Cybercrime

G7 to address North Korea’s role in major crypto hacks

Leaders of the Group of Seven (G7) nations are set to tackle North Korea’s ongoing cyber threats, particularly its involvement in large-scale cryptocurrency hacks.

The agenda will reportedly focus on the regime’s use of stolen crypto funds to finance weapons programmes. The issue has raised international concern over global security risks.

The summit, hosted by Canadian Prime Minister Mark Carney from 15 to 17 June in Alberta, is expected to address geopolitical challenges, including North Korea’s tightening alliance with Russia. Such ties have further complicated attribution of attacks and enforcement of sanctions, experts warn.

Investigations have linked North Korean hackers, notably the Lazarus Group, to major crypto heists. These include the $622 million Axie Infinity breach and February’s $1.4 billion Bybit attack. Analysts believe other cyber units are also active, making digital asset protection a growing priority.

The G7, comprising France, Germany, Italy, Japan, the UK, the US and Canada, aims to strengthen coordination against cybercrime. It also seeks to limit the regime’s ability to exploit the crypto ecosystem for hostile purposes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Cyber incident disrupts services at Marks & Spencer

Marks & Spencer has confirmed that a cyberattack has disrupted food availability in some stores and forced the temporary shutdown of online services. The company has not officially confirmed the nature of the breach, but cybersecurity experts suspect a ransomware attack.

The retailer paused clothing and home orders on its website and app after issues arose over the Easter weekend, affecting contactless payments and click-and-collect systems. M&S said it took some systems offline as a precautionary measure.

Reports have linked the incident to the hacking group Scattered Spider, although M&S has declined to comment further or provide a timeline for the resumption of online orders. The disruption has already led to minor product shortages and analysts anticipate a short-term hit to profits.

Still, M&S’s food division had been performing strongly, with grocery spending rising 14.4% year-on-year, according to Kantar. The retailer, which operates around 1,000 UK stores, earns about one-third of its non-food sales online. Shares dropped earlier in the week but closed Tuesday slightly up.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

France accuses Russia of cyberattacks on Olympic and election targets

France has publicly accused Russia’s military intelligence agency of launching cyberattacks against key French institutions, including the 2017 presidential campaign of Emmanuel Macron and organisations tied to the Paris 2024 Olympics.

The allegations were presented by Foreign Minister Jean-Noël Barrot at the UN Security Council, where he condemned the attacks as violations of international norms. French authorities linked the operations to APT28, a well-known Russian hacking group connected to the GRU.

The group also allegedly orchestrated the 2015 cyberattack on TV5 Monde and attempted to manipulate voters during the 2017 French election by leaking thousands of campaign documents. A rise in attacks has been noted ahead of major events like the Olympics and future elections.

France’s national cybersecurity agency recorded a 15% increase in Russia-linked attacks in 2024, targeting ministries, defence firms, and cultural venues. French officials warn the hacks aim to destabilise society and erode public trust.

France plans closer cooperation with Poland and pledged to counter Russia’s cyber operations with all available means.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware decline masks growing threat

A recent drop in reported ransomware attacks might seem encouraging, yet experts warn this is likely misleading. Figures from the NCC Group show a 32% decline in March 2025 compared to the previous month, totalling 600 incidents.

However, this dip is attributed to unusually large-scale attacks in earlier months, rather than an actual reduction in cybercrime. In fact, incidents were up 46% compared with March last year, highlighting the continued escalation in threat activity.

Rather than fading, ransomware groups are becoming more sophisticated. Babuk 2.0 emerged as the most active group in March, though doubts surround its legitimacy. Security researchers believe it may be recycling leaked data from previous breaches, aiming to trick victims instead of launching new attacks.

A tactic like this mirrors behaviours seen after law enforcement disrupted other major ransomware networks, such as LockBit in 2024.

Industrials were the hardest hit, followed by consumer-focused sectors, while North America bore the brunt of geographic targeting.

With nearly half of all recorded attacks occurring in the region, analysts expect North America, especially Canada, to remain a prime target amid rising political tensions and cyber vulnerability.

Meanwhile, cybercriminals are turning to malvertising, malicious code hidden in online advertisements, as a stealthier route of attack. This tactic has gained traction through the misuse of trusted platforms like GitHub and Dropbox, and is increasingly being enhanced with generative AI tools.

Instead of relying solely on technical expertise, attackers now use AI to craft more convincing and complex threats. As these strategies grow more advanced, experts urge organisations to stay alert and prioritise threat intelligence and collaboration to navigate this volatile cyber landscape.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

DeepSeek highlights the risk of data misuse

The launch of DeepSeek, a Chinese-developed LLM, has reignited long-standing concerns about AI, national security, and industrial espionage.

While issues like data usage and bias remain central to AI discourse, DeepSeek’s origins in China have introduced deeper geopolitical anxieties. Echoing the scrutiny faced by TikTok, the model has raised fears of potential links to the Chinese state and its history of alleged cyber espionage.

With China and the US locked in a high-stakes AI race, every new model is now a strategic asset. DeepSeek’s emergence underscores the need for heightened vigilance around data protection, especially regarding sensitive business information and intellectual property.

Security experts warn that AI models may increasingly be trained using data acquired through dubious or illicit means, such as large-scale scraping or state-sponsored hacks.

The practice of data hoarding further complicates matters, as encrypted data today could be exploited in the future as decryption methods evolve.

Cybersecurity leaders are being urged to adapt to this evolving threat landscape. Beyond basic data visibility and access controls, there is growing emphasis on adopting privacy-enhancing technologies and encryption standards that can withstand future quantum threats.

Businesses must also recognise the strategic value of their data in an era where the lines between innovation, competition, and geopolitics have become dangerously blurred.

For more information on these topics, visit diplomacy.edu.

Australia’s largest pension funds face coordinated cyber attacks

Several of Australia’s largest pension funds have recently been under suspected cyberattacks, exposing sensitive personal data and leading to confirmed financial losses in some cases.

AustralianSuper, the country’s biggest fund, confirmed that hackers used stolen passwords to access around 600 accounts, resulting in a reported A$500,000 loss from four members.

Rest Super, which manages A$93 billion for two million members, reported unauthorised access affecting about 8,000 accounts.

The fund quickly shut down its member portal and launched an investigation, stating that while personal information was accessed, no money was taken during the incident.

Other major superannuation providers, including Hostplus, Australian Retirement Trust (ART), and Insignia Financial, also reported suspicious activity.

ART detected login attempts across hundreds of accounts but confirmed no theft, while Insignia acknowledged attempted breaches with no reported losses.

Authorities believe the attacks were primarily conducted using ‘credential stuffing,’ a method where attackers use passwords leaked in unrelated breaches to access other platforms.

Here, the continued risks of weak password reuse are highlighted, as well as the importance of additional protections like two-factor authentication.

In response to the breaches, the National Cyber Security Coordinator of Australia, Michelle McGuinness, has initiated a government-wide review in cooperation with regulators and industry representatives.

Prime Minister Anthony Albanese addressed the attacks, reaffirming his administration’s commitment to strengthening cybersecurity defences.

Superannuation funds are contacting affected members and urging all users to update their credentials and take additional precautions.

For more information on these topics, visit diplomacy.edu.

How to protect your business from infostealer malware and credential theft

Cybercriminals stole billions of login credentials last year using infostealer malware, putting businesses worldwide at serious risk.

These malicious tools quietly harvest passwords and session tokens from infected devices, often within minutes.

To fight back, companies must use strong multi-factor authentication, store passwords in dedicated managers, and protect devices with advanced endpoint security.

Simple browser-stored logins are no longer safe, and attackers are getting better at bypassing weak defences.

Reducing session lifespans, using hardware-backed logins, and training staff to spot phishing threats are all key to staying secure.

By combining tech with human vigilance, organisations can stay ahead of attackers and safeguard their systems and data.

For more information on these topics, visit diplomacy.edu.

Crypto scam victims to receive $7M in recovered funds

US authorities will return $7 million to victims of a crypto investment scam. Fraudsters tricked investors into sending money to fake platforms before funnelling funds through 75 bank accounts. The US Secret Service seized assets from a foreign bank in 2023 and settled.

Victims were misled into believing their investments were growing, only to face demands for more money. When they attempted withdrawals, scammers claimed additional tax payments were required. The recovered funds will now be distributed to affected investors.

The 2025 Crypto Crime Report highlights the rise of sophisticated cyber scams. Australian police recently warned about fraudulent messages mimicking major exchanges. Other scams have involved malware disguised as legitimate trading software.

Microsoft’s security team has identified a new trojan targeting crypto wallets in Chrome extensions. As cybercriminals refine their tactics, authorities urge investors to stay vigilant and verify platforms before transferring funds.

For more information on these topics, visit diplomacy.edu

Stolen Bybit funds laundered at alarming speed

The hacker behind the $1.4 billion Bybit exploit has already laundered more than half of the stolen Ethereum, primarily swapping it for Bitcoin via THORChain. Blockchain analysts report that over $614 million has been moved in just five days, pushing THORChain’s daily transaction volumes from an average of $80 million to an astonishing $580 million. On 26 February alone, swaps reached a record $859 million.

The US Federal Bureau of Investigation has officially linked the attack to North Korean state-sponsored hackers, identifying it as part of a wider cybercrime operation. Security experts confirmed that Bybit’s core infrastructure remained intact, with the breach traced back to a compromised developer machine that injected malicious code into the Gnosis Safe UI. While the attack targeted Bybit’s cold wallet, the platform’s smart contracts were not affected.

In response, Bybit has launched a dedicated website to track the movement of stolen funds and is offering a bounty to exchanges that assist in their recovery. The incident underscores a growing trend where hackers are shifting focus from exchanges themselves to the infrastructure providers that support them.

For more information on these topics, visit diplomacy.edu

FBI says North Korea behind $1.5bn crypto heist

North Korean hackers have recorded the largest cryptocurrency theft, stealing approximately $1.5bn from the Dubai-based exchange ByBit. According to the FBI, the stolen funds have already been converted into Bitcoin and spread across thousands of blockchain addresses. The attack highlights North Korea’s growing expertise in cybercrime, with proceeds believed to be funding its nuclear weapons programme.

The notorious Lazarus Group, linked to the regime, has been responsible for several high-profile hacks, including the theft of over $1.3bn in cryptocurrency last year. Experts say the group employs advanced malware and social engineering tactics to breach exchanges and launder stolen assets into fiat currency. These funds are critical for bypassing international sanctions and financing North Korea’s military ambitions.

Beyond cybercrime, Pyongyang has deepened its ties with Russia, allegedly supplying troops and weapons in exchange for financial backing and technological expertise. Meanwhile, the regime has recently reopened its borders to a limited number of international tourists, aiming to generate much-needed foreign income. As global scrutiny intensifies, concerns are growing over North Korea’s increasing reliance on illicit activities to prop up its economy and expand its military power.

For more information on these topics, visit diplomacy.edu