cybersecurity

Japan approves preemptive cyberdefence law

Japan’s parliament has passed a new law enabling active cyberdefence measures, allowing authorities to legally monitor communications data during peacetime and neutralise foreign servers if cyberattacks occur.

Instead of reacting only after incidents, this law lets the government take preventive steps to counter threats before they escalate.

Operators of vital infrastructure, such as electricity and railway companies, must now report cyber breaches directly to the government. The shift follows recent cyber incidents targeting banks and an airline, prompting Japan to put a full framework in place by 2027.

Although the law permits monitoring of IP addresses in communications crossing Japanese borders, it explicitly bans surveillance of domestic messages and their contents.

A new independent panel will authorise all monitoring and response actions beforehand, instead of leaving decisions solely to security agencies.

Police will handle initial countermeasures, while the Self-Defense Forces will act only when attacks are highly complex or planned. The law, revised to address opposition concerns, includes safeguards to ensure personal rights are protected and that government surveillance remains accountable.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Quantum AI interest surges in data science and cybersecurity

Quantum AI is no longer a distant concept for many businesses, with over 60 percent actively investing in or exploring the technology, according to new research from SAS.

The report highlights that the most common area of application is in data analytics and machine learning, accounting for 48 percent of use cases. Research and development follows at 41 percent, while cybersecurity ranks third at 35 percent.

The emerging field of quantum AI combines current AI with the immense processing power of quantum computing. This fusion promises breakthroughs in algorithm development, complex model training, and solving data problems that today’s systems struggle with.

Industries are also examining its potential in supply chain and logistics (31 percent), finance and risk management (26 percent), and even marketing (20 percent).

Despite growing interest, several barriers still hinder adoption. These include high costs (38 percent), a lack of understanding (35 percent), uncertainty around practical use cases (31 percent), a shortage of skilled workers (31 percent), and limited regulatory guidance (26 percent).

SAS Principal Quantum Architect Bill Wisotsky acknowledged the surrounding hype but stressed that research underway today is crucial groundwork.

Key sectors poised to benefit include life sciences, financial services, and manufacturing, particularly in areas such as drug discovery, risk analysis, and process optimisation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

LockBit ransomware platform breached again

LockBit, one of the most notorious ransomware groups of recent years, has suffered a significant breach of its dark web platform. Its admin and affiliate panels were defaced and replaced with a message linking to a leaked MySQL database, seemingly exposing sensitive operational details.

The message mocked the gang with the line ‘Don’t do crime CRIME IS BAD xoxo from Prague,’ raising suspicions of a rival hacker or vigilante group behind the attack.

The leaked database, first flagged by a threat actor known as Rey, contains 20 tables revealing details about LockBit’s affiliate network, tactics, and operations. Among them are nearly 60,000 Bitcoin addresses, payload information tied to specific targets, and thousands of extortion chat messages.

A ‘users’ table lists 75 affiliate and admin identities, many with passwords stored in plain text—some comically weak, like ‘Weekendlover69.’

While a LockBit spokesperson confirmed the breach via Tox chat, they insisted no private keys were exposed and that losses were minimal. However, the attack echoes a recent breach of the Everest ransomware site, suggesting the same actor may be responsible.

Combined with past law enforcement actions—such as Operation Cronos, which dismantled parts of LockBit’s infrastructure in 2024—the new leak could harm the group’s credibility with affiliates.

LockBit has long operated under a ransomware-as-a-service model, providing malware to affiliates in exchange for a cut of ransom profits. It has targeted both Linux and Windows systems, used double extortion tactics, and accounted for a large share of global ransomware attacks in 2022.

Despite ongoing pressure from authorities, the group has continued its operations—though this latest breach could prove harder to recover from.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

CrowdStrike cuts jobs amid AI shift

Cybersecurity firm CrowdStrike is laying off 500 employees—5% of its workforce—as it shifts towards an AI-led operating model to boost efficiency and hit a $10 billion annual revenue goal.

In a letter to staff, CEO George Kurtz described AI as a ‘force multiplier’ meant to reduce hiring needs instead of expanding headcount.

The restructure, expected to cost up to $53 million through mid-2026, will still see hiring in customer-facing and engineering roles.

Yet despite its optimism, the company’s regulatory filings flag notable risks in depending on AI, such as faulty outputs, legal uncertainty, and the challenge of managing fast-moving systems. Analysts have also linked the shift to wider market pressures, not merely strategic innovation.

Principal analyst Sofia Ali warned that the AI-first approach may backfire if transparency, governance, and human oversight are not prioritised. Over-reliance on automation—especially in threat detection or customer support—could erode user trust instead of reinforcing it, particularly during critical incidents.

CrowdStrike’s move mirrors a broader tech trend: over 52,000 tech jobs were cut in early 2025 as firms embraced AI to replace automatable roles. For cybersecurity leaders, the challenge now lies in balancing AI’s promise with the human expertise essential to trust and resilience.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Indian stock exchanges curb foreign access amid cybersecurity concerns

India’s two largest stock exchanges, the National Stock Exchange (NSE) and BSE Ltd, have temporarily restricted overseas access to their websites amid rising concerns over cyber threats. The move does not affect foreign investors’ ability to trade on Indian markets.

Sources familiar with the matter confirmed the decision followed a joint meeting between the exchanges, although no recent direct attack has been specified.

Despite the restrictions, market operations remain fully functional, with officials emphasising that the measures are purely preventive.

The precautionary step comes during heightened regional tensions between India and Pakistan, though no link to the geopolitical situation has been confirmed. The NSE has yet to comment publicly on the situation.

A BSE spokesperson noted that the exchanges are monitoring cyber risks both domestically and internationally and that website access is now granted selectively to protect users and infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers hijack NY Post X account to scam crypto users

Cybercriminals reportedly breached the New York Post’s X account. They targeted cryptocurrency enthusiasts by luring them into a Telegram-based scam, disguised as a podcast invitation.

The fraudulent message, impersonating journalist Paul Sperry, invited users to a supposed editorial feature, offering both in-person and virtual interview options.

Kerberus CEO Alex Katz flagged the issue, confirming the scam was being pushed from NYP’s verified X profile.

Cybersecurity expert ‘Drew’ noted the attackers blocked replies to prevent the real NYP team from spotting the breach. He warned users not to respond to Telegram messages, emphasising that the invite was fake.

Unlike typical crypto scams involving phishing links or wallet drainers, this attack focused on private messaging and trust manipulation.

Victims reported that the scammer used detailed, personal references and staged interviews. These interviews enabled audio-triggered suspicious pop-ups, including one labelled ‘WiFi.’

Security experts say such methods exploit user trust built through prior interactions. As social engineering tactics evolve, crypto users are urged to verify every identity, even those they communicate with regularly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

FBI warns users not to click on suspicious messages

Cybersecurity experts are raising fresh alarms following an FBI warning that clicking on a single link could lead to disaster.

With cyberattacks becoming more sophisticated, hackers now need just 60 seconds to compromise a victim’s device after launching an attack.

Techniques range from impersonating trusted brands like Google to deploying advanced malware and using AI tools to scale attacks even further.

The FBI has revealed that internet crimes caused $16 billion in losses during 2024 alone, with more than 850,000 complaints recorded.

Criminals exploit emotional triggers like fear and urgency in phishing emails, often sent from what appear to be genuine business accounts. A single click could expose sensitive data, install malware automatically, or hand attackers access to personal accounts by stealing browser session cookies.

To make matters worse, many attacks now originate from smartphone farms targeting both Android and iPhone users. Given the evolving threat landscape, the FBI has urged everyone to be extremely cautious.

Their key advice is clear: do not click on anything received via unsolicited emails or text messages, no matter how legitimate it might appear.

Remaining vigilant, avoiding interaction with suspicious messages, and reporting any potential threats are critical steps in combating the growing tide of cybercrime.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

MTN confirms cybersecurity breach and data exposure

MTN Group has confirmed a cybersecurity breach that exposed personal data of some customers in certain markets. The telecom giant assured the public, however, that its core infrastructure remains secure and fully operational.

The breach involved an unknown third party gaining unauthorised access to parts of MTN’s systems, though the company emphasised that critical services, including mobile money and digital wallets, were unaffected.

In a statement released on Thursday, MTN clarified that investigations are ongoing, but no evidence suggests any compromise of its central infrastructure, such as its network, billing, or financial service platforms.

MTN has alerted the law enforcement of South Africa and is collaborating with regulatory bodies in the affected regions.

The company urged customers to take steps to safeguard their data, such as monitoring financial statements, using strong passwords, and being cautious with suspicious communications.

MTN also recommended enabling multi-factor authentication and avoiding sharing sensitive information like PINs or passwords through unsecured channels.

While investigations continue, MTN has committed to providing updates as more details emerge, reiterating its dedication to transparency and customer protection.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New research highlights escalating cyberthreats to global energy sector

Resecurity has published new research examining recent cyber threat activity targeting energy infrastructure across North America, Asia, and the European Union. The report, a continuation of Resecurity’s earlier analysis, focuses on incidents involving energy firms, including nuclear facilities and associated research entities.

According to the findings, these organisations are being targeted by various threat actors, including hacktivist groups, ransomware operators, and nation state entities. The report observes that geopolitical tensions remain a significant factor behind many of these activities, with actors associated with China, Iran, North Korea, and Russia among those identified.

The primary focus of these campaigns has been cyber-espionage, although incidents involving ransomware operations against operational technology (OT) systems have also been reported. The convergence of IT and OT systems, the growing use of cloud technologies, and the increased deployment of Industrial Internet of Things (IIoT) devices are noted as factors contributing to the expanded attack surface within the sector.

Resecurity’s HUNTER unit documented various threat actors engaged in targeting critical infrastructure. The report emphasises the need for energy firms to monitor potential exposure of credentials across dark web platforms, particularly due to vulnerabilities within IT and software supply chains.

Technological developments such as AI adoption within the energy sector are also discussed as contributing to the evolving threat landscape. AI is reported to lower entry barriers for certain types of cyber operations, while its integration into critical infrastructure networks introduces additional risks.

The Resecurity analysis also underscores the role of cyber supply chain risks, citing the MOVEit managed file transfer breach as an example of downstream impacts affecting multiple layers of vendors and service providers.

In response to these developments, the US Department of Energy (DOE), alongside the National Association of Regulatory Utility Commissioners (NARUC), issued updated cybersecurity guidelines in 2024 aimed at strengthening the resilience of electric distribution systems and distributed energy resources.

Overall, the research identifies an increase in cyberattacks targeting energy infrastructure globally, suggesting that some of these activities may be linked to broader geopolitical strategies. The report highlights the involvement of both state-sponsored and criminal actors in shaping this threat environment.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Researchers report espionage campaign targeting government and critical sectors in Southeast Asia

Symantec has reported that the China-linked espionage group known as Billbug—also referred to as Lotus Blossom, Lotus Panda, Bronze Elgin, and Thrip—conducted a sustained intrusion campaign against multiple organizations in a Southeast Asian country between August 2024 and February 2025. The campaign involved the use of several custom tools, including loaders, credential stealers, and a reverse SSH utility.

According to Symantec, this activity appears to continue a series of operations previously observed in late 2023, which targeted various government and critical infrastructure organisations across Southeast Asia. While Chinese attribution has been suggested, specific attribution to an individual actor remains inconclusive. Identified targets include a government ministry, an air traffic control organisation, a telecommunications provider, and a construction company.

Additional intrusions were reported against a news agency and an air freight company in neighbouring countries. The campaign leveraged DLL sideloading techniques, utilising legitimate executables from Trend Micro and Bitdefender to load malicious code.

Symantec’s analysis detailed how these binaries were used to sideload malicious DLLs, which decrypted and executed payloads designed to maintain persistence and enable further compromise of targeted systems. Billbug has been active since at least 2009, with a documented history of targeting government, defence, telecommunications, and critical infrastructure sectors in Southeast Asia and beyond.

Symantec and other cybersecurity researchers have tracked the group across multiple campaigns, including previous operations involving backdoors like Hannotog and Sagerunex. The recent report also references related findings from Cisco Talos, which provided indicators of compromise connected to the same campaign.

Symantec noted that Billbug continues to adapt its techniques, including the use of compromised legitimate software and custom malware, to conduct espionage operations across the region.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!