Cybersecurity

MTN confirms cybersecurity breach and data exposure

MTN Group has confirmed a cybersecurity breach that exposed personal data of some customers in certain markets. The telecom giant assured the public, however, that its core infrastructure remains secure and fully operational.

The breach involved an unknown third party gaining unauthorised access to parts of MTN’s systems, though the company emphasised that critical services, including mobile money and digital wallets, were unaffected.

In a statement released on Thursday, MTN clarified that investigations are ongoing, but no evidence suggests any compromise of its central infrastructure, such as its network, billing, or financial service platforms.

MTN has alerted the law enforcement of South Africa and is collaborating with regulatory bodies in the affected regions.

The company urged customers to take steps to safeguard their data, such as monitoring financial statements, using strong passwords, and being cautious with suspicious communications.

MTN also recommended enabling multi-factor authentication and avoiding sharing sensitive information like PINs or passwords through unsecured channels.

While investigations continue, MTN has committed to providing updates as more details emerge, reiterating its dedication to transparency and customer protection.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

North Korean hackers create fake US firms to target crypto developers

North Korea’s Lazarus Group has launched a sophisticated campaign to infiltrate the cryptocurrency industry by registering fake companies in the US and using them to lure developers into downloading malware.

According to a Reuters investigation, these US-registered shell companies, including Blocknovas LLC and Softglide LLC, were set up using false identities and addresses, giving the operation a veneer of legitimacy instead of drawing suspicion.

Once established, the fake firms posted job listings through legitimate platforms like LinkedIn and Upwork to attract developers. Applicants were guided through fake interview processes and instructed to download so-called test assignments.

Instead of harmless software, the files installed malware that enabled the hackers to steal passwords, crypto wallet keys, and other sensitive information.

The FBI has since seized Blocknovas’ domain and confirmed its connection to Lazarus, labelling the campaign a significant evolution in North Korea’s cyber operations.

These attacks were supported by Russian infrastructure, allowing Lazarus operatives to bypass North Korea’s limited internet access.

Tools such as VPNs and remote desktop software enabled them to manage operations, communicate over platforms like GitHub and Telegram, and even record training videos on how to exfiltrate data.

Silent Push researchers confirmed that the campaign has impacted hundreds of developers and likely fed some stolen access to state-aligned espionage units instead of limiting the effort to theft.

Officials from the US, South Korea, and the UN say the revenue from such cyberattacks is funneled into North Korea’s nuclear missile programme. The FBI continues to investigate and has warned that not only the hackers but also those assisting their operations could face serious consequences.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

FBI reports $9.3 billion lost to cryptocurrency fraud in 2024

The Federal Bureau of Investigation (FBI) has revealed that Americans lost approximately $9.3 billion to cryptocurrency fraud in 2024. The figure marks a 66% increase compared to the previous year.

The data was published in the FBI’s annual Internet Crime Complaint Center (IC3) report.

Individuals aged 60 and older were the most heavily impacted, accounting for $2.8 billion in losses across 33,000 complaints. Investment scams made up the largest share of monetary losses. ‘Sextortion’ scams, where fraudsters used manipulated explicit media, were the most frequently reported.

Despite efforts like the FBI’s ‘Operation Level Up’, which helped prevent $285 million in potential fraud, experts warn that scams may continue to rise in 2025.

Chainalysis pointed to generative AI as a major enabler for cybercriminals, estimating $41 billion in global illicit crypto volume in 2024 alone.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New research highlights escalating cyberthreats to global energy sector

Resecurity has published new research examining recent cyber threat activity targeting energy infrastructure across North America, Asia, and the European Union. The report, a continuation of Resecurity’s earlier analysis, focuses on incidents involving energy firms, including nuclear facilities and associated research entities.

According to the findings, these organisations are being targeted by various threat actors, including hacktivist groups, ransomware operators, and nation state entities. The report observes that geopolitical tensions remain a significant factor behind many of these activities, with actors associated with China, Iran, North Korea, and Russia among those identified.

The primary focus of these campaigns has been cyber-espionage, although incidents involving ransomware operations against operational technology (OT) systems have also been reported. The convergence of IT and OT systems, the growing use of cloud technologies, and the increased deployment of Industrial Internet of Things (IIoT) devices are noted as factors contributing to the expanded attack surface within the sector.

Resecurity’s HUNTER unit documented various threat actors engaged in targeting critical infrastructure. The report emphasises the need for energy firms to monitor potential exposure of credentials across dark web platforms, particularly due to vulnerabilities within IT and software supply chains.

Technological developments such as AI adoption within the energy sector are also discussed as contributing to the evolving threat landscape. AI is reported to lower entry barriers for certain types of cyber operations, while its integration into critical infrastructure networks introduces additional risks.

The Resecurity analysis also underscores the role of cyber supply chain risks, citing the MOVEit managed file transfer breach as an example of downstream impacts affecting multiple layers of vendors and service providers.

In response to these developments, the US Department of Energy (DOE), alongside the National Association of Regulatory Utility Commissioners (NARUC), issued updated cybersecurity guidelines in 2024 aimed at strengthening the resilience of electric distribution systems and distributed energy resources.

Overall, the research identifies an increase in cyberattacks targeting energy infrastructure globally, suggesting that some of these activities may be linked to broader geopolitical strategies. The report highlights the involvement of both state-sponsored and criminal actors in shaping this threat environment.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Researchers report espionage campaign targeting government and critical sectors in Southeast Asia

Symantec has reported that the China-linked espionage group known as Billbug—also referred to as Lotus Blossom, Lotus Panda, Bronze Elgin, and Thrip—conducted a sustained intrusion campaign against multiple organizations in a Southeast Asian country between August 2024 and February 2025. The campaign involved the use of several custom tools, including loaders, credential stealers, and a reverse SSH utility.

According to Symantec, this activity appears to continue a series of operations previously observed in late 2023, which targeted various government and critical infrastructure organisations across Southeast Asia. While Chinese attribution has been suggested, specific attribution to an individual actor remains inconclusive. Identified targets include a government ministry, an air traffic control organisation, a telecommunications provider, and a construction company.

Additional intrusions were reported against a news agency and an air freight company in neighbouring countries. The campaign leveraged DLL sideloading techniques, utilising legitimate executables from Trend Micro and Bitdefender to load malicious code.

Symantec’s analysis detailed how these binaries were used to sideload malicious DLLs, which decrypted and executed payloads designed to maintain persistence and enable further compromise of targeted systems. Billbug has been active since at least 2009, with a documented history of targeting government, defence, telecommunications, and critical infrastructure sectors in Southeast Asia and beyond.

Symantec and other cybersecurity researchers have tracked the group across multiple campaigns, including previous operations involving backdoors like Hannotog and Sagerunex. The recent report also references related findings from Cisco Talos, which provided indicators of compromise connected to the same campaign.

Symantec noted that Billbug continues to adapt its techniques, including the use of compromised legitimate software and custom malware, to conduct espionage operations across the region.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Dutch Ministry of Defence expands recruitment of cyber reservists to support national cybersecurity efforts

The Dutch Ministry of Defence has announced plans to expand its cyber defence capabilities by recruiting additional cyber reservists, according to NOS. The initiative is part of the Ministry’s strategy to strengthen cybersecurity expertise within its armed forces, with recruitment efforts scheduled to intensify after the summer. Several reservist positions have already been advertised online.

Cyber reservists are civilian professionals with digital security expertise who contribute part-time to the military’s cyber operations. Typically employed under zero-hour contracts, they may be called upon to support defence activities during evenings, weekends, or specific operational periods, while continuing their civilian careers.

The reservist units are part of the Defence Cyber Command (DCC), which currently consists of six platoons. Reservists may also participate in military exercises in the Netherlands or internationally, including NATO operations, with voluntary deployments.

Recruitment targets for cyber reservists were set at 150 over a ten-year period, but this number has not yet been achieved. According to Defence Ministry officials, interest in these positions has increased following the escalation of global cyber threats, particularly after the Russian invasion of Ukraine, though exact figures remain undisclosed for operational security reasons.

Cybersecurity expert Bert Hubert highlighted the distinct nature of cyber reserve work compared to traditional military reservist roles, emphasising the complexity of effective cyber defence operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UK introduces landmark online safety rules to protect children

The UK’s regulator, Ofcom, has unveiled new online safety rules to provide stronger protections for children, requiring platforms to adjust algorithms, implement stricter age checks, and swiftly tackle harmful content by 25 July or face hefty fines. These measures target sites hosting pornography or content promoting self-harm, suicide, and eating disorders, demanding more robust efforts to shield young users.

Ofcom chief Dame Melanie Dawes called the regulations a ‘gamechanger,’ emphasising that platforms must adapt if they wish to serve under-18s in the UK. While supporters like former Facebook safety officer Prof Victoria Baines see this as a positive step, critics argue the rules don’t go far enough, with campaigners expressing disappointment over perceived gaps, particularly in addressing encrypted private messaging.

The rules, part of the Online Safety Act pending parliamentary approval, include over 40 obligations such as clearer terms of service for children, annual risk reviews, and dedicated accountability for child safety. The NSPCC welcomed the move but urged Ofcom to tighten oversight, especially where hidden online risks remain unchecked.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft expands rewards for reporting AI vulnerabilities

Microsoft has announced an expanded bug bounty initiative, offering up to $30,000 for researchers who uncover critical vulnerabilities in AI features within Dynamics 365 and the Power Platform.

The programme aims to strengthen security in enterprise software by encouraging ethical hackers to identify and report risks before cybercriminals can exploit them.

Rather than relying on general severity scales, Microsoft has introduced an AI-specific vulnerability classification system. It highlights prompt injection attacks, data poisoning during training, and techniques like model stealing and training data reconstruction that could expose sensitive information.

Highest payouts are reserved for flaws that allow attackers to access other users’ data or perform privileged actions without their consent.

The company urges researchers to use free trials of its services, such as PowerApps and AI Builder, to identify weaknesses. Detailed product documentation is provided to help participants understand the systems they are testing.

Even reports that don’t qualify for a financial reward can still lead to recognition if they result in improved defences.

The AI bounty initiative is part of Microsoft’s wider commitment to collaborative cybersecurity. With AI becoming more deeply integrated into enterprise software, the company says it is more important than ever to identify vulnerabilities early instead of waiting for security breaches to occur.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware decline masks growing threat

A recent drop in reported ransomware attacks might seem encouraging, yet experts warn this is likely misleading. Figures from the NCC Group show a 32% decline in March 2025 compared to the previous month, totalling 600 incidents.

However, this dip is attributed to unusually large-scale attacks in earlier months, rather than an actual reduction in cybercrime. In fact, incidents were up 46% compared with March last year, highlighting the continued escalation in threat activity.

Rather than fading, ransomware groups are becoming more sophisticated. Babuk 2.0 emerged as the most active group in March, though doubts surround its legitimacy. Security researchers believe it may be recycling leaked data from previous breaches, aiming to trick victims instead of launching new attacks.

A tactic like this mirrors behaviours seen after law enforcement disrupted other major ransomware networks, such as LockBit in 2024.

Industrials were the hardest hit, followed by consumer-focused sectors, while North America bore the brunt of geographic targeting.

With nearly half of all recorded attacks occurring in the region, analysts expect North America, especially Canada, to remain a prime target amid rising political tensions and cyber vulnerability.

Meanwhile, cybercriminals are turning to malvertising, malicious code hidden in online advertisements, as a stealthier route of attack. This tactic has gained traction through the misuse of trusted platforms like GitHub and Dropbox, and is increasingly being enhanced with generative AI tools.

Instead of relying solely on technical expertise, attackers now use AI to craft more convincing and complex threats. As these strategies grow more advanced, experts urge organisations to stay alert and prioritise threat intelligence and collaboration to navigate this volatile cyber landscape.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

India deepens ties with Finland and Denmark

India is intensifying its strategic ties with Finland and Denmark as part of a broader effort to deepen cooperation with key Nordic countries.

In recent high-level conversations, Prime Minister Narendra Modi spoke with Finland’s President Alexander Stubb and Denmark’s Prime Minister Mette Frederiksen.

These discussions focused on strengthening bilateral relations in advanced technologies such as quantum computing, 5G and 6G, AI, and cybersecurity, instead of limiting collaboration to traditional sectors. Sustainability, mobility, and digital transformation also featured prominently.

Modi and Stubb underlined the importance of India-Finland cooperation within the wider context of EU relations. Both leaders expressed hope for a timely conclusion of an India-EU free trade agreement, a sentiment echoed by European Commission President Ursula von der Leyen.

The collaboration aims to bolster efforts in AI for disaster response and climate resilience, secure telecommunications, and semiconductor development, especially given ongoing geopolitical shifts and the impact of the Russia-Ukraine conflict.

In parallel, Modi reaffirmed India’s commitment to the India-Denmark Green Strategic Partnership during talks with Frederiksen.

The alliance prioritises environmentally responsible maritime practices instead of relying on conventional methods, and promotes innovation in green technologies and anti-piracy cooperation.

With the third India-Nordic Summit scheduled for later this year in Norway, the focus will be on expanding trade, climate action, and peace efforts with all five Nordic nations.

Meanwhile, India has overtaken Finland as the ‘World’s Happiest Country’ according to the latest Ipsos survey, with 88% of Indian respondents reporting happiness.

A milestone like this reflects a broader sense of national optimism and self-assurance as India continues to strengthen its global partnerships and expand its strategic influence across key sectors.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!