Cybersecurity

China accuses Taiwan of cyber attacks and offers a bounty

Authorities in Guangzhou have placed a secret bounty on more than 20 individuals suspected of launching cyber attacks on Chinese targets, according to state news agency Xinhua.

One named suspect, Ning Enwei, is reportedly linked to Taiwan’s government. While the size of the reward remains undisclosed, officials claim the accused hackers targeted sectors including defence, aerospace, energy, and science—alongside agencies in Hong Kong and Macau.

Xinhua stated that Taiwan’s ‘information, communication and digital army’ has coordinated with US forces to carry out cyber and cognitive warfare against China.

These accusations form part of a broader Chinese narrative suggesting Taiwan is seeking independence through foreign alliances, particularly with US intelligence agencies. State media also claimed the US has trained Taiwanese personnel and helped orchestrate cyber attacks on the mainland.

In response, a senior Taiwanese security official, speaking anonymously, dismissed the claims as fabricated. The official argued that Beijing is attempting to deflect criticism following allegations of Chinese cyber activities in Europe, especially in the Czech Republic.

‘It is typical of the Chinese Communist Party’s efforts to change the narrative,’ the official said, branding Beijing an international cyber threat instead of a victim.

Taiwan’s government has yet to issue an official statement.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Morocco detains suspect in France’s crypto abduction cases

Moroccan police arrested 24-year-old dual French-Moroccan Bajjou Badiss Mohamed AmiDe, wanted for kidnappings of cryptocurrency holders in France. An Interpol red notice issued by French authorities led to his identification and arrest.

Charges include organised crime, kidnapping, and extortion. Due to his dual nationality, he will face trial in Morocco, with French prosecutors sharing the case files.

The arrest follows a recent surge in violent attacks on crypto entrepreneurs in France. Interior Minister Bruno Retailleau has introduced emergency security measures, including private consultations and home risk assessments for those at risk.

France has seen 14 of the world’s 50 known attacks on crypto figures over the past year, according to Ledger co-founder Éric Larchevêque.

High-profile incidents include the attempted abduction of Paymium CEO Pierre Noizat’s daughter and the arrest of seven suspects linked to a victim found with a severed finger. Officials stress the urgency of judicial action to prevent further violence.

French authorities have thanked Morocco for its cooperation, while proceedings against Bajjou will continue under Moroccan jurisdiction.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Czech justice minister resigns over Bitcoin scandal

The Czech government faces a no-confidence vote after Justice Minister Pavel Blazek resigned amid controversy over a Bitcoin donation. The digital contribution, worth millions, came from Tomas Jirikovsky, a convicted drug trafficker linked to Sheep Marketplace.

The donation, made in March, was sold for over $45 million at a public auction, sparking political backlash.

Blazek denied any wrongdoing in accepting the donation but stepped down amid growing pressure. Opposition party ANO criticised the government’s handling of the affair, calling for immediate resignation.

The scandal adds to mounting concerns as the October elections approach, with polls showing the ruling coalition trailing behind ANO.

Jirikovsky was convicted in 2017 and released in 2021, after which he sought to reclaim seized Bitcoin. Investigations revealed a dark web trail tied to the donation, but no formal links to other marketplaces were confirmed.

Political analysts suggest Prime Minister Petr Fiala could also face scrutiny due to his close association with Blazek.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Salt Typhoon and Silk Typhoon reveal weaknesses

Recent revelations about Salt Typhoon and Silk Typhoon have exposed severe weaknesses in how organisations secure their networks.

These state-affiliated hacking groups have demonstrated that modern cyber threats come from well-resourced and coordinated actors instead of isolated individuals.

Salt Typhoon, responsible for one of the largest cyber intrusions into US infrastructure, exploited cloud network vulnerabilities targeting telecom giants like AT&T and Verizon, forcing companies to reassess their reliance on traditional private circuits.

Many firms continue to believe private circuits offer better protection simply because they are off the public internet. Some even add MACsec encryption for extra defence. However, MACsec’s ‘hop-by-hop’ design introduces new risks—data is repeatedly decrypted and re-encrypted at each routing point.

Every one of these hops becomes a possible target for attackers, who can intercept, manipulate, or exfiltrate data without detection, especially when third-party infrastructure is involved.

Beyond its security limitations, MACsec presents high operational complexity and cost, making it unsuitable for today’s cloud-first environments. In contrast, solutions like Internet Protocol Security (IPSec) offer simpler, end-to-end encryption.

Although not perfect in cloud settings, IPSec can be enhanced through parallel connections or expert guidance. The Cybersecurity and Infrastructure Security Agency (CISA) urges organisations to prioritise complete encryption of all data in transit, regardless of the underlying network.

Silk Typhoon has further amplified concerns by exploiting privileged credentials and cloud APIs to infiltrate both on-premise and cloud systems. These actors use covert networks to maintain long-term access while remaining hidden.

As threats evolve, companies must adopt Zero Trust principles, strengthen identity controls, and closely monitor their cloud environments instead of relying on outdated security models.

Collaborating with cloud security experts can help shut down exposure risks and protect sensitive data from sophisticated and persistent threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

HMRC got targeted in a £47 million UK fraud

A phishing scheme run by organised crime groups cost the UK government £47 million, according to officials from His Majesty’s Revenue and Customs.

Criminals posed as taxpayers to claim payments using fake or hijacked credentials. Rather than a cyberattack, the operation relied on impersonation and did not involve the theft of taxpayer data.

Angela MacDonald, HMRC’s deputy chief executive, confirmed to Parliament’s Treasury Committee that the fraud took place in 2024. The stolen funds were taken through three separate payments, though HMRC managed to block an additional £1.9 million attempt.

Officials began a cross-border criminal investigation soon after discovering the scam, which has led to arrests.

Around 100,000 PAYE accounts — typically used by employers for employee tax and national insurance payments — were either created fraudulently or accessed illegally.

Banks were also targeted through the use of HMRC-linked identity information. Customers first flagged the issue when they noticed unusual activity.

HMRC has shut down the fake accounts and removed false data as part of its response. John-Paul Marks, HMRC’s chief executive, assured the committee that the incident is now under control and contained. ‘That is a lot of money and unacceptable,’ MacDonald told MPs.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Coinbase security breach linked to India contractor

Coinbase is under scrutiny after revealing a data breach tied to its contractor TaskUs. The incident reportedly involved insider misconduct at a support centre in India.

Though the breach was disclosed in May, insiders say Coinbase had knowledge of the issue as early as January.

The incident was traced to a TaskUs agent who allegedly photographed customer data and sold it to hackers. TaskUs fired two staff, saying the breach seemed part of a broader campaign targeting several Coinbase service providers.

Operations in Indore were suspended, impacting 226 staff, most of whom received severance.

Hackers accessed names, addresses, masked banking data, and ID documents, but no funds or passwords were compromised. On 11 May, Coinbase received a $20 million ransom demand.

CEO Brian Armstrong rejected the threat and instead offered a $20 million reward for information leading to the attackers’ arrest.

The breach, which affected under 1% of users, has triggered a shareholder lawsuit accusing Coinbase of failing to disclose the incident promptly.

Although its stock dipped 7% after the news, it has since recovered, supported by the company’s recent inclusion in the S&P 500 index.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Meta inks 20-year nuclear deal to power AI expansion

Meta has entered a landmark 20-year agreement with Constellation to purchase 1.1 gigawatts of nuclear power from the Clinton Clean Energy Center in Illinois, starting in 2027.

The deal is designed to support the company’s rapidly growing AI infrastructure and data centres as energy demands surge across the tech industry.

Once facing closure due to financial losses, the Clinton plant’s future is secure — without relying on Illinois’ Zero Emission Credit programme. The agreement will keep over 1,100 local jobs, boost grid capacity by 30 megawatts, and generate an estimated $13.5 million in annual tax revenue.

Illinois lawmakers have praised the deal for its economic and environmental benefits, with Republican Regan Deering calling it ‘a forward-thinking investment.’

The partnership is part of Meta’s broader strategy to build a nuclear-powered AI ecosystem. With clean energy targets of 1 to 4 gigawatts, Meta has been negotiating with multiple nuclear providers and says further agreements are in the final stages.

According to the International Atomic Energy Agency, global data centre energy use is set to more than double by 2030 — potentially outstripping Japan’s entire electricity consumption. Meta alone plans to invest $65 billion in AI infrastructure in 2025.

The Clinton plant deal also serves as a hedge against the environmental impact of fossil fuels. A 2024 study by the Brattle Group estimated that closing the facility would have led to an additional 34 million metric tons of carbon emissions over two decades. It would also have dealt an annual $765 million blow to Illinois’ GDP.

Constellation, the plant’s operator, said consistent, carbon-free baseload power is essential for the AI-driven future. With its reliability and scale, nuclear energy is increasingly seen as critical to supporting always-on AI systems.

Meanwhile, Meta continues advancing its AI vision. The company plans to fully automate ad creation by late 2026, generating images, videos, and text tailored to user location and timing.

This automation effort has already boosted ad performance, with Q1 2025 results showing a 30% rise in AI-generated ad use, a 10% increase in average ad prices, and $42.31 billion in revenue — a 16% year-over-year jump.

However, the push for AI-generated content has unsettled the advertising industry. Firms like Omnicom Group have seen share prices dip over fears disrupting to traditional creative and production models.

Zuckerberg’s long-term AI vision includes automating marketing and enhancing user experience through AI companions and virtual therapists — part of Meta’s goal to integrate machine learning into everyday life while ensuring its platforms run on clean, scalable energy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber attack hits Lee Enterprises staff data

Thousands of current and former employees at Lee Enterprises have had their data exposed following a cyberattack earlier this year.

Hackers accessed to the company’s systems in early February, compromising sensitive information such as names and Social Security numbers before the breach was contained the same day.

Although the media firm, which operates over 70 newspapers across 26 US states, swiftly secured its networks, a three-month investigation involving external cybersecurity experts revealed that attackers accessed databases containing employee details.

The breach potentially affects around 40,000 individuals — far more than the company’s 4,500 current staff — indicating that past employees were also impacted.

The stolen data could be used for identity theft, fraud or phishing attempts. Criminals may even impersonate affected employees to infiltrate deeper into company systems and extract more valuable information.

Lee Enterprises has notified those impacted and filed relevant disclosures with authorities, including the Maine Attorney General’s Office.

Headquartered in Iowa, Lee Enterprises draws over 200 million monthly online page views and generated over $611 million in revenue in 2024. The incident underscores the ongoing vulnerability of media organisations to cyber threats, especially when personal employee data is involved.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Vodafone fined €45 million in Germany over data privacy violations

German data protection authorities have imposed a €45 million ($51.2 million) fine on Vodafone for what they described as serious data privacy breaches involving both third-party sales practices and weak digital security systems. The Federal Commissioner for Data Protection (BfDI) cited ‘malicious behaviour’ by partner agencies and security flaws that allowed unauthorised access to customer accounts.

Investigators found that some of Vodafone’s partner agencies engaged in fraudulent conduct, including altering or forging contracts to the detriment of customers. Vodafone was fined €15 million for failing to properly supervise these partners, as required by the European Union’s General Data Protection Regulation (GDPR).

Additionally, a €30 million fine was levied due to vulnerabilities in Vodafone’s customer authentication systems, which potentially allowed outsiders to access sensitive services like eSIM profiles. Vodafone has acknowledged the issues, attributing them to inadequate data protection checks at the time.

The company expressed regret for the impact on customers and emphasized that under new management, it has overhauled its data protection protocols to prevent future breaches.

Louisa Specht-Riemenschneider, Germany’s federal data protection commissioner, underscored the importance of data security, stating that user trust in digital services depends on strong safeguards. She added that proper compliance can even be a competitive advantage, as EU regulators continue to crack down on companies that violate GDPR standards.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Cyber attacks and ransomware rise globally in early 2025

Cyber attacks have surged by 47% globally in the first quarter of 2025, with organisations facing an average of 1,925 attacks each week.

Check Point Software, a cybersecurity firm, warns that attackers are growing more sophisticated and persistent, targeting critical sectors like healthcare, finance, and technology with increasing intensity.

Ransomware activity alone has soared by 126% compared to last year. Attackers are no longer just encrypting files but now also threaten to leak sensitive data unless paid — a tactic known as dual extortion.

Instead of operating as large, centralised gangs, modern ransomware groups are smaller and more agile, often coordinating through dark web forums, making them harder to trace.

The report also notes that cybercriminals are using AI to automate phishing attacks and scan systems for vulnerabilities, allowing them to strike with greater accuracy. Emerging markets remain particularly vulnerable, as they often lack advanced cybersecurity infrastructure.

Check Point urges companies to act decisively by adopting proactive security measures, investing in threat detection and employee training, and implementing real-time monitoring. Waiting for an attack instead of preparing in advance could leave organisations dangerously exposed.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.