses. The attack highlights North Korea’s growing expertise in cybercrime, with proceeds believed to be funding its nuclear weapons programme.
The notorious Lazarus Group, linked to the regime, has been responsible for several high-profile hacks, including the theft of over $1.3bn in cryptocurrency last year. Experts say the group employs advanced malware and social engineering tactics to breach exchanges and launder stolen assets into fiat currency. These funds are critical for bypassing international sanctions and financing North Korea’s military ambitions.
Beyond cybercrime, Pyongyang has deepened its ties with Russia, allegedly supplying troops and weapons in exchange for financial backing and technological expertise. Meanwhile, the regime has recently reopened its borders to a limited number of international tourists, aiming to generate much-needed foreign income. As global scrutiny intensifies, concerns are growing over North Korea’s increasing reliance on illicit activities to prop up its economy and expand its military power.
For more information on these topics, visit diplomacy.edu.
The UK government has introduced the Crime and Policing Bill, aiming to enhance its ability to recover proceeds from cryptocurrency-related crime. The bill sets out provisions for valuing cryptocurrency, establishes procedures for courts to recover illicit funds, and expands powers for the Crown Court to issue seizure orders. It addresses various criminal issues, including anti-social behaviour, sexual offences, and terrorism, with a specific focus on confiscating criminal assets tied to cryptocurrencies.
The legislation will grant the Crown Court additional authority to manage and confiscate money, cryptocurrency, and personal property in criminal cases. Provisions within the bill also introduce measures for the destruction of seized cryptocurrency, ensuring that the market value at the time of destruction is taken into account, with adjustments made for any changes in value.
The bill further amends existing laws, replacing magistrates’ courts with the Crown Court in handling cryptocurrency assets. These updates aim to streamline the management of confiscation orders, ensuring that cryptocurrencies can be more effectively seized, valued, and recovered in cases involving criminal activity.
For more information on these topics, visit diplomacy.edu.
Blockchain security experts have uncovered a fake mobile app that stole over $1.8 million in cryptocurrency. The app, called BOM, targeted users by gaining access to their private wallet data, including mnemonic phrases and private keys. Once installed, BOM deceptively requested unnecessary permissions, such as access to photos and media, which raised suspicion among security experts. When granted, the app scanned the device’s storage, stole wallet data, and sent it to a remote server.
The first signs of unauthorised transactions were detected on 14 February, with further investigation revealing the scale of the theft. Over 13,000 victims had their funds stolen, with the hacker address traced across several blockchains, including Ethereum, BNB Chain, and Polygon. The stolen assets included Tether, Ethereum, Wrapped Bitcoin, and Dogecoin.
Though the identity of the attackers remains unclear, analysts from SlowMist noted that the app’s backend services had gone offline, indicating the perpetrators may already be attempting to cover their tracks. Some of the stolen funds were exchanged through decentralised platforms like PancakeSwap and OKX-DEX, making it harder to trace the movement of the assets.
For more information on these topics, visit diplomacy.edu.
Cybersecurity firm Kaspersky has issued a warning about a large-scale malware campaign targeting GitHub users. Hackers have created hundreds of fake repositories to deceive users into downloading malware designed to steal cryptocurrency, login credentials, and browsing data. The campaign, known as ‘GitVenom,’ uses fraudulent projects that appear legitimate, offering tools like a Telegram bot for managing Bitcoin wallets or an Instagram automation tool. However, these projects run malicious software in the background, including remote access trojans (RATs), info-stealers, and clipboard hijackers.
The fake repositories were made to look convincing by including detailed documentation and manipulated version histories, which were designed to mimic active development. Despite appearing professional, these projects fail to deliver their promised functions while quietly extracting sensitive information from users. Kaspersky’s investigation revealed that some of these malicious repositories have been active for at least two years, suggesting the attackers have successfully lured victims over an extended period.
Once users have downloaded the malware, it targets saved login details, cryptocurrency wallet information, and browsing history, sending the stolen data to the attackers via Telegram. Some malware even hijacks clipboard contents, replacing cryptocurrency wallet addresses with those controlled by the hackers, potentially redirecting funds. The campaign has caused considerable impact, with one documented case involving the theft of five Bitcoins, worth around $442,000.
Although the GitVenom campaign has been detected worldwide, it has particularly affected users in Russia, Brazil, and Turkey. Kaspersky warns that, given GitHub’s popularity among developers, hackers are likely to continue using fake software projects as a method of infection.
For more information on these topics, visit diplomacy.edu.
Following the recent security breach at Bybit, major cryptocurrency firms have joined forces to combat the attack and mitigate its impact. Bybit’s CEO, Ben Zhou, confirmed that both centralised and decentralised finance leaders, such as Orbiter and SynFutures, quickly moved to blacklist the attacker’s addresses. Chainalysis also tracked and published wallet addresses linked to the exploit.
Blockchain security companies, including SIS and Zero Shadows, intensified efforts to block malicious transactions and trace the perpetrators, while institutional traders such as TMSI and Cumberland provided support to stabilise the market. Several DeFi protocols, including Lido Finance and Solana Foundation, also extended their assistance.
Zhou praised the swift collaboration from industry players, calling it a testament to the cryptocurrency sector’s resilience. The exchange has since launched a recovery bounty programme, offering up to 10% of recovered funds. Bybit is working hard to enhance its security infrastructure following the breach.
Investigations have pointed to North Korea’s Lazarus Group as the likely culprit behind the attack, which exploited Bybit’s Ethereum multisig cold wallet. This group is also connected to other high-profile crypto hacks, including the 2022 DMM Bitcoin exchange breach.
For more information on these topics, visit diplomacy.edu.
