Cybersecurity

DeepSeek under fire for alleged military ties and export control evasion

The United States has accused Chinese AI startup DeepSeek of assisting China’s military and intelligence services while allegedly seeking to evade export controls to obtain advanced American-made semiconductors.

The claims, made by a senior US State Department official speaking anonymously to Reuters, add to growing concerns over the global security risks posed by AI.

DeepSeek, based in Hangzhou, China, gained international attention earlier this year after claiming its AI models rivalled those of leading United States firms like OpenAI—yet at a fraction of the cost.

However, US officials now say that the firm has shared data with Chinese surveillance networks and provided direct technological support to the People’s Liberation Army (PLA). According to the official, DeepSeek has appeared in over 150 procurement records linked to China’s defence sector.

The company is also suspected of transmitting data from foreign users, including Americans, through backend infrastructure connected to China Mobile, a state-run telecom operator. DeepSeek has not responded publicly to questions about these privacy or security issues.

The official further alleges that DeepSeek has been trying to access Nvidia’s restricted H100 AI chips by creating shell companies in Southeast Asia and using foreign data centres to run AI models on US-origin hardware remotely.

While Nvidia maintains it complies with export restrictions and has not knowingly supplied chips to sanctioned parties, DeepSeek is said to have secured several H100 chips despite the ban.

US officials have yet to place DeepSeek on a trade blacklist, though the company is under scrutiny. Meanwhile, Singapore has already charged three men with fraud in investigating the suspected illegal movement of Nvidia chips to DeepSeek.

Questions have also been raised over the credibility of DeepSeek’s technological claims. Experts argue that the reported $5.58 million spent on training their flagship models is unrealistically low, especially given the compute scale typically required to match OpenAI or Meta’s performance.

DeepSeek has remained silent amid the mounting scrutiny. Still, with the US-China tech race intensifying, the firm could soon find itself at the centre of new trade sanctions and geopolitical fallout.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Onnuri Church probes hack after broadcast hijacked by North Korean flag

A North Korean flag briefly appeared during a live-streamed worship service from one of Seoul’s largest Presbyterian churches, prompting an urgent investigation into what church officials are calling a cyberattack.

The incident occurred Wednesday morning during an early service at Onnuri Church’s Seobinggo campus in Yongsan, South Korea.

While Pastor Park Jong-gil was delivering his sermon, the broadcast suddenly cut to a full-screen image of the flag of North Korea, accompanied by unidentified background music. His audio was muted during the disruption, which lasted around 20 seconds.

The unexpected clip appeared on the church’s official YouTube channel and was quickly captured by viewers, who began sharing it across online platforms and communities.

On Thursday, Onnuri Church issued a public apology on its website and confirmed it was treating the event as a deliberate cyber intrusion.

‘An unplanned video was transmitted during the livestream of our early morning worship on 18 June. We believe this resulted from a hacking incident,’ the statement read. ‘An internal investigation is underway, and we are taking immediate measures to identify the source and prevent future breaches.’

A church official told Yonhap News Agency that the incident had been reported to the relevant authorities, and no demands or threats had been received regarding the breach. The investigation continues as the church works with authorities to determine the origin and intent of the attack.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Lazarus Group linked to Taiwan exchange hack

Taiwanese cryptocurrency exchange BitoPro has confirmed that North Korea’s state-sponsored Lazarus Group carried out a cyberattack on 9 May, resulting in the theft of approximately $11.5 million.

The company announced an internal investigation supported by an external cybersecurity firm. BitoPro detected suspicious outflows from its platform in early May, prompting immediate security measures and a comprehensive forensic review.

According to the exchange, the attackers employed tactics, techniques, and procedures (TTPs) consistent with previous operations attributed to Lazarus—an elite cybercrime unit from North Korea linked to numerous high-profile financial and cryptocurrency heists worldwide.

‘The methodology observed during the breach strongly resembles known Lazarus Group activity,’ BitoPro stated. ‘We are working closely with law enforcement and blockchain security experts to recover stolen assets and prevent further incidents.’

The breach adds to a growing list of Lazarus-linked attacks targeting decentralised finance (DeFi) platforms, exchanges, and cross-chain bridges—sectors often lacking the robust security infrastructure of traditional banking systems.

BitoPro’s disclosure highlights the escalating threat that state-affiliated hacking groups pose to the digital asset industry. Experts warn that these attacks are becoming more frequent and sophisticated as bad actors continue to exploit vulnerabilities in emerging financial technologies.

Currently, BitoPro has not confirmed whether any of the stolen funds have been recovered. The company has assured users that affected systems have been secured and that additional security measures are being implemented to protect its infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Supply chain cyber attack hits UBS and Swiss banks

A sophisticated supply chain cyber attack on Swiss service provider Chain IQ has resulted in data leaks at several financial institutions, including UBS and Pictet. According to the banks, no client data was compromised.

UBS confirmed the breach on Wednesday, stating: ‘A cyber attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected.’ The bank said it had acted swiftly to protect operations.

Chain IQ revealed that it was one of 20 organisations targeted in what it described as ‘a cyber-attack that had never before been seen on a global scale.’

The attackers published stolen data on the dark web on 12 June 2025 at 17:15 CET. The firm said access was revoked and the incident contained within 8 hours and 45 minutes.

The stolen data included employee business contact details from certain clients, such as internal telephone numbers. The company stated that all systems were checked and secured, with law enforcement notified immediately.

Dr Ilia Kolochenko, CEO of ImmuniWeb and a Fellow at the British Computer Society, warned of the potential impact: ‘This breach may have a disastrous and long-lasting effect on the Swiss banking sector. An urgent investigation is essential to determine its scope.’

He added that the incident highlights third-party vulnerabilities: ‘Even major institutions are at risk from supply chain weaknesses. Legal liability could extend to the banks themselves if damage to individuals occurs.’

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Researchers gain control of tesla charger Through firmware downgrade

Tesla’s popular Wall Connector home EV charger was compromised at the January 2025 Pwn2Own Automotive competition, revealing how attackers could gain full control via the charging cable.

The Tesla Wall Connector Gen 3, a widely deployed residential AC charger delivering up to 22 kW, was exploited through a novel attack that used the physical charging connector as the main entry point.

The vulnerability allowed researchers to execute arbitrary code, potentially giving access to private networks in homes, hotels, or businesses.

Researchers from Synacktiv discovered that Tesla vehicles can update the Wall Connector’s firmware via the charging cable using a proprietary, undocumented protocol.

By simulating a Tesla car and exploiting Single-Wire CAN (SWCAN) communications over the Control Pilot line, the team downgraded the firmware to an older version with exposed debug features.

Using a custom USB-CAN adapter and a Raspberry Pi to emulate vehicle behaviour, they accessed the device’s setup Wi-Fi credentials and triggered a buffer overflow in the debug shell, ultimately gaining remote code execution.

The demonstration ended with a visual cue — the charger’s LED blinking — but the broader implication is access to internal networks and potential lateral movement across connected systems.

Tesla has since addressed the vulnerability by introducing anti-downgrade measures in newer firmware versions. The Pwn2Own event remains instrumental in exposing critical flaws in automotive and EV infrastructure, pushing manufacturers toward stronger security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Chatham House analyst targeted in phishing attack

Chatham House expert Keir Giles has been targeted by a highly sophisticated spear phishing campaign, with suspected ties to Russian intelligence.

The cyber operation impersonated a senior official at the US State Department and attempted to extract sensitive credentials under the guise of a legitimate diplomatic consultation.

The incident, which took place in May 2025, was investigated by Google’s Threat Intelligence Group (GTIG) and Citizen Lab. It has been linked to a threat actor tracked as UNC6293, possibly associated with APT29—an espionage group believed to be backed by Russia’s Foreign Intelligence Service (SVR).

Giles received an email from an individual claiming to be ‘Claudie S. Weber’, a non-existent official at the US Department of State. The message invited him to a meeting to discuss ‘recent developments’, a type of request not uncommon in his line of work.

Although the attacker used a Gmail address, they copied several fake @state.gov email addresses to lend the communication authenticity. According to Citizen Lab, the US State Department’s email servers do not bounce invalid addresses, allowing this tactic to go unnoticed.

The tone of the message, coupled with evasive language, led investigators to suspect that the attackers may have employed a large language model to generate the email content.

While the first message contained no direct malware, a later email included a PDF instructing Giles to create an app-specific password (ASP) for accessing a supposed government platform. In reality, this would have handed full access of his Gmail account to the attackers.

Although Giles followed the instructions, he used a different Gmail account than the one targeted—likely limiting the damage. After ten further email exchanges, he shared details of the attempted attack publicly, warning that the stolen material could be altered and leaked as part of a disinformation campaign.

He noted that the attackers’ patient approach made the scam appear more plausible. Citizen Lab confirmed the threat actor’s ability to adapt based on Giles’ replies, avoiding pressure tactics and instead suggesting future collaboration.

Google ultimately blocked the offending Gmail account and secured the affected inbox. GTIG later disclosed a broader campaign, including another incident themed around Ukraine and Microsoft, beginning in April 2025.

In response, GTIG advised high-risk users to avoid app-specific passwords altogether, particularly when enrolled in the Advanced Protection Program (APP). Other recommendations included promptly revoking unused ASPs, monitoring account activity, and enabling advanced security measures.

The case underscores the evolving tactics of state-aligned cyber actors, who now combine social engineering with AI and deep reconnaissance to breach high-value targets.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TCS clears its name in M&S data breach

Tata Consultancy Services (TCS) has publicly denied any involvement in the cyberattack that disrupted Marks & Spencer earlier this year. The attack, described as highly sophisticated, led to significant data theft and weeks-long disruption of online operations.

During the company’s annual shareholder meeting, TCS independent director Keki Mistry confirmed that none of the company’s systems or users were compromised. He said TCS is not under investigation by M&S and assured shareholders no other clients were affected.

TCS has worked with M&S for more than a decade and was awarded a $1bn contract in 2023 to overhaul the retailer’s supply chain systems. Although TCS reviewed its systems, Mistry’s comments suggest the breach did not stem from its infrastructure.

The retailer has not responded to TCS’s latest remarks but earlier stated it hopes to fully restore its online services by July.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Publishers lose traffic as readers trust AI more

Online publishers are facing an existential threat as AI increasingly becomes the primary source of information for users, warned Cloudflare CEO Matthew Prince during an Axios event in Cannes.

As AI-generated summaries dominate user queries, search engine referrals have plunged, urgently pushing media outlets to reconsider how they sustain revenue from their content.

Traffic patterns have dramatically shifted. A decade ago, Google sent a visitor to publishers for every two pages it crawled.

Today, that ratio has ballooned to 18:1. The picture is more extreme for AI firms: OpenAI’s ratio has jumped from 250:1 to 1,500:1 in just six months, while Anthropic’s has exploded from 6,000:1 to a staggering 60,000:1.

Although AI systems typically include links to sources, Prince noted that ‘people aren’t following the footnotes,’ meaning fewer clicks and less ad revenue.

Prince argued that audiences are beginning to trust AI summaries more than the original articles, reducing publishers’ visibility and direct engagement.

As the web becomes increasingly AI-mediated, fewer people read full articles, raising urgent questions about how creators and publishers can be fairly compensated.

To tackle the issue, Cloudflare is preparing to launch a new anti-scraping tool to block unauthorised data harvesting. Prince hinted that the tool has broad industry support and will be rolled out soon.

He remains confident in Cloudflare’s capacity to fight against such threats, noting the company’s daily battles against sophisticated global cyber actors.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

TxTag users targeted in sophisticated phishing scheme

A new phishing campaign targets employees with fake TxTag toll payment alerts, using legitimate-looking government domains to trick recipients into handing over sensitive information. The emails warn users of an impending account suspension unless they urgently pay a small fee, creating a false alarm to prompt quick action.

While the messages appear to come from official sources, researchers found they actually originate from an Indiana-based GovDelivery system—not Texas toll authorities—highlighting a subtle but crucial red flag. Once victims click the link, they are taken to a convincing replica of the TxTag payment site hosted at a fraudulent domain.

The page displays a believable debt of $6.69 to make the request seem routine and non-threatening. However, instead of simply logging in, users are asked to provide full personal details and, later, complete credit card information—including CVV codes.

The phishing site even validates card data to ensure the theft yields high-quality credentials. After submitting the data, victims see a fake processing message, which may be followed by an error claiming the card is unsupported.

That trick often leads users to input additional card details, giving attackers access to multiple financial accounts. The scam exemplifies the growing sophistication of phishing attacks in the US that combine technical misdirection with emotional manipulation, preying on trust in government branding and the fear of financial penalties.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

France appeals porn site ruling based on EU legal grounds

The French government is challenging a recent decision by the Administrative Court of Paris that temporarily halted the enforcement of mandatory age verification on pornographic websites based in the EU. The court found France’s current approach potentially inconsistent with the EU law—specifically the 2002 E-Commerce Directive—which upholds the ‘country-of-origin’ principle.

That rule limits an EU country’s authority to regulate online services hosted in another member state unless it follows a formal process involving both the host country and the European Commission. The dispute’s heart is whether France correctly followed the required legal steps.

While French authorities say they notified the host countries of porn companies like Hammy Media (Xhamster) and Aylo (owner of Pornhub and others) and waited the mandated three months, legal experts argue that notifying the Commission is also essential. So far, there is no confirmation that this additional step was taken, which may weaken France’s legal standing.

Digital Minister Clara Chappaz reaffirmed the government’s commitment to enforcing age checks, calling it a ‘priority’ in a public statement. The ministry insists its rules align with the EU’s Audiovisual Media Services Directive.

However, the court’s ruling highlights broader tensions between France’s national digital regulations and overarching the EU law. Similar legal challenges have already forced France to adjust parts of its digital, influencer, and cloud regulation frameworks in the past two years.

The appeal could have significant implications for age restrictions on adult content and how France asserts digital sovereignty within the EU. If the court upholds the suspension, other digital regulations based on national initiatives may also be vulnerable to legal scrutiny under the EU principles.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot