Cybercrime

Hackers use ChatGPT for fake ID attack

A hacking group has reportedly used ChatGPT to generate a fake military ID in a phishing attack targeting South Korea. The incident, uncovered by cybersecurity firm Genians, shows how AI can be misused to make malicious campaigns more convincing.

Researchers said the group, known as Kimsuky, crafted a counterfeit South Korean military identification card to support a phishing email. While the document looked genuine, the email instead contained links to malware designed to extract data from victims’ devices.

Targets included journalists, human rights activists and researchers. Kimsuky has a history of cyber-espionage. US officials previously linked the group to global intelligence-gathering operations.

The findings highlight a wider trend of AI being exploited for cybercrime, from creating fake résumés to planning attacks and developing malware. Genians warned that attackers are rapidly using AI to impersonate trusted organisations, while the full scale of the breach is unknown.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber attacks pose growing threat to shipping industry

The maritime industry faces rising cyber threats, with Nigerian gangs among the most active attackers of shipping firms. HFW lawyers say ‘man-in-the-middle’ frauds are now common, letting hackers intercept communications and steal sensitive financial or operational data.

Costs from cyber attacks are rising sharply, with average mitigation expenses for shipping firms doubling to $550,000 (£410,000) between 2022 and 2023. In cases where hackers remain embedded, ransom payments can reach $3.2m.

The rise in attacks coincides with greater digitisation, satellite connectivity such as Starlink, and increased use of onboard sensors.

Threats now extend beyond financial extortion, with GPS jamming and spoofing posing risks to navigation. Incidents such as the grounding of MSC Antonia in the Red Sea illustrate potential physical damage from cyber interference.

Industry regulators are responding, with the International Maritime Organization introducing mandatory cyber security measures into ship management systems. Experts say awareness has grown, and shipping firms are gradually strengthening defences against criminal and state cyber threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

International search widens for ransomware fugitive on EU Most Wanted

A Ukrainian cybercrime suspect has been added to the EU’s Most Wanted list for his role in the 2019 LockerGoga ransomware attack against a major Norwegian aluminium company and other global incidents.

The fugitive is considered a high-value target and is wanted by multiple countries. The US Department of Justice has offered up to USD 10 million for information leading to the arrest.

Europol stated that the identification of the suspect followed a lengthy, multinational investigation supported by Eurojust, with damages from the network estimated to be in the billions. Several members of the group have already been detained in Ukraine.

Investigators have mapped the network’s operations, tracing its hierarchy from malware developers and intrusion experts to money launderers who processed illicit proceeds. The wanted man is accused of directly deploying LockerGoga ransomware.

Europol has urged the public to visit the EU Most Wanted website and share information that could assist in locating the fugitive. The suspect’s profile is now live on the platform.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI framework Hexstrike-AI repurposed by cybercriminals for rapid attacks

Within hours of its public release, the offensive security framework Hexstrike-AI has been weaponised by threat actors to exploit zero-day vulnerabilities, most recently affecting Citrix NetScaler ADC and Gateway, within just ten minutes.

Automated agents execute actions such as scanning, exploiting CVEs and deploying webshells, all orchestrated through high-level commands like ‘exploit NetScaler’.

Researchers from CheckPoint note that attackers are now using Hexstrike-AI to achieve unauthenticated remote code execution automatically.

The AI framework’s design, complete with retry logic and resilience, makes chaining reconnaissance, exploitation and persistence seamless and more effective.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Anthropic reveals hackers are ‘weaponising’ AI to launch cyberattacks

In its latest threat intelligence report, Anthropic has revealed that its AI tool Claude has been purposefully weaponised by hackers, offering a disturbing glimpse into how quickly AI is shifting the cyber threat landscape.

In one operation, termed ‘vibe hacking’, attackers used Claude Code to automate reconnaissance, ransomware creation, credential theft, and ransom-demand generation across 17 organisations, including those in healthcare, emergency services and government.

The firm also documents other troubling abuses: North Korean operatives used Claude to fabricate identities, successfully get hired at Fortune 500 companies and maintain access, all with minimal real-world technical skills. In another case, AI-generated ransomware variants were developed, marketed and sold to other criminals on the dark web.

Experts warn that such agentic AI systems enable single individuals to carry out complex cybercrime acts once reserved for well-trained groups.

While Anthropic has deactivated the compromised accounts and strengthened its safeguards, the incident highlights an urgent need for proactive risk management and regulation of AI systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Claude chatbot misused in unprecedented cyber extortion case

A hacker exploited Anthropic’s Claude chatbot to automate one of the most extensive AI-driven cybercrime operations yet recorded, targeting at least 17 companies across multiple sectors, the firm revealed.

According to Anthropic’s report, the attacker used Claude Code to identify vulnerable organisations, generate malicious software, and extract sensitive files, including defence data, financial records, and patients’ medical information.

The chatbot then sorted the stolen material, identified leverage for extortion, calculated realistic bitcoin demands, and even drafted ransom notes and extortion emails on behalf of the hacker.

Victims included a defence contractor, a financial institution, and healthcare providers. Extortion demands reportedly ranged from $75,000 to over $500,000, although it remains unclear how much was actually paid.

Anthropic declined to disclose the companies affected but confirmed new safeguards are in place. The firm warned that AI lowers the barrier to entry for sophisticated cybercrime, making such misuse increasingly likely.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Espionage fears rise as TAG-144 evolves techniques

A threat group known as TAG-144 has stepped up cyberattacks on South American government agencies, researchers have warned.

The group, also called Blind Eagle and APT-C-36, has been active since 2018 and is linked to espionage and extortion campaigns. Recent activity shows a sharp rise in cybercrime, spear-phishing, often using spoofed government email accounts to deliver remote access trojans.

Analysts say the group has shifted towards more advanced methods, embedding malware inside image files through steganography. Payloads are then extracted in memory, allowing attackers to evade antivirus software and maintain access to compromised systems.

Colombian government institutions have been hit hardest, with stolen credentials and sensitive data raising concerns over both financial and national security risks. Security experts warn that TAG-144’s evolving tactics blur the line between organised crime and state-backed espionage.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI tools underpin a new wave of ransomware

Avast researchers uncovered that the FunkSec ransomware group used generative AI tools to accelerate attack development.

While the malware was not fully AI-generated, AI aided in writing code, crafting phishing templates and enhancing internal tooling.

A subtle encryption flaw in FunkSec’s code became the decryption breakthrough. Avast quietly developed a free tool, bypassing the need for ransom payments and rescuing dozens of affected users in cooperation with law enforcement.

However, this marks one of the earliest recorded instances of AI being used in ransomware, targeting productivity and stealth. It demonstrates how cybercriminals are adopting AI to lower entry barriers and that forensic investigation and technical agility remain crucial defence tools.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

INTERPOL reports over 1,200 arrests in Africa-wide cybercrime operation

INTERPOL has announced that a continent-wide law enforcement initiative targeting cybercrime and fraud networks led to more than 1,200 arrests between June and August 2025. The operation, known as Serengeti 2.0, was carried out across multiple African states and focused on ransomware, online fraud, and business email compromise schemes. Authorities reported the recovery of approximately USD 97.4 million, allegedly stolen from more than 88,000 victims worldwide.

In Angola, police closed 25 unauthorised cryptocurrency mining sites, reportedly operated by 60 Chinese nationals. In Zambia, authorities dismantled a large-scale fraudulent investment scheme involving cryptocurrency platforms, which is estimated to have defrauded around 65,000 individuals of roughly USD 300 million. Fifteen suspects were detained, and assets, including domains, mobile numbers, and bank accounts, were seized.

In a separate raid in Lusaka, police disrupted a suspected human trafficking network and confiscated hundreds of forged passports from seven different countries.

INTERPOL has previously noted that Africa’s rapid uptake of digital technologies, particularly in finance and e-commerce, has increased the scope for cybercriminal activity. At the same time, comparatively weak cybersecurity frameworks have left financial institutions and government systems exposed to data breaches, economic losses, and disruption to trade.

Separately, in June, a Nigerian court sentenced nine Chinese nationals to prison for running an online fraud syndicate that recruited young Nigerians. Following the verdict, China’s ambassador to Nigeria proposed the creation of a joint working group to investigate cybercrime involving Chinese nationals in the region.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Celebrity Instagram hack fuels Solana meme coin scam

The Instagram accounts of Adele, Future, Tyla, and Michael Jackson were hacked late Thursday to promote an unauthorised meme coin. Posts showed an AI image of the Future with a ‘FREEBANDZ’ coin, falsely suggesting ties to the rapper.

The token, launched on the Solana platform Pump.fun, surged briefly to nearly $900,000 in market value before collapsing by 98% after its creator dumped 700 million tokens. The scheme netted more than $49,000 in Solana for the perpetrator, suspected of being behind the account hijackings.

None of the affected celebrities has issued a statement, while Future’s Instagram account remains deactivated. The hack continues a trend of using celebrity accounts for crypto pump-and-dump schemes. Previous cases involved the UFC, Barack Obama, and Elon Musk.

Such scams are becoming increasingly common, with attackers exploiting the visibility of major social media accounts to drive short-lived token gains before leaving investors with losses.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot