Cybercrime

Italian political elite targeted in hacking scandal using stolen state data

Italian authorities have uncovered a vast hacking operation that built detailed dossiers on politicians and business leaders using data siphoned from state databases. Prosecutors say the group, operating under the name Equalize, tried to use the information to manipulate Italy’s political class.

The network, allegedly led by former police inspector Carmine Gallo, businessman Enrico Pazzali and cybersecurity expert Samuele Calamucci, created a system called Beyond to compile thousands of records from state systems, including confidential financial and criminal records.

Police wiretaps captured suspects boasting they could operate all over Italy. Targets included senior officials such as former Prime Minister Matteo Renzi and the president of the Senate Ignazio La Russa.

Investigators say the gang presented itself as a corporate intelligence firm while illegally accessing phones, computers and government databases. The group allegedly sold reputational dossiers to clients, including major firms such as Eni, Barilla and Heineken, which have all denied wrongdoing or said they were unaware of any illegal activity.

The probe began when police monitoring a northern Italian gangster uncovered links to Gallo. Gallo, who helped solve cases including the 1995 murder of Maurizio Gucci, leveraged contacts in law enforcement and intelligence to arrange unlawful data searches for Equalize.

The operation collapsed in autumn 2024, with four arrests and dozens questioned. After months of questioning and plea bargaining, 15 defendants are due to enter pleas this month. Officials warn the case shows how hackers can weaponise state data, calling it ‘a real and actual attack on democracy’.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

US Department of Justice charges former L3Harris executive with selling trade secrets to Russian buyer

The US Department of Justice has accused a former executive at defense contractor L3Harris of stealing and selling trade secrets to a buyer in Russia.

According to court filings, Peter Williams, a 39-year-old Australian citizen and former general manager of L3Harris division Trenchant, allegedly sold eight trade secrets from two unnamed companies between April 2022 and August 2025, earning about $1.3 million.

Williams, known internally as ‘Doogie,’ led Trenchant, which develops hacking and surveillance tools for Western governments, including the United States. He joined the company in October 2024 and left in August 2025, according to U.K. business records.

The DOJ’s ‘criminal information’ document, which, similar to an indictment, represents a formal accusation, did not identify the companies involved or the Russian buyer. Prosecutors are seeking to recover assets they say Williams acquired through the sale of trade secrets.

The case is being prosecuted by the DOJ’s National Security Division under the Counterintelligence and Export Control Section. An arraignment and plea hearing is scheduled for October 29 in Washington, DC.

Would you like to learn more aboutAI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UK government urges awareness as £106m lost to romance fraud in one year

Romance fraud has surged across the United Kingdom, with new figures showing that victims lost a combined £106 million in the past financial year. Action Fraud, the UK’s national reporting centre for cybercrime, described the crime as one that causes severe financial, emotional, and social damage.

Among the victims is London banker Varun Yadav, who lost £40,000 to a scammer posing as a romantic partner on a dating app. After months of chatting online, the fraudster persuaded him to invest in a cryptocurrency platform.

When his funds became inaccessible, Yadav realised he had been deceived. ‘You see all the signs, but you are so emotionally attached,’ he said. ‘You are willing to lose the money, but not the connection.’

The Financial Conduct Authority (FCA) said banks should play a stronger role in disrupting romance scams, calling for improved detection systems and better staff training to identify vulnerable customers. It urged firms to adopt what it called ‘compassionate aftercare’ for those affected.

Romance fraud typically involves criminals creating fake online profiles to build emotional connections before manipulating victims into transferring money.

The National Cyber Security Centre (NCSC) and UK police recommend maintaining privacy on social media, avoiding financial transfers to online contacts, and speaking openly with friends or family before sending money.

The Metropolitan Police recently launched an awareness campaign featuring victim testimonies and guidance on spotting red flags. The initiative also promotes collaboration with dating apps, banks, and social platforms to identify fraud networks.

Detective Superintendent Kerry Wood, head of economic crime for the Met Police, said that romance scams remain ‘one of the most devastating’ forms of fraud. ‘It’s an abuse of trust which undermines people’s confidence and sense of self-worth. Awareness is the most powerful defence against fraud,’ she said.

Although Yadav never recovered his savings, he said sharing his story helped him rebuild his life. He urged others facing similar scams to speak up: ‘Do not isolate yourself. There is hope.’

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

European action targets major cryptocurrency investment scam

Eurojust has coordinated a large-scale operation to dismantle a cryptocurrency fraud scheme worth more than €100 million across Europe. The action, requested by Spanish and Portuguese authorities, resulted in the arrest of five suspects, including the alleged mastermind.

Victims from Germany, France, Italy, Spain and other countries were lured into false investment platforms promising high returns.

Investigations revealed that funds were funnelled mainly through Lithuanian bank accounts to launder the illicit proceeds. Victims were later asked to pay additional fees to recover their money, after which the fraudulent websites vanished, leaving many with severe losses.

The scheme has been running since 2018, affecting people in 23 countries.

Authorities in Spain, Portugal, Italy, Romania and Bulgaria conducted searches and froze bank accounts and financial assets. Eurojust backed a Spain-Lithuania investigation team, while Europol sent a cryptocurrency expert to support operations in Portugal.

The coordinated action also relied on European Arrest Warrants, Investigation Orders and freezing orders. National agencies and prosecutors across Europe united in one of the most significant efforts against cryptocurrency fraud.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Hackers use ChatGPT for fake ID attack

A hacking group has reportedly used ChatGPT to generate a fake military ID in a phishing attack targeting South Korea. The incident, uncovered by cybersecurity firm Genians, shows how AI can be misused to make malicious campaigns more convincing.

Researchers said the group, known as Kimsuky, crafted a counterfeit South Korean military identification card to support a phishing email. While the document looked genuine, the email instead contained links to malware designed to extract data from victims’ devices.

Targets included journalists, human rights activists and researchers. Kimsuky has a history of cyber-espionage. US officials previously linked the group to global intelligence-gathering operations.

The findings highlight a wider trend of AI being exploited for cybercrime, from creating fake résumés to planning attacks and developing malware. Genians warned that attackers are rapidly using AI to impersonate trusted organisations, while the full scale of the breach is unknown.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber attacks pose growing threat to shipping industry

The maritime industry faces rising cyber threats, with Nigerian gangs among the most active attackers of shipping firms. HFW lawyers say ‘man-in-the-middle’ frauds are now common, letting hackers intercept communications and steal sensitive financial or operational data.

Costs from cyber attacks are rising sharply, with average mitigation expenses for shipping firms doubling to $550,000 (£410,000) between 2022 and 2023. In cases where hackers remain embedded, ransom payments can reach $3.2m.

The rise in attacks coincides with greater digitisation, satellite connectivity such as Starlink, and increased use of onboard sensors.

Threats now extend beyond financial extortion, with GPS jamming and spoofing posing risks to navigation. Incidents such as the grounding of MSC Antonia in the Red Sea illustrate potential physical damage from cyber interference.

Industry regulators are responding, with the International Maritime Organization introducing mandatory cyber security measures into ship management systems. Experts say awareness has grown, and shipping firms are gradually strengthening defences against criminal and state cyber threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

International search widens for ransomware fugitive on EU Most Wanted

A Ukrainian cybercrime suspect has been added to the EU’s Most Wanted list for his role in the 2019 LockerGoga ransomware attack against a major Norwegian aluminium company and other global incidents.

The fugitive is considered a high-value target and is wanted by multiple countries. The US Department of Justice has offered up to USD 10 million for information leading to the arrest.

Europol stated that the identification of the suspect followed a lengthy, multinational investigation supported by Eurojust, with damages from the network estimated to be in the billions. Several members of the group have already been detained in Ukraine.

Investigators have mapped the network’s operations, tracing its hierarchy from malware developers and intrusion experts to money launderers who processed illicit proceeds. The wanted man is accused of directly deploying LockerGoga ransomware.

Europol has urged the public to visit the EU Most Wanted website and share information that could assist in locating the fugitive. The suspect’s profile is now live on the platform.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

AI framework Hexstrike-AI repurposed by cybercriminals for rapid attacks

Within hours of its public release, the offensive security framework Hexstrike-AI has been weaponised by threat actors to exploit zero-day vulnerabilities, most recently affecting Citrix NetScaler ADC and Gateway, within just ten minutes.

Automated agents execute actions such as scanning, exploiting CVEs and deploying webshells, all orchestrated through high-level commands like ‘exploit NetScaler’.

Researchers from CheckPoint note that attackers are now using Hexstrike-AI to achieve unauthenticated remote code execution automatically.

The AI framework’s design, complete with retry logic and resilience, makes chaining reconnaissance, exploitation and persistence seamless and more effective.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Anthropic reveals hackers are ‘weaponising’ AI to launch cyberattacks

In its latest threat intelligence report, Anthropic has revealed that its AI tool Claude has been purposefully weaponised by hackers, offering a disturbing glimpse into how quickly AI is shifting the cyber threat landscape.

In one operation, termed ‘vibe hacking’, attackers used Claude Code to automate reconnaissance, ransomware creation, credential theft, and ransom-demand generation across 17 organisations, including those in healthcare, emergency services and government.

The firm also documents other troubling abuses: North Korean operatives used Claude to fabricate identities, successfully get hired at Fortune 500 companies and maintain access, all with minimal real-world technical skills. In another case, AI-generated ransomware variants were developed, marketed and sold to other criminals on the dark web.

Experts warn that such agentic AI systems enable single individuals to carry out complex cybercrime acts once reserved for well-trained groups.

While Anthropic has deactivated the compromised accounts and strengthened its safeguards, the incident highlights an urgent need for proactive risk management and regulation of AI systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Claude chatbot misused in unprecedented cyber extortion case

A hacker exploited Anthropic’s Claude chatbot to automate one of the most extensive AI-driven cybercrime operations yet recorded, targeting at least 17 companies across multiple sectors, the firm revealed.

According to Anthropic’s report, the attacker used Claude Code to identify vulnerable organisations, generate malicious software, and extract sensitive files, including defence data, financial records, and patients’ medical information.

The chatbot then sorted the stolen material, identified leverage for extortion, calculated realistic bitcoin demands, and even drafted ransom notes and extortion emails on behalf of the hacker.

Victims included a defence contractor, a financial institution, and healthcare providers. Extortion demands reportedly ranged from $75,000 to over $500,000, although it remains unclear how much was actually paid.

Anthropic declined to disclose the companies affected but confirmed new safeguards are in place. The firm warned that AI lowers the barrier to entry for sophisticated cybercrime, making such misuse increasingly likely.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!