Cybersecurity

Diplo joins Brazil’s Internet Forum and celebrates CGI.br’s 30 years

Diplo actively participated in Brazil’s Internet Forum (FIB), held from May 26 to 30 and hosted by the Brazilian Internet Steering Committee (CGI.br). The event brought together key stakeholders from across sectors to discuss pressing issues in digital governance.

Representing Diplo, Marilia Maciel contributed to critical discussions on state roles and multistakeholder collaboration in managing cloud infrastructures and defending digital sovereignty. She also offered insights during the main session on setting principles for regulating digital platforms.

Maciel’s contributions were recognised with the ‘Destaques em Governança da Internet no Brasil’ award, one of the most respected acknowledgments of excellence in internet governance in the country. The award highlights individuals and organisations that have made significant advances in promoting inclusive and effective digital policy in Brazil.

The event also marked a major milestone for CGI.br—its 30th anniversary. Diplo joined in celebrating the committee’s three decades of leadership in internet governance. CGI.br’s pioneering approach to multistakeholder governance has served not only as a national model but as a global inspiration for collaborative digital policy-making.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

China creates AI to detect real nuclear warheads

Chinese scientists have created the world’s first AI-based system capable of identifying real nuclear warheads from decoys, marking a significant step in arms control verification.

The breakthrough, developed by the China Institute of Atomic Energy (CIAE), could strengthen Beijing’s hand in stalled disarmament talks, although it also raises difficult questions about AI’s growing role in managing weapons of mass destruction.

The technology builds on a long-standing US–China proposal but faced key obstacles: how to train AI using sensitive nuclear data, gain military approval without risking secret leaks, and persuade sceptical nations like the US to move past Cold War-era inspection methods.

So far, only the AI training has been completed, with the rest of the process still pending international acceptance.

The AI system uses deep learning and cryptographic protocols to analyse scrambled radiation signals from warheads behind a polythene wall, ensuring the weapons’ internal designs remain hidden.

The machine can verify a warhead’s chain-reaction potential without accessing classified details. According to CIAE, repeated randomised tests reduce the chance of deception to nearly zero.

While both China and the US have pledged not to let AI control nuclear launch decisions, the new system underlines AI’s expanding role in national defence.

Beijing insists the AI can be jointly trained and sealed before use to ensure transparency, but sceptics remain wary of trust, backdoor access and growing militarisation of AI.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Lazarus group fails in phishing attempt on BitMEX

BitMEX has revealed it successfully stopped a phishing attempt by the Lazarus Group, a hacking network linked to North Korea. Attackers posed as a Web3 partner on LinkedIn, trying to trick a BitMEX employee into running malicious GitHub code.

BitMEX’s security team detected the threat early and linked it to infrastructure previously associated with Lazarus.

The exchange noted Lazarus uses simple phishing before more advanced hacks. A failed operational safeguard even exposed an IP address tied to North Korean operations, located in Jiaxing, China.

Experts believe the group’s hacking efforts are split among subgroups, each with different technical skill levels.

Lazarus has been blamed for a sharp rise in crypto thefts. Chainalysis reported North Korean-linked actors stole $1.34 billion in 2024, accounting for 61% of the total stolen in crypto-related crimes that year.

Social engineering remains their primary entry tactic, as seen in major incidents like the Bybit and Radiant Capital hacks.

The group continues to launch daily fraud attempts using a mix of phishing, fake job offers, and malicious files to compromise individuals and organisations across the crypto space.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

NATO weighs inclusion of cybersecurity in new 5% defense spending target

NATO is discussing proposals to broaden the scope of defence-related expenditures to help member states meet a proposed spending target of 5% of GDP. According to Bloomberg, the target includes 3.5% for traditional defence spending and 1.5% for related activities.

The 1.5% portion may include cybersecurity, protection of critical infrastructure, border and coastal security, space-related initiatives, and the work of non-defence intelligence agencies. Some member states are also advocating for the inclusion of counter-terrorism efforts and dual-use infrastructure, pending agreement among the alliance.

The proposals are currently under negotiation and are expected to be discussed further by NATO’s policy and planning committee. These discussions will inform a framework to be considered at the alliance’s summit in June.

A final decision on the classification of eligible expenditures has not yet been made, according to the reports, and remains subject to consensus among member states. NATO has not responded publicly to inquiries regarding the ongoing negotiations.

The 5% figure was originally proposed by former US President Donald Trump and was initially viewed as an ambitious benchmark. Recent reporting suggests, however, that a growing number of member states now recognise the need for increased defence investments. As of April, 23 out of 32 NATO members had met the current 2% defence spending guideline, with all expected to do so by the summer.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK to establish cyber and electromagnetic command to enhance warfare capabilities

The United Kingdom has announced plans to establish a new military formation, the Cyber and Electromagnetic Command, aimed at strengthening its digital and electronic warfare capabilities. The new command will fall under Strategic Command, which already oversees the Ministry of Defence’s offensive and defensive cyber operations and works in coordination with the National Cyber Force.

According to the Ministry of Defence, the formation will be responsible for leading defensive cyber operations, coordinating offensive cyber capabilities, and integrating electromagnetic warfare expertise across the Armed Forces. Rather than creating entirely new capabilities, the command will reorganise existing structures to improve coordination and operational effectiveness.

The announcement comes ahead of the government’s Strategic Defence Review, due to be published on 2 June. The review will set out priorities for defence spending and assess the threats facing the UK, the capabilities required to address them, the condition of the Armed Forces, and the resources available. It is expected to highlight the growing impact of daily cyber attacks on national security and the economy.

To support the new command, the Ministry has introduced an accelerated recruitment route for cyber specialists. This new pathway, announced in February, shortens basic training from ten weeks to four, followed by a three-month programme focused on military cyber skills.

Recruitment and retention remain a key challenge. General Sir Jim Hockenhull, Commander of Strategic Command, previously noted that the competition for digital talent is particularly intense, stating that the UK is currently at a disadvantage in this area. Lieutenant General Tom Copinger-Symes, Deputy Commander of Strategic Command, also highlighted the skills shortage as a more immediate concern than funding.

The review describes the Cyber and Electromagnetic Command as a formation that will consolidate expertise in electromagnetic operations, such as degrading command and control systems, jamming signals to drones or missiles, and intercepting adversary communications. The intention is to ensure these capabilities are available at the right time and place to support integrated military operations.

Hockenhull has also pointed out that the UK’s focus on operations in Iraq and Afghanistan over the past two decades led to a reduced emphasis on electromagnetic capabilities, except in limited areas. He noted that the conflict in Ukraine has demonstrated the importance of integrating cyber and electromagnetic tools with conventional military operations.

In 2024, both Ukraine and Russia have announced plans to establish a new branch within the country’s armed forces specialising in drone warfare and the use of unmanned aerial vehicles (UAVs).

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Japan to develop new cybersecurity strategy and measures

The Japanese government is preparing to develop a new cybersecurity strategy within the year, aiming to address growing digital threats targeting both public institutions and private enterprises. As part of the forthcoming strategy, the government plans to transition its internal communications systems from public-key cryptography to post-quantum cryptography, which is considered more resilient against potential cyberattacks enabled by quantum computing technologies.

In a recent development, Defence Minister Gen Nakatani met with Lithuanian Defence Minister Dovile Šakalienė in Tokyo, where both sides agreed to strengthen bilateral cooperation on cybersecurity. A Japanese Ministry of Defence expert will be sent to Lithuania in June to engage with local specialists, who are recognised for their expertise in managing persistent cyber threats, particularly those attributed to Russian state-linked actors.

The agreement follows an earlier announcement that Japan intends to expand its pool of specialist cybersecurity personnel from the current 24,000 to at least 50,000 by 2030. The target was introduced in response to a Ministry of Economy, Trade and Industry (METI) panel recommendation that the country needs approximately 110,000 skilled cybersecurity professionals to meet growing demand.

Under new regulatory measures due to take effect in 2026, the government will also begin inspecting the cybersecurity practices of private companies. Firms failing to meet the established standards may risk losing access to state subsidies.

Earlier this year, the parliament passed a new law enabling active cyberdefence measures, allowing authorities to legally monitor communications data during peacetime and neutralise foreign servers if cyberattacks occur.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

How AI could quietly sabotage critical software

When Google’s Jules AI agent added a new feature to a live codebase in under ten minutes, it initially seemed like a breakthrough. But the same capabilities that allow AI tools to scan, modify, and deploy code rapidly also introduce new, troubling possibilities—particularly in the hands of malicious actors.

Experts are now voicing concern over the risks posed by hostile agents deploying AI tools with coding capabilities. If weaponised by rogue states or cybercriminals, the tools could be used to quietly embed harmful code into public or private repositories, potentially affecting millions of lines of critical software.

Even a single unnoticed line among hundreds of thousands could trigger back doors, logic bombs, or data leaks. The risk lies in how AI can slip past human vigilance.

From modifying update mechanisms to exfiltrating sensitive data or weakening cryptographic routines, the threat is both technical and psychological.

Developers must catch every mistake; an AI only needs to succeed once. As such tools become more advanced and publicly available, the conversation around safeguards, oversight, and secure-by-design principles is becoming urgent.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Thailand to block unlicensed crypto exchanges

Thailand’s Securities and Exchange Commission (SEC) will block access to five major cryptocurrency exchanges on 28 June for operating without a licence. Bybit, 1000X, CoinEx, OKX, and XT.COM offered trading services to Thai users without authorisation, leading to legal action.

The SEC aims to protect investors and prevent money laundering.

New anti-cybercrime laws passed in April give authorities broad powers to shut down suspicious websites quickly. The Royal Decree lets the Ministry of Digital Economy and Society target unlicensed platforms.

Enforcement has since intensified against offshore crypto operators.

Thailand is also adopting blockchain for public finance. The Ministry of Finance launched G-Token, a blockchain-based investment token for government bonds.

G-Tokens cannot be used as currency, maintaining a clear line from volatile cryptocurrencies. Regulators have imposed stricter customer checks and faster suspension of suspicious accounts, while extending liability to banks, telecoms, and social media firms.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU says US tech firms censor more

Far more online content is removed under US tech firms’ terms and conditions than under the EU’s Digital Services Act (DSA), according to Tech Commissioner Henna Virkkunen.

Her comments respond to criticism from American tech leaders, including Elon Musk, who have labelled the DSA a threat to free speech.

In an interview with Euractiv, Virkkunen said recent data show that 99% of content removals in the EU between September 2023 and April 2024 were carried out by platforms like Meta and X based on their own rules, not due to EU regulation.

Only 1% of cases involved ‘trusted flaggers’ — vetted organisations that report illegal content to national authorities. Just 0.001% of those reports led to an actual takedown decision by authorities, she added.

The DSA’s transparency rules made those figures available. ‘Often in the US, platforms have more strict rules with content,’ Virkkunen noted.

She gave examples such as discussions about euthanasia and nude artworks, which are often removed under US platform policies but remain online under European guidelines.

Virkkunen recently met with US tech CEOs and lawmakers, including Republican Congressman Jim Jordan, a prominent critic of the DSA and the DMA.

She said the data helped clarify how EU rules actually work. ‘It is important always to underline that the DSA only applies in the European territory,’ she said.

While pushing back against American criticism, Virkkunen avoided direct attacks on individuals like Elon Musk or Mark Zuckerberg. She suggested platform resistance reflects business models and service design choices.

Asked about delays in final decisions under the DSA — including open cases against Meta and X — Virkkunen stressed the need for a strong legal basis before enforcement.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Chinese state-linked hackers use Google Calendar to steal data

In a report published this week, analysts at Google have uncovered a campaign in which a China-linked group known as APT41 targeted government ministries and other organisations.

Victims received spearphishing emails directing them to a ZIP file hosted on a compromised official website. Inside, a PDF and some insect images were designed to tempt users into clicking.

Opening the PDF quietly installed a programme called ToughProgress, which runs entirely in a device’s memory to evade antivirus checks. Once active, the malware stole sensitive files and prepared them for exfiltration.

Google Calendar became the hackers’ secret communication channel. An event dated 30 May 2023 carried encrypted data stolen from victims in its description.

Further entries in July contained new instructions. ToughProgress regularly checked the attacker-controlled calendar, decrypted any commands and uploaded its results back as new calendar events.

APT41 is one of China’s most active state-linked cyber groups. US authorities charged five members in 2020 with over a hundred intrusions worldwide and issued arrest warrants for operatives including Zhang Haoran and Tan Dailin.

Earlier investigations tie the group to long-running breaches of Southeast Asian government agencies and a Taiwanese research institute working on strategic technology.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!