Cybersecurity

Microsoft seizes 338 sites tied to phishing service

Microsoft has disrupted RaccoonO365, a fast-growing phishing service used by cybercriminals to steal Microsoft 365 login details.

Using a court order from the Southern District of New York, in the US, its Digital Crimes Unit seized 338 websites linked to the operation. The takedown cut off infrastructure that enabled criminals to mimic Microsoft branding and trick victims into sharing their credentials.

Since mid-2024, RaccoonO365 has been used in at least 94 countries and has stolen more than 5,000 credentials. The kits were marketed on Telegram to hundreds of paying subscribers, including campaigns that targeted healthcare providers in the US.

Microsoft identified the group’s alleged leader as Joshua Ogundipe, based in Nigeria, who is accused of creating and promoting the service. The company has referred the case to international law enforcement while continuing efforts to dismantle any rebuilt networks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

WEF urges trade policy shift to protect workers in digital economy

The World Economic Forum (WEF) has published an article on using trade policy to build a fairer digital economy. Digital services now make up over half of global exports, with AI investment projected at $252 billion in 2024. Countries from Kenya to the UAE are positioning as digital hubs, but job quality still lags.

Millions of platform workers face volatile pay, lack of contracts, and no access to social protections. In Kenya alone, 1.9 million people rely on digital work yet face algorithm-driven pay systems and sudden account deactivations. India and the Philippines show similar patterns.

AI threatens to automate lower-skilled tasks such as data annotation and moderation, deepening insecurity in sectors where many developing countries have found a competitive edge. Ethical standards exist but have little impact without enforcement or supportive regulation.

Countries are experimenting with reforms: Singapore now mandates injury compensation and retirement savings for platform workers, while the Rider Law in Spain reclassifies food couriers as employees. Yet overly strict regulation risks eroding the flexibility that attracts youth and caregivers to gig work.

Trade agreements, such as the AfCFTA and the KenyaEU pact, could embed labour protections in digital markets. Coordinated policies and tripartite dialogue are essential to ensure the digital economy delivers growth, fairness, and dignity for workers.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New YouTube AI features make Shorts faster and smarter

YouTube has unveiled a new suite of AI tools designed to enhance the creation of Shorts, with its headline innovation being Veo 3 Fast, a streamlined version of Google DeepMind’s video model.

A system that can generate 480p clips with sound almost instantly, marking the first time audio has been added to Veo-generated Shorts. It is already being rolled out in the US, the UK, Canada, Australia and New Zealand, with other regions to follow instead of a limited release.

The platform also introduced several advanced editing features, such as motion transfer from video to still images, text-based styling, object insertion and Speech to Song Remixing, which converts spoken dialogue into music through DeepMind’s Lyria 2 model.

Testing will begin in the US before global expansion.

Another innovation, Edit with AI, automatically assembles raw footage into a rough cut complete with transitions, music and interactive voiceovers. YouTube confirmed the tool is in trials and will launch in select markets within weeks instead of years.

All AI-generated Shorts will display labels and watermarks to maintain transparency, as YouTube pushes to expand creator adoption and boost Shorts’ growth as a rival to TikTok and Instagram Reels.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cybersecurity researchers identify ransomware using open-source tools

A ransomware group calling itself Yurei first emerged on 5 September, targeting a food manufacturing company in Sri Lanka. Within days, the group had added victims in India and Nigeria, bringing the total confirmed incidents to three.

The Check Point researchers identified that Yurei’s code is largely derived from Prince-Ransomware, an open-source project, and this reuse includes retaining function and module names because the developers did not strip symbols from the compiled binary, making the link to Prince-Ransomware clear.

Yurei operates using a double-extortion model, combining file encryption with theft of sensitive data. Victims are pressured to pay not only for a decryption key but also to prevent stolen data from being leaked.

Yurei’s extortion workflow involves posting victims on a darknet blog, sharing proof of compromise such as internal document screenshots, and offering a chat interface for negotiation. If a ransom is paid, the group promises a decryption tool and a report detailing the vulnerabilities exploited during the attack, akin to a pen-test report.

Preliminary findings (with ‘low confidence’) suggest that Yurei may be based in Morocco, though attribution remains uncertain.

The emergence of Yurei illustrates how open-source ransomware projects lower the barrier to entry, enabling relatively unsophisticated actors to launch effective campaigns. The focus on data theft rather than purely encryption may represent an escalating trend in modern cyberextortion.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Prolonged JLR shutdown threatens UK export targets

Jaguar Land Rover (JLR) has confirmed that its production halt will continue until at least Wednesday, 24 September, as it works to recover from a major cyberattack that disrupted its IT systems and paralysed production at the end of August.

JLR stated that the extension was necessary because forensic investigations were ongoing and the controlled restart of operations was taking longer than anticipated. The company stressed that it was prioritising a safe and stable restart and pledged to keep staff, suppliers, and partners regularly updated.

Reports suggest recovery could take weeks, impacting production and sales channels for an extended period. Approximately 33,000 employees remain at home as factory and sales processes are not fully operational, resulting in estimated losses of £1 billion in revenue and £70 million in profits.

The shutdown also poses risks to the wider UK economy, as JLR represents roughly four percent of British exports. The incident has renewed calls for the Cyber Security and Resilience Bill, which aims to strengthen defenses against digital threats to critical industries.

No official attribution has been made, but a group calling itself Scattered Lapsus$ Hunters has claimed responsibility. The group claims to have deployed ransomware and published screenshots of JLR’s internal SAP system, linking itself to extortion groups, including Scattered Spider, Lapsus$, and ShinyHunters.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

US Army puts cybersecurity at the heart of transformation

Cybersecurity is a critical element of the US Army’s ongoing transformation and of wider national efforts to safeguard critical infrastructure, according to Brandon Pugh, Principal Cyber Adviser to the Secretary of the Army. Speaking at the Billington CyberSecurity Summit on 11 September, Pugh explained that the Army’s Continuous Transformation initiative is intended to deliver advanced technologies to soldiers more rapidly, ensuring readiness for operational environments where cybersecurity underpins every aspect of activity, from base operations to mobilisation.

Pugh took part in the panel where he emphasised that defending the homeland remains a central priority, with the Army directly affected by vulnerabilities in privately owned critical infrastructure such as energy and transport networks. He referred to research conducted by the Army Cyber Institute at the US Military Academy at West Point, which analyses how weaknesses in infrastructure could undermine the Army’s ability to project forces in times of crisis or conflict.

The other panellists agreed that maintaining strong basic cyber hygiene is essential. Josh Salmanson, Vice President for the Defence Cyber Practice at Leidos, underlined the importance of measures such as timely patching, reducing vulnerabilities, and eliminating shared passwords, all of which help to reduce noise in networks and strengthen responses to evolving threats.

The discussion also considered the growing application of AI in cyber operations. Col. Ivan Kalabashkin, Deputy Head of Ukraine’s Security Services Cyber Division reported that Ukraine has faced more than 13,000 cyber incidents directed at government and critical infrastructure systems since the start of the full-scale war, noting that Russia has in recent months employed AI to scan for network vulnerabilities.

Pugh stated that the Army is actively examining how AI can be applied to enhance both defensive and potentially offensive cyber operations, pointing to significant ongoing work within Army Cyber Command and US Cyber Command.

Finally, Pugh highlighted the Army’s determination to accelerate the introduction of cyber capabilities, particularly from innovative companies offering specialist solutions. He stressed the importance of acquisition processes that enable soldiers to test new capabilities within weeks, in line with the Army’s broader drive to modernise how it procures, evaluates, and deploys technology.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyberattack compromises personal data used for DBS checks at UK college

Bracknell and Wokingham College has confirmed a cyberattack that compromised data collected for Disclosure and Barring Service (DBS) checks. The breach affects data used by Activate Learning and other institutions, including names, dates of birth, National Insurance numbers, and passport details.

Access Personal Checking Services (APCS) was alerted by supplier Intradev on August 17 that its systems had been accessed without authorisation. While payment card details and criminal conviction records were not compromised, data submitted between December 2024 and May 8, 2025, was copied.

APCS stated that its own networks and those of Activate Learning were not breached. The organisation is contacting only those data controllers where confirmed breaches have occurred and has advised that its services can continue to be used safely.

Activate Learning reported the incident to the Information Commissioner’s Office following a risk assessment. APCS is still investigating the full scope of the breach and has pledged to keep affected institutions and individuals informed as more information becomes available.

Individuals have been advised to closely monitor their financial statements, exercise caution when opening phishing emails, and regularly update security measures, including passwords and two-factor authentication. Activate Learning emphasised the importance of staying vigilant to minimise risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Indonesia’s sovereign wealth fund INA targets data centres and AI in healthcare

The Indonesia Investment Authority (INA), the country’s sovereign wealth fund, is sharpening its focus on digital infrastructure, healthcare and renewable energy as it seeks to attract foreign partners and strengthen national development.

The fund, created in 2021 with $5 billion in state capital, now manages assets worth around $10 billion and is expanding its scope beyond equity into hybrid capital and private credit.

Chief investment officer Christopher Ganis said data centres and supporting infrastructure, such as sub-sea cables, were key priorities as the government emphasises data independence and resilience.

INA has already teamed up with Singapore-based Granite Asia to invest over $1.2 billion in Indonesia’s technology and AI ecosystem, including a new data centre campus in Batam. Ganis added that AI would be applied first in healthcare instead of rushing into broader adoption.

Renewables also remain central to INA’s strategy, with its partnership alongside Abu Dhabi’s Masdar Clean Energy in Pertamina Geothermal Energy cited as a strong performer.

Ganis said Asia’s reliance on bank financing highlights the need for INA’s support in cross-border growth, since domestic banks cannot always facilitate overseas expansion.

Despite growing global ambitions, INA will prioritise projects directly linked to Indonesia. Ganis stressed that it must deliver benefits at home instead of directing capital into ventures without a clear link to the country’s future.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Miljodata hack exposes data of nearly 15% of Swedish population

Swedish prosecutors have confirmed that a cyberattack on IT systems provider Miljodata exposed the personal data of 1.5 million people, nearly 15% of Sweden’s population. The attack occurred during the weekend of August 23–24.

Authorities said the stolen data has been leaked online and includes names, addresses, and contact details. Prosecutor Sandra Helgadottir said the group Datacarry has claimed responsibility, though no foreign state involvement is suspected.

Media in Sweden reported that the hackers demanded 1.5 bitcoin (around $170,000) to prevent the release of the data. Miljodata confirmed the information has now been published on the darknet.

The Swedish Authority for Privacy Protection has received over 250 breach notifications, with 164 municipalities and four regional authorities impacted. Employees in Gothenburg were among those affected, according to SVT.

Private companies, including Volvo, SAS, and GKN Aerospace, also reported compromised data. Investigators are working to identify the perpetrators as the breach’s scale continues to raise concerns nationwide.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

First quantum-AI data centre launched in New York City

Oxford Quantum Circuits (OQC) and Digital Realty have launched the first quantum-AI data centre in New York City at the JFK10 facility, powered by Nvidia GH200 Grace Hopper Superchips. The project combines superconducting quantum computers with AI supercomputing under one roof.

OQC’s GENESIS quantum computer is the first to be deployed in a New York data centre, designed to support hybrid workloads and enterprise adoption. Future GENESIS systems will ship with Nvidia accelerated computing and CUDA-Q integration as standard.

OQC CEO Gerald Mullally said the centre will drive the AI revolution securely and at scale, strengthening the UKUS technology alliance. Digital Realty CEO Andy Power called it a milestone for making quantum-AI accessible to enterprises and governments.

UK Science Minister Patrick Vallance highlighted the £212 billion economic potential of quantum by 2045, citing applications from drug discovery to clean energy. He said the launch puts British innovation at the heart of next-generation computing.

The centre, embedded in Digital Realty’s PlatformDIGITAL, will support applications in finance, security, and AI, including quantum machine learning and accelerated model training. OQC Chair Jack Boyer said it demonstrates UK–US collaboration in leading frontier technologies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!