SK Telecom investigates data breach after cyberattack

South Korean telecom leader SK Telecom has confirmed a cyberattack that compromised customer data following a malware infection.

The breach was detected on 19 April, prompting an immediate internal investigation and response. Authorities, including the Korea Internet Security Agency, have been alerted.

Personal information of South Korean customers was accessed during the attack, although the extent of the breach remains under review. In response, SK Telecom is offering a complimentary SIM protection service, hinting at potential SIM swapping risks linked to the leaked data.

The infected systems were quickly isolated and the malware removed. While no group has claimed responsibility, concerns remain over possible state-sponsored involvement, as telecom providers are frequent targets for cyberespionage.

It is currently unknown whether ransomware played a role in the incident. Investigations are ongoing as officials continue to assess the scope and origin of the breach.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

JusticeLink breach leads to arrest in Sydney

A man has been charged following a serious cyberattack on JusticeLink, New South Wales’ largest online court-filing system.

Authorities say more than 9,000 files were illegally downloaded over a two-month period, although no personal data appears to have been compromised. The breach was first detected in March, prompting an immediate shutdown of the suspect’s account.

JusticeLink handles sensitive legal documents for over 400,000 cases annually. The 38-year-old suspect, arrested in Maroubra, Sydney, now faces charges of unauthorised access and misuse of a carriage service to cause harm. Two laptops were seized during the arrest.

Officials have reassured the public that the system is now secure, with no indication that personal information was leaked or found online.

Acting Attorney-General Ron Hoenig confirmed that people under court protection orders were not exposed to heightened risk. The man is expected to appear in Waverley Court on Thursday.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Certified randomness achieved with quantum tech

Quantum researchers from JPMorgan Chase, Quantinuum and others have achieved a major milestone in cybersecurity by generating certified random numbers using a quantum computer.

The team’s work, recently published in Nature, showcases how quantum systems can create randomness that is mathematically proven to be unpredictable—an essential leap forward in securing systems like online banking and digital voting.

Traditional computers rely on pseudo-random algorithms to mimic randomness, which are ultimately deterministic and vulnerable if the algorithm or seed is uncovered.

By contrast, the team used Quantinuum’s 56-qubit trapped-ion quantum processor to produce over 70,000 certified random bits. The process is so complex that replicating it with current supercomputers would be practically impossible.

The results were independently verified, confirming that no algorithm was involved in generating the sequence.

The breakthrough goes beyond theoretical exercises often associated with quantum computing and demonstrates practical, real-world impact in cryptography, where random numbers must be truly unguessable to keep digital systems secure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SEC targets crypto executive in $198 million Ponzi case

Ramil Palafox, CEO of PGI Global, has been charged by the US Securities and Exchange Commission. He is accused of orchestrating a $198 million crypto-based Ponzi scheme.

According to the SEC, Palafox marketed unregistered ‘membership packages’ between 2020 and 2021. He promised returns of up to 200% through a fake AI-driven trading platform.

Investor funds were reportedly diverted to finance an extravagant lifestyle, including a $1.7 million Las Vegas home, luxury cars, and high-end jewellery.

SEC alleges PGI Global manipulated user dashboards and faked trading activity to deceive investors. The company, also known as PGI Global UK Ltd, was shut down by the UK High Court in 2022.

The case marks the first crypto enforcement action under new SEC Chair Paul Atkins. Prosecutors filed a related criminal case and seek a permanent ban on Palafox’s crypto involvement. Several family members are named to receive assets linked to the scheme.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Russian hackers target NGOs with fake video calls

Hackers linked to Russia are refining their techniques to infiltrate Microsoft 365 accounts, according to cybersecurity firm Volexity.

Their latest strategy targets non-governmental organisations (NGOs) associated with Ukraine by exploiting OAuth, a protocol used for app authorisation without passwords.

Victims are lured into fake video calls through apps like Signal or WhatsApp and tricked into handing over OAuth codes, which attackers then use to access Microsoft 365 environments.

The campaign, first detected in March, involved messages claiming to come from European security officials proposing meetings with political representatives. Instead of legitimate video links, these messages directed recipients to OAuth code generators.

Once a code was shared, attackers could gain entry into accounts containing sensitive data. Staff at human rights organisations were especially targeted due to their work on Ukraine-related issues.

Volexity attributed the scheme to two threat actors, UTA0352 and UTA0355, though it did not directly connect them to any known Russian advanced persistent threat groups.

A previous attack from the same actors used Microsoft Device Code Authentication, usually reserved for connecting smart devices, instead of traditional login methods. Both campaigns show a growing sophistication in social engineering tactics.

Given the widespread use of Microsoft 365 tools like Outlook and Teams, experts urge organisations to heighten awareness among staff.

Rather than trusting unsolicited messages on encrypted apps, users should remain cautious when prompted to click links or enter authentication codes, as these could be cleverly disguised attempts to breach secure systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SK Telecom probes cyberattack after weekend breach

SK Telecom, South Korea’s largest mobile operator, has confirmed that hackers breached its internal systems, possibly exposing sensitive data linked to USIM cards.

The company discovered the intrusion late Saturday night and responded swiftly by removing malware and isolating affected equipment.

Investigations are underway, with the Korea Internet & Security Agency and the Ministry of Science and ICT examining the breach’s scope and root cause.

Officials have asked SK Telecom to preserve evidence and cooperate with technical experts sent to the site.

In response, SK Telecom is boosting defences against USIM-related fraud and offering a free protection service to concerned users.

Legal consequences could follow if the breach is found to have violated data protection laws, with potential fines reaching up to 3 percent of related revenue or 50 million won.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Scammers target Zhao with fake Grok tokens amid rising Musk-related fraud

Changpeng Zhao, former Binance CEO, was hit with 90 million fake Grok tokens. Scammers are ramping up their efforts to target crypto investors with Elon Musk-related fraud.

According to blockchain security firm PeckShield, the tokens are likely part of a phishing attack. These tokens are unrelated to Musk’s official AI chatbot, Grok, which has not issued any cryptocurrency.

Scammers have long exploited high-profile figures like Musk to gain trust from victims. Fake Grok-related tokens first appeared in 2023, leading to significant losses after scammers sold a portion of the supply.

Recent Elon Musk scams have resurfaced, featuring fake giveaways and memecoins on the BNB Smart Chain.

The rise in scams reflects a growing trend of phishing attacks, such as address poisoning, which trick victims into sending assets to fraudulent wallets.

In 2024, phishing incidents cost the crypto industry over $1 billion, highlighting the need for increased vigilance and security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Adyen services disrupted by cyber blitz

Adyen fell victim to three coordinated DDoS attacks on Monday evening, severely disrupting debit card and online payments.

The first surge of malicious traffic struck at around 7 pm, with follow‑up waves at 8:35 pm and 11:35 pm, overloading Adyen’s servers and hindering transactions.

Customers reported failures at checkouts in shops, restaurants and on e‑commerce sites until Adyen announced at 3:40 am that all its services were back online.

The firm attributed the interruptions to ‘limited availability’ caused by the data floods and reassured merchants that normal operations had resumed.

Handling nearly €1.3 trillion in payments last year, Adyen serves high‑profile clients such as Meta, Uber, eBay, HelloFresh and Spotify.

While the precise economic impact of the outages remains unclear, the episode highlights the vulnerability of global payment networks to cyber threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Google spoofed in sophisticated phishing attack

A sophisticated phishing attack recently targeted Google users, exploiting a well-known email authentication method to bypass security measures.

The attackers sent emails appearing to be from Google’s legitimate address, [email protected], and claimed the recipient needed to comply with a subpoena.

The emails contained a link to a Google Sites page, prompting users to log in and revealing a fake legal support page.

What made this phishing attempt particularly dangerous was that it successfully passed both DMARC and DKIM email authentication checks, making it appear entirely genuine to recipients.

In another cyber-related development, Microsoft issued a warning regarding the use of Node.js in distributing malware. Attackers have been using the JavaScript runtime environment to deploy malware through scripts and executables, particularly targeting cryptocurrency traders via malvertising campaigns.

The new technique involves executing JavaScript directly from the command line, making it harder to detect by traditional security tools.

Meanwhile, the US has witnessed a significant change in its disinformation-fighting efforts.

The State Department has closed its Counter Foreign Information Manipulation and Interference group, previously known as the Global Engagement Center, after accusations that it was overreaching in its censorship activities.

The closure, led by Secretary of State Marco Rubio, has sparked criticism, with some seeing it as a victory for foreign powers like Russia and China.

Finally, gig workers face new challenges as the Tech Transparency Project revealed that Facebook groups are being used to trade fake gig worker accounts for platforms like Uber and Lyft.

Sellers offer access to verified accounts, bypassing safety checks, and putting passengers and customers at risk. Despite reports to Meta, many of these groups remain active, with the social media giant’s automated systems failing to curb the activity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

D3FEND 1.0 brings structured security graphs

MITRE has unveiled its new Cyber Attack–Defense (CAD) tool as part of the D3FEND 1.0 release, offering security teams a structured way to model and counter cyber threats.

The browser‑based interface lets users build ‘D3FEND Graphs’—knowledge graphs grounded in a rich cybersecurity ontology—instead of relying on ad hoc PowerPoint diagrams.

Graph components include Attack nodes (tied to MITRE ATT&CK techniques), Countermeasure nodes (D3FEND defensive measures) and Digital Artifact nodes (elements from the D3FEND artifact ontology).

A drag‑and‑drop canvas enables rapid scene‑setting, while an ‘explode’ feature reveals related attack paths, defences or artefacts drawn from the ontology’s knowledge base.

Organisations can apply the CAD tool across threat intelligence, security engineering, detection scenario planning, incident investigation and risk assessments.

Exports in JSON, TTL or PNG support collaboration, and STIX 2.1 import ensures seamless threat data integration. Users may also extend the underlying ontology to capture emerging techniques.

Built in partnership with the NSA and various defence departments, D3FEND 1.0 and its CAD tool establish a common vocabulary and conceptual framework for cybersecurity operations.

As threats grow ever more complex, a methodical, semantically rigorous approach to modelling defences is set to become indispensable.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!