Privacy and data protection

Lazarus Group linked to Taiwan exchange hack

Taiwanese cryptocurrency exchange BitoPro has confirmed that North Korea’s state-sponsored Lazarus Group carried out a cyberattack on 9 May, resulting in the theft of approximately $11.5 million.

The company announced an internal investigation supported by an external cybersecurity firm. BitoPro detected suspicious outflows from its platform in early May, prompting immediate security measures and a comprehensive forensic review.

According to the exchange, the attackers employed tactics, techniques, and procedures (TTPs) consistent with previous operations attributed to Lazarus—an elite cybercrime unit from North Korea linked to numerous high-profile financial and cryptocurrency heists worldwide.

‘The methodology observed during the breach strongly resembles known Lazarus Group activity,’ BitoPro stated. ‘We are working closely with law enforcement and blockchain security experts to recover stolen assets and prevent further incidents.’

The breach adds to a growing list of Lazarus-linked attacks targeting decentralised finance (DeFi) platforms, exchanges, and cross-chain bridges—sectors often lacking the robust security infrastructure of traditional banking systems.

BitoPro’s disclosure highlights the escalating threat that state-affiliated hacking groups pose to the digital asset industry. Experts warn that these attacks are becoming more frequent and sophisticated as bad actors continue to exploit vulnerabilities in emerging financial technologies.

Currently, BitoPro has not confirmed whether any of the stolen funds have been recovered. The company has assured users that affected systems have been secured and that additional security measures are being implemented to protect its infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Supply chain cyber attack hits UBS and Swiss banks

A sophisticated supply chain cyber attack on Swiss service provider Chain IQ has resulted in data leaks at several financial institutions, including UBS and Pictet. According to the banks, no client data was compromised.

UBS confirmed the breach on Wednesday, stating: ‘A cyber attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected.’ The bank said it had acted swiftly to protect operations.

Chain IQ revealed that it was one of 20 organisations targeted in what it described as ‘a cyber-attack that had never before been seen on a global scale.’

The attackers published stolen data on the dark web on 12 June 2025 at 17:15 CET. The firm said access was revoked and the incident contained within 8 hours and 45 minutes.

The stolen data included employee business contact details from certain clients, such as internal telephone numbers. The company stated that all systems were checked and secured, with law enforcement notified immediately.

Dr Ilia Kolochenko, CEO of ImmuniWeb and a Fellow at the British Computer Society, warned of the potential impact: ‘This breach may have a disastrous and long-lasting effect on the Swiss banking sector. An urgent investigation is essential to determine its scope.’

He added that the incident highlights third-party vulnerabilities: ‘Even major institutions are at risk from supply chain weaknesses. Legal liability could extend to the banks themselves if damage to individuals occurs.’

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Chatham House analyst targeted in phishing attack

Chatham House expert Keir Giles has been targeted by a highly sophisticated spear phishing campaign, with suspected ties to Russian intelligence.

The cyber operation impersonated a senior official at the US State Department and attempted to extract sensitive credentials under the guise of a legitimate diplomatic consultation.

The incident, which took place in May 2025, was investigated by Google’s Threat Intelligence Group (GTIG) and Citizen Lab. It has been linked to a threat actor tracked as UNC6293, possibly associated with APT29—an espionage group believed to be backed by Russia’s Foreign Intelligence Service (SVR).

Giles received an email from an individual claiming to be ‘Claudie S. Weber’, a non-existent official at the US Department of State. The message invited him to a meeting to discuss ‘recent developments’, a type of request not uncommon in his line of work.

Although the attacker used a Gmail address, they copied several fake @state.gov email addresses to lend the communication authenticity. According to Citizen Lab, the US State Department’s email servers do not bounce invalid addresses, allowing this tactic to go unnoticed.

The tone of the message, coupled with evasive language, led investigators to suspect that the attackers may have employed a large language model to generate the email content.

While the first message contained no direct malware, a later email included a PDF instructing Giles to create an app-specific password (ASP) for accessing a supposed government platform. In reality, this would have handed full access of his Gmail account to the attackers.

Although Giles followed the instructions, he used a different Gmail account than the one targeted—likely limiting the damage. After ten further email exchanges, he shared details of the attempted attack publicly, warning that the stolen material could be altered and leaked as part of a disinformation campaign.

He noted that the attackers’ patient approach made the scam appear more plausible. Citizen Lab confirmed the threat actor’s ability to adapt based on Giles’ replies, avoiding pressure tactics and instead suggesting future collaboration.

Google ultimately blocked the offending Gmail account and secured the affected inbox. GTIG later disclosed a broader campaign, including another incident themed around Ukraine and Microsoft, beginning in April 2025.

In response, GTIG advised high-risk users to avoid app-specific passwords altogether, particularly when enrolled in the Advanced Protection Program (APP). Other recommendations included promptly revoking unused ASPs, monitoring account activity, and enabling advanced security measures.

The case underscores the evolving tactics of state-aligned cyber actors, who now combine social engineering with AI and deep reconnaissance to breach high-value targets.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TCS clears its name in M&S data breach

Tata Consultancy Services (TCS) has publicly denied any involvement in the cyberattack that disrupted Marks & Spencer earlier this year. The attack, described as highly sophisticated, led to significant data theft and weeks-long disruption of online operations.

During the company’s annual shareholder meeting, TCS independent director Keki Mistry confirmed that none of the company’s systems or users were compromised. He said TCS is not under investigation by M&S and assured shareholders no other clients were affected.

TCS has worked with M&S for more than a decade and was awarded a $1bn contract in 2023 to overhaul the retailer’s supply chain systems. Although TCS reviewed its systems, Mistry’s comments suggest the breach did not stem from its infrastructure.

The retailer has not responded to TCS’s latest remarks but earlier stated it hopes to fully restore its online services by July.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Oakley unveils smart glasses featuring Meta technology

Meta has partnered with Oakley to launch a new line of smart glasses designed for active lifestyles. The flagship model, Oakley Meta HSTN, will be available for preorder from 11 July for $499.

Additional Oakley models featuring Meta’s innovative technology are set to launch later in the summer, starting at $399.

https://twitter.com/1Kapisch/status/1936045567626617315

The glasses include a front-facing camera, open-ear speakers, and microphones embedded in the frame, much like the Meta Ray-Bans. When paired with a smartphone, users can listen to music, take calls, and interact with Meta AI.

With built-in cameras and microphones, Meta AI can also describe surroundings, answer visual questions, and translate languages.

With their sleek, sports-ready design and IPX4 water resistance, the glasses are geared toward athletes. They offer 8 hours of battery life—twice that of the Meta Ray-Bans—and come with a charging case that extends usage to 48 hours. Video capture quality has also improved, now supporting 3K resolution.


Customers can choose from five frame and lens combinations with prescription lenses for an added cost. Colours include warm grey, black, brown smoke, and clear, while lens options include Oakley’s PRIZM and transitions.

The $499 limited-edition version features gold accents and gold PRIZM lenses. Sales will cover major markets across North America, Europe, and Australia.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!


Hidden privacy risk: Meta AI app may make sensitive chats public

Meta’s new AI app raises privacy concerns as users unknowingly expose sensitive personal information to the public.

The app includes a Discover feed where anyone can view AI chats — even those involving health, legal or financial data. Many users have accidentally shared full resumes, private conversations and medical queries without realising they’re visible to others.

Despite this, Meta’s privacy warnings are minimal. On iPhones, there’s no clear indication during setup that chats will be made public unless manually changed in settings.

Android users see a brief, easily missed message. Even the ‘Post to Feed’ button is ambiguous, often mistaken as referring to a user’s private chat history rather than public content.

Users must navigate deep into the app’s settings to make chats private. They can restrict who sees AI prompts there, stop sharing on Facebook and Instagram, and delete previous interactions.

Critics argue the app’s lack of clarity burdens users, leaving many at risk of oversharing without realising it.

While Meta describes the Discover feed as a way to explore creative AI usage, the result has been a chaotic mix of deeply personal content and bizarre prompts.

Privacy experts warn that the situation mirrors Meta’s longstanding issues with user data. Users are advised to avoid sharing personal details with the AI entirely and immediately turn off all public sharing options.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TxTag users targeted in sophisticated phishing scheme

A new phishing campaign targets employees with fake TxTag toll payment alerts, using legitimate-looking government domains to trick recipients into handing over sensitive information. The emails warn users of an impending account suspension unless they urgently pay a small fee, creating a false alarm to prompt quick action.

While the messages appear to come from official sources, researchers found they actually originate from an Indiana-based GovDelivery system—not Texas toll authorities—highlighting a subtle but crucial red flag. Once victims click the link, they are taken to a convincing replica of the TxTag payment site hosted at a fraudulent domain.

The page displays a believable debt of $6.69 to make the request seem routine and non-threatening. However, instead of simply logging in, users are asked to provide full personal details and, later, complete credit card information—including CVV codes.

The phishing site even validates card data to ensure the theft yields high-quality credentials. After submitting the data, victims see a fake processing message, which may be followed by an error claiming the card is unsupported.

That trick often leads users to input additional card details, giving attackers access to multiple financial accounts. The scam exemplifies the growing sophistication of phishing attacks in the US that combine technical misdirection with emotional manipulation, preying on trust in government branding and the fear of financial penalties.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

EU AI Act challenges 68% of European businesses, AWS report finds

As AI becomes integral to digital transformation, European businesses struggle to adapt to new regulations like the EU AI Act.

A report commissioned by AWS and Strand Partners revealed that 68% of surveyed companies find the EU AI Act difficult to interpret, with compliance absorbing around 40% of IT budgets.

Businesses unsure of regulatory obligations are expected to invest nearly 30% less in AI over the coming year, risking a slowdown in innovation across the continent.

The EU AI Act, effective since August 2024, introduces a phased risk-based framework to regulate AI in the EU. Some key provisions, including banned practices and AI literacy rules, are already enforceable.

Over the next year, further requirements will roll out, affecting AI system providers, users, distributors, and non-EU companies operating within the EU. The law prohibits exploitative AI applications and imposes strict rules on high-risk systems while promoting transparency in low-risk deployments.

AWS has reaffirmed its commitment to responsible AI, which is aligned with the EU AI Act. The company supports customers through initiatives like AI Service Cards, its Responsible AI Guide, and Bedrock Guardrails.

AWS was the first primary cloud provider to receive ISO/IEC 42001 certification for its AI offerings and continues to engage with the EU institutions to align on best practices. Amazon’s AI Ready Commitment also offers free education on responsible AI development.

Despite the regulatory complexity, AWS encourages its customers to assess how their AI usage fits within the EU AI Act and adopt safeguards accordingly.

As compliance remains a shared responsibility, AWS provides tools and guidance, but customers must ensure their applications meet the legal requirements. The company updates customers as enforcement advances and new guidance is issued.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

North Korea’s BlueNoroff uses deepfakes in Zoom calls to hack crypto workers

The North Korea-linked threat group BlueNoroff has been caught deploying deepfake Zoom meetings to target an employee at a cryptocurrency foundation, aiming to install malware on macOS systems.

According to cybersecurity firm Huntress, the attack began through a Telegram message that redirected the victim to a fake Zoom site. Over several weeks, the employee was lured into a group video call featuring AI-generated replicas of company executives.

When the employee encountered microphone issues during the meeting, the fake participants instructed them to download a Zoom extension, which instead executed a malicious AppleScript.

The script covertly fetched multiple payloads, installed Rosetta 2, and prompted for the system password while wiping command histories to hide forensic traces. Eight malicious binaries were uncovered on the compromised machine, including keyloggers, information stealers, and remote access tools.

BlueNoroff, also known as APT38 and part of the Lazarus Group, has a track record of targeting financial and blockchain organisations for monetary gain. The group’s past operations include the Bybit and Axie Infinity breaches.

Their campaigns often combine deep social engineering with sophisticated multi-stage malware tailored for macOS, with new tactics now mimicking audio and camera malfunctions to trick remote workers.

Cybersecurity analysts have noted that BlueNoroff has fractured into subgroups like TraderTraitor and CryptoCore, specialising in cryptocurrency theft.

Recent offshoot campaigns involve fake job interview portals and dual-platform malware, such as the Python-based PylangGhost and GolangGhost trojans, which harvest sensitive data from victims across operating systems.

The attackers have impersonated firms like Coinbase and Uniswap, mainly targeting users in India.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Massive data leak exposes 16 billion login credentials from Google, Facebook, and more

One of the largest-ever leaks of stolen login data has come to light, exposing more than 16 billion records across widely used services, including Facebook, Google, Telegram, and GitHub. The breach, uncovered by researchers at Cybernews, highlights a growing threat to individuals and organisations.

The exposed data reportedly originated from info stealer malware, previous leaks, and credential-stuffing tools. A total of 30 separate datasets were identified, some containing over 3.5 billion entries.

These were briefly available online due to unsecured cloud storage before being removed. Despite the swift takedown, the data had already been collected and analysed.

Experts have warned that the breach could lead to identity theft, phishing, and account takeovers. Smaller websites and users with poor cybersecurity practices are especially vulnerable. Many users continue to reuse passwords or minor variations of them, increasing the risk of exploitation.

While the leak is severe, users employing two-factor authentication (2FA), password managers, or passkeys are less likely to be affected.

Passkeys, increasingly adopted by companies like Google and Apple, offer a phishing-resistant login method that bypasses the need for passwords altogether.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot