cybersecurity

Asahi faces major disruption after cyberattack

Growing concern surrounds Asahi Group after the company acknowledged a possible leak of nearly two million personal records linked to a cyberattack that began in late September.

Company president Atsushi Katsuki apologised publicly and confirmed that operations remain heavily disrupted as logistics teams work towards full recovery by February.

Investigators found that attackers infiltrated network equipment at one of Asahi’s facilities, obtained administrator credentials and accessed servers repeatedly.

Atsushi Katsuki noted that the breach demonstrated significant vulnerabilities, although he stressed that improvements had already been implemented and no ransom had been paid.

Production and shipments across most domestic factories were halted, forcing employees to handle orders manually and slowing the resumption of supply lines.

Competitors Kirin, Suntory and Sapporo have struggled to meet unexpected demand, triggering shipping limits and suspensions on some products across the wider beer industry.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

New phishing kit targets Microsoft 365 users

Researchers have uncovered a large phishing operation, known as Quantum Route Redirect (QRR), that creates fake Microsoft 365 login pages across nearly 1,000 domains. The campaign uses convincing email lures, including DocuSign notices and payment alerts, to steal user credentials.

QRR operations have reached 90 countries, with US users hit hardest. Analysts say the platform evades scanners by sending bots to safe pages while directing real individuals to credential-harvesting sites on compromised domains.

The kit emerged shortly after Microsoft disrupted the RaccoonO365 network, which had stolen thousands of accounts. Similar tools, such as VoidProxy and Darcula, have appeared; yet, QRR stands out for its automation and ease of use, which enable rapid, large-scale attacks.

Cybersecurity experts warn that URL scanning alone can no longer stop such operations. Organisations are urged to adopt layered protection, stronger sign-in controls and behavioural monitoring to detect scams that increasingly mimic genuine Microsoft systems.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

FCC set to rescind cyber rules after Salt Typhoon hack

The FCC is scheduled this week to vote on rescinding rules imposed in January that required major telecommunications carriers to secure networks from unauthorised access and interception under Section 105 of the Communications Assistance for Law Enforcement Act.

These measures were introduced after the Salt Typhoon cyber-espionage campaign exposed vulnerabilities in US telecom infrastructure.

Current FCC Chair Brendan Carr argues the prior policy exceeded the agency’s legal authority and did not offer flexible or targeted protections. The proposed reversal follows lobbying by major carriers who claim the rules could undermine partnership efforts between public and private sectors.

Lawmakers, including Maria Cantwell, ranking Democrat on the Senate Commerce Committee, have strongly opposed the move. They describe the Salt Typhoon campaign, attributed to Chinese-linked actors targeting numerous US carriers, as one of the most serious telecom breaches in US history, emphasising that loosening these rules could undermine national security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Cloudflare outage disrupts leading crypto platforms

Cloudflare experienced a significant network outage on Tuesday, which disrupted access to major cryptocurrency platforms, including Coinbase, Kraken, Etherscan, and several DeFi services, resulting in widespread ‘500 Internal Server Error’ messages.

The company acknowledged the issue as an internal service degradation across parts of its global network and began rolling out a fix. However, users continued to face elevated error rates during the process.

Major Bitcoin and Ethereum platforms, as well as Aave, DeFiLlama, and several blockchain explorers, were impacted. The disruption spread beyond crypto, affecting several major Web2 platforms, while services like BlueSky and Reddit stayed fully operational.

Cloudflare shares dropped 3.5% in pre-market trading as the company investigated whether scheduled maintenance at specific data centres played any role.

The incident marks the third significant Cloudflare disruption affecting crypto platforms since 2019, highlighting the industry’s ongoing reliance on centralised infrastructure providers despite its focus on decentralisation.

Industry experts pointed to recent outages from Cloudflare and Amazon Web Services as evidence that critical digital services cannot rely solely on a single vendor for reliability. Kraken restored access ahead of many peers, while Cloudflare stated that the issue was resolved and would continue to monitor for full stability.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Eurofiber France reportedly hit by data breach

Eurofiber France has suffered a data breach affecting its internal ticket management system and ATE customer portal, reportedly discovered on 13 November. The incident allegedly involved unauthorised access via a software vulnerability, with the full extent still unclear.

Sources indicate that approximately 3,600 customers could be affected, including major French companies and public institutions. Reports suggest that some of the allegedly stolen data, ranging from documents to cloud configurations, may have appeared on the dark web for sale.

Eurofiber has emphasised that Dutch operations are not affected.

The company moved quickly to secure affected systems, increasing monitoring and collaborating with cybersecurity specialists to investigate the incident. The French privacy regulator, CNIL, has been informed, and Eurofiber states that it will continue to update customers as the investigation progresses.

Founded in 2000, Eurofiber provides fibre optic infrastructure across the Netherlands, Belgium, France, and Germany. Primarily owned by Antin Infrastructure Partners and partially by Dutch pension fund PGGM, the company remains operational while assessing the impact of the breach.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Inside the rise and fall of a cybercrime kingpin

Ukrainian hacker Vyacheslav Penchukov, once known online as ‘Tank’, climbed from gaming forums in Donetsk to the top of the global cybercrime scene. As leader of the notorious Jabber Zeus and later Evil Corp affiliates, he helped steal tens of millions from banks, charities and businesses around the world while remaining on the FBI Most Wanted list for nearly a decade.

After years on the run, he was dramatically arrested in Switzerland in 2022 and is now serving time in a Colorado prison. In a rare interview, Penchukov revealed how cybercrime evolved from simple bank theft to organised ransomware targeting hospitals and major corporations. He admits paranoia became his constant companion, as betrayal within hacker circles led to his downfall.

Today, the former cyber kingpin spends his sentence studying languages and reflecting on the empire he built and lost. While he shows little remorse for his victims, his story offers a rare glimpse into the hidden networks that fuel global hacking and the blurred line between ambition and destruction.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Washington Post confirms hit in Oracle-linked Cl0p hacking spree

The Washington Post said it was affected by a wider breach tied to Oracle’s E-Business Suite, joining a growing list of victims. The vulnerability was reportedly exploited by the Cl0p ransomware gang, which demands payment from victims in exchange for not leaking stolen files.

Oracle, a major enterprise software provider, disclosed in October that a zero-day flaw in its E-Business Suite had been exploited over the summer. Google also warned that Oracle systems were being targeted in what appeared to be a broader wave of data theft attempts. An initial emergency patch on 2 October failed, and a second critical fix on 11 October left customers exposed for days.

Cl0p’s campaign has already hit high-profile targets including Harvard University, Envoy Air, DXC Technology and Chicago Public Schools. The group, active since at least 2019, previously abused MOVEit, GoAnywhere and Cleo file-transfer tools.

Would you like to learn more aboutAI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Bank Indonesia reports over 370 million cyber threat attempts in 2024

Bank Indonesia (BI) has reported more than 370 million attempted cyber threats targeting the country, highlighting the growing exposure linked to Indonesia’s rapid digital transformation.

The central bank also noted a 25% increase in anomalous cyber traffic in 2024 compared to the previous year. Deputy Governor Filianingsih Hendarta stated that the rise in cyber activity underscores the need for all stakeholders to remain vigilant as Indonesia continues to develop its digital infrastructure.

She also added that public trust is essential to sustaining a resilient digital ecosystem, as trust takes a long time to build and can be lost in to moment.

To strengthen cybersecurity and prepare for continued digitalisation, BI has developed the Indonesian Payment System Blueprint (BSPI) 2030, a strategic framework intended to enhance institutional collaboration and reinforce the security of the national payment system.

BI data shows that internet penetration in Indonesia has reached 80.66%, equivalent to approximately 229 million people, surpassing the global average of 68.7% (around 6.66 billion people worldwide).

Filianingsih also emphasised that strengthening digital infrastructure requires cross-sectoral and international cooperation, given the global and rapidly evolving nature of cyber threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Australian government highlights geopolitical risks to critical infrastructure

According to the federal government’s latest Critical Infrastructure Annual Risk Review, Australia’s critical infrastructure is increasingly vulnerable due to global geopolitical uncertainty, supply chain vulnerabilities, and advancements in technology.

The report, released by the Department of Home Affairs, states that geopolitical tensions and instability are affecting all sectors essential to national functioning, such as energy, healthcare, banking, aviation and the digital systems supporting them.

It notes that operational environments are becoming increasingly uncertain both domestically and internationally, requiring new approaches to risk management.

The review highlights a combination of pressures, including cyber threats, supply chain disruptions, climate-related risks and the potential for physical sabotage. It also points to challenges linked to “malicious insiders”, geostrategic shifts and declining public trust in institutions.

According to the report, Australia’s involvement in international policy discussions has, at times, exposed it to possible retaliation from foreign actors through activities ranging from grey zone operations to preparations for state-sponsored sabotage.

It further notes that the effects of overseas conflicts have influenced domestic sentiment and social cohesion, contributing to risks such as ideologically driven vandalism, politically motivated violence and lone-actor extremism.

To address these challenges, the government emphasises the need for adaptable risk management strategies that reflect shifting dependencies, short- and long-term supply chain issues and ongoing geopolitical tensions.

The report divides priority risks into two categories: those considered most plausible and those deemed most harmful. Among the most convincing are extreme-impact cyber incidents and geopolitically driven supply chain disruption.

The most damaging risks include disrupted fuel supplies, major cyber incidents and state-sponsored sabotage. The review notes that because critical sectors are increasingly interdependent, disruption in one area could have cascading impacts on others.

Australia currently imports 61 percent of its fuel from the Middle East, with shipments transiting maritime routes that are vulnerable to regional tensions. Many global shipping routes also pass through the Taiwan Strait, where conflict would significantly affect supply chains.

Home Affairs Minister Tony Burke said the review aims to increase understanding of the risks facing Australia’s essential services and inform efforts to enhance resilience.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

M&S profits plunge after costly cyberattack

Marks & Spencer says a major cyberattack around Easter forced it to shut its website to orders for about six weeks, disrupting logistics, emptying shelves and sending customers to rivals. The breach also exposed personal data, including names, email and postal addresses, and dates of birth.

The incident was traced to ‘human error’, according to chief executive Stuart Machin. M&S estimated the attack cost around £324 million in lost sales, partly offset by a £100 million insurance payout, and expects a total profit impact of about £136 million for the year.

Home delivery restarted in June, while click and collect returned in August, but fashion, home and beauty recovered more slowly than food as the retailer rebuilt systems and worked through backlogs. M&S says online trading has steadily improved and it expects operations to be fully restored by year-end.

The company has pledged tighter security controls and processes following the attack, which highlighted the vulnerability of retail supply chains to cyber incidents. The attack comes amid a surge in cyber incidents targeting UK retailers, including recent campaigns where hackers posed as IT staff to breach corporate networks.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!