cybersecurity

FBI warns users not to click on suspicious messages

Cybersecurity experts are raising fresh alarms following an FBI warning that clicking on a single link could lead to disaster.

With cyberattacks becoming more sophisticated, hackers now need just 60 seconds to compromise a victim’s device after launching an attack.

Techniques range from impersonating trusted brands like Google to deploying advanced malware and using AI tools to scale attacks even further.

The FBI has revealed that internet crimes caused $16 billion in losses during 2024 alone, with more than 850,000 complaints recorded.

Criminals exploit emotional triggers like fear and urgency in phishing emails, often sent from what appear to be genuine business accounts. A single click could expose sensitive data, install malware automatically, or hand attackers access to personal accounts by stealing browser session cookies.

To make matters worse, many attacks now originate from smartphone farms targeting both Android and iPhone users. Given the evolving threat landscape, the FBI has urged everyone to be extremely cautious.

Their key advice is clear: do not click on anything received via unsolicited emails or text messages, no matter how legitimate it might appear.

Remaining vigilant, avoiding interaction with suspicious messages, and reporting any potential threats are critical steps in combating the growing tide of cybercrime.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

MTN confirms cybersecurity breach and data exposure

MTN Group has confirmed a cybersecurity breach that exposed personal data of some customers in certain markets. The telecom giant assured the public, however, that its core infrastructure remains secure and fully operational.

The breach involved an unknown third party gaining unauthorised access to parts of MTN’s systems, though the company emphasised that critical services, including mobile money and digital wallets, were unaffected.

In a statement released on Thursday, MTN clarified that investigations are ongoing, but no evidence suggests any compromise of its central infrastructure, such as its network, billing, or financial service platforms.

MTN has alerted the law enforcement of South Africa and is collaborating with regulatory bodies in the affected regions.

The company urged customers to take steps to safeguard their data, such as monitoring financial statements, using strong passwords, and being cautious with suspicious communications.

MTN also recommended enabling multi-factor authentication and avoiding sharing sensitive information like PINs or passwords through unsecured channels.

While investigations continue, MTN has committed to providing updates as more details emerge, reiterating its dedication to transparency and customer protection.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New research highlights escalating cyberthreats to global energy sector

Resecurity has published new research examining recent cyber threat activity targeting energy infrastructure across North America, Asia, and the European Union. The report, a continuation of Resecurity’s earlier analysis, focuses on incidents involving energy firms, including nuclear facilities and associated research entities.

According to the findings, these organisations are being targeted by various threat actors, including hacktivist groups, ransomware operators, and nation state entities. The report observes that geopolitical tensions remain a significant factor behind many of these activities, with actors associated with China, Iran, North Korea, and Russia among those identified.

The primary focus of these campaigns has been cyber-espionage, although incidents involving ransomware operations against operational technology (OT) systems have also been reported. The convergence of IT and OT systems, the growing use of cloud technologies, and the increased deployment of Industrial Internet of Things (IIoT) devices are noted as factors contributing to the expanded attack surface within the sector.

Resecurity’s HUNTER unit documented various threat actors engaged in targeting critical infrastructure. The report emphasises the need for energy firms to monitor potential exposure of credentials across dark web platforms, particularly due to vulnerabilities within IT and software supply chains.

Technological developments such as AI adoption within the energy sector are also discussed as contributing to the evolving threat landscape. AI is reported to lower entry barriers for certain types of cyber operations, while its integration into critical infrastructure networks introduces additional risks.

The Resecurity analysis also underscores the role of cyber supply chain risks, citing the MOVEit managed file transfer breach as an example of downstream impacts affecting multiple layers of vendors and service providers.

In response to these developments, the US Department of Energy (DOE), alongside the National Association of Regulatory Utility Commissioners (NARUC), issued updated cybersecurity guidelines in 2024 aimed at strengthening the resilience of electric distribution systems and distributed energy resources.

Overall, the research identifies an increase in cyberattacks targeting energy infrastructure globally, suggesting that some of these activities may be linked to broader geopolitical strategies. The report highlights the involvement of both state-sponsored and criminal actors in shaping this threat environment.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Researchers report espionage campaign targeting government and critical sectors in Southeast Asia

Symantec has reported that the China-linked espionage group known as Billbug—also referred to as Lotus Blossom, Lotus Panda, Bronze Elgin, and Thrip—conducted a sustained intrusion campaign against multiple organizations in a Southeast Asian country between August 2024 and February 2025. The campaign involved the use of several custom tools, including loaders, credential stealers, and a reverse SSH utility.

According to Symantec, this activity appears to continue a series of operations previously observed in late 2023, which targeted various government and critical infrastructure organisations across Southeast Asia. While Chinese attribution has been suggested, specific attribution to an individual actor remains inconclusive. Identified targets include a government ministry, an air traffic control organisation, a telecommunications provider, and a construction company.

Additional intrusions were reported against a news agency and an air freight company in neighbouring countries. The campaign leveraged DLL sideloading techniques, utilising legitimate executables from Trend Micro and Bitdefender to load malicious code.

Symantec’s analysis detailed how these binaries were used to sideload malicious DLLs, which decrypted and executed payloads designed to maintain persistence and enable further compromise of targeted systems. Billbug has been active since at least 2009, with a documented history of targeting government, defence, telecommunications, and critical infrastructure sectors in Southeast Asia and beyond.

Symantec and other cybersecurity researchers have tracked the group across multiple campaigns, including previous operations involving backdoors like Hannotog and Sagerunex. The recent report also references related findings from Cisco Talos, which provided indicators of compromise connected to the same campaign.

Symantec noted that Billbug continues to adapt its techniques, including the use of compromised legitimate software and custom malware, to conduct espionage operations across the region.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Dutch Ministry of Defence expands recruitment of cyber reservists to support national cybersecurity efforts

The Dutch Ministry of Defence has announced plans to expand its cyber defence capabilities by recruiting additional cyber reservists, according to NOS. The initiative is part of the Ministry’s strategy to strengthen cybersecurity expertise within its armed forces, with recruitment efforts scheduled to intensify after the summer. Several reservist positions have already been advertised online.

Cyber reservists are civilian professionals with digital security expertise who contribute part-time to the military’s cyber operations. Typically employed under zero-hour contracts, they may be called upon to support defence activities during evenings, weekends, or specific operational periods, while continuing their civilian careers.

The reservist units are part of the Defence Cyber Command (DCC), which currently consists of six platoons. Reservists may also participate in military exercises in the Netherlands or internationally, including NATO operations, with voluntary deployments.

Recruitment targets for cyber reservists were set at 150 over a ten-year period, but this number has not yet been achieved. According to Defence Ministry officials, interest in these positions has increased following the escalation of global cyber threats, particularly after the Russian invasion of Ukraine, though exact figures remain undisclosed for operational security reasons.

Cybersecurity expert Bert Hubert highlighted the distinct nature of cyber reserve work compared to traditional military reservist roles, emphasising the complexity of effective cyber defence operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

CISA extends MITRE’s CVE program for 11 months

The US Cybersecurity and Infrastructure Security Agency (CISA) has extended its contract with the MITRE Corporation to continue operating the Common Vulnerabilities and Exposures (CVE) program for an additional 11 months. The decision was made one day before the existing contract was set to expire.

A CISA spokesperson confirmed that the agency exercised the option period in its $57.8 million contract with MITRE to prevent a lapse in CVE services. The contract, which originally concluded on April 17, includes provisions for optional extensions through March 2026.

‘The CVE Program is invaluable to the cyber community and a priority of CISA,’ the spokesperson stated, expressing appreciation for stakeholder support.

Yosry Barsoum, vice president of MITRE and director of its Center for Securing the Homeland, said that CISA identified incremental funding to maintain operations.

He noted that MITRE remains committed to supporting both the CVE and CWE (Common Weakness Enumeration) programs, and acknowledged the widespread support from government, industry, and the broader cybersecurity community.

The extension follows public concern raised earlier this week after Barsoum issued a letter indicating that program funding was at risk of expiring without renewal.

MITRE officials noted that, in the event of a contract lapse, the CVE program website would eventually go offline and no new CVEs would be published. Historical data would remain accessible via GitHub.

Launched in 1999, the CVE program serves as a central catalogue for publicly disclosed cybersecurity vulnerabilities. It is widely used by governments, private sector organisations, and critical infrastructure operators for vulnerability identification and coordination.

Amid recent uncertainty about the program’s future, a group of CVE Board members announced the formation of a new non-profit organisation — the CVE Foundation — aimed at supporting the long-term sustainability and governance of the initiative.

In a public statement, the group noted that while US government sponsorship had enabled the program’s growth, it also introduced concerns around reliance on a single national sponsor for what is considered a global public good.

The CVE Foundation is intended to provide a neutral, independent structure to ensure continuity and community oversight.

The foundation aims to enhance global governance, eliminate single points of failure in vulnerability management, and reinforce the CVE program’s role as a trusted and collaborative resource. Further information about the foundation’s structure and plans is expected to be released in the coming days.

CISA did not comment on the creation of the CVE Foundation. A MITRE spokesperson indicated the organisation intends to work with federal agencies, the CVE Board, and the cybersecurity community on options for ongoing support.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Report highlights growing cyber risks to aviation

A recent report by the Foundation for Defense of Democracies notes that while both government agencies and private sector actors have taken steps to strengthen cybersecurity in aviation, the increasing demands on outdated systems are outpacing current mitigation efforts.

Commercial aviation is operating at near full capacity, placing strain on legacy technologies and logistical frameworks.

According to Jiwon Ma, senior policy analyst at the Foundation for Defense of Democracies’ Center on Cyber and Policy Innovation, these pressures can result in major disruptions even in the absence of cyberattacks.

Ma referenced past incidents such as the 2022 Southwest Airlines operational failure and the widespread IT outage linked to CrowdStrike in 2024.

As part of the Biden administration’s national cybersecurity strategy, the Transportation Security Administration (TSA) implemented new aviation security measures in 2023.

The Federal Aviation Administration (FAA) declined to detail its specific cybersecurity practices, but a spokesperson stated that the agency employs a comprehensive approach to protect the National Airspace System in coordination with federal and private partners.

The report emerges amid a series of cybersecurity incidents affecting aviation and related infrastructure. In July 2024, Delta Air Lines cancelled thousands of flights due to a software update failure attributed to CrowdStrike, resulting in a $500 million lawsuit against the company.

In August 2024, Seattle-Tacoma International Airport experienced disruptions linked to a Rhysida ransomware attack, which affected key services and prompted the Port of Seattle to issue data breach notifications to approximately 90,000 individuals.

Boeing has also been targeted in recent years, including a 2023 ransomware attack by LockBit that resulted in data leaks, and a 2022 cyber incident affecting its Jeppesen subsidiary, which provides flight navigation and planning tools.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

MITRE’s CVE program faces funding expiry, raising cybersecurity concerns

A cornerstone of the global cybersecurity ecosystem is facing an uncertain future. US government funding for MITRE Corporation to operate and maintain the Common Vulnerabilities and Exposures (CVE) program is set to expire, an unprecedented development that could significantly disrupt how security flaws are identified, tracked, and mitigated worldwide.

Launched in 1999, the CVE program has become the de facto international standard for cataloging publicly known software vulnerabilities. Managed by MITRE under sponsorship from the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), the program has published over 274,000 CVE records to date.

MITRE has warned that the lapse in funding will not only halt its ability to continue developing and modernizing the CVE system but could also impact related initiatives such as the Common Weakness Enumeration (CWE). These tools are essential for vulnerability classification, secure coding practices, and prioritisation of cybersecurity risks.

While Barsoum noted that the US government is working to find a resolution, the looming gap has already prompted independent action. Cybersecurity firm VulnCheck, which acts as a CVE Numbering Authority (CNA), has preemptively reserved 1,000 CVEs for 2025 in an effort to maintain continuity.

Industry experts warn the consequences could be far-reaching. Despite the challenges, MITRE has affirmed its commitment to the CVE program and its role as a global resource. However, unless a new funding arrangement is secured, the future of this foundational infrastructure remains in question.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

NATO allies strengthen cyber defenses against critical infrastructure threats

Between 7 and 11 April, representatives from 20 allied governments and national agencies participated in a NATO-led exercise designed to strengthen mutual support in the cyber domain.

The activity aimed to improve coordination and collective response mechanisms for cyber incidents affecting critical national infrastructure. Through simulated threat scenarios, participants practised real-time information exchange, joint decision-making, and coordinated response planning.

According to NATO, cyber activities targeting critical infrastructure, industrial control systems, and public sector services have increased in frequency.

Such activities are considered to serve various objectives, including information gathering and operational disruption.

The role of cyber operations in modern conflict gained increased attention following Russia’s actions in Ukraine in 2022, where cyber activity was observed alongside traditional military operations.

Hosted by Czechia, the exercise served to test NATO’s Virtual Cyber Incident Support Capability (VCISC), a coordination platform introduced at the 2023 Vilnius Summit.

VCISC enables nations to request and receive cyber assistance from designated counterparts across the Alliance.

The support offered includes services such as malware analysis, cyber threat intelligence, and digital forensics. However, the initiative is voluntary, with allies contributing national resources and expertise to mitigate the impact of significant cyber incidents and support recovery.

Separately, in January 2025, the US officials met with her Nordic-Baltic counterparts from Denmark, Estonia, Finland, Iceland, Latvia, Lithuania, Norway, and Sweden.

Discussions centred on enhancing regional cooperation to safeguard undersea cable infrastructure—critical to communications and energy systems. Participants noted the broadening spectrum of threats to these assets.

In parallel, NATO launched the Baltic Sentry to reinforce the protection of critical infrastructure in the Baltic Sea region. The initiative is intended to bolster NATO’s posture and improve its capacity to respond promptly to destabilising activities.

In July 2024, NATO also announced the expansion of the role of its Integrated Cyber Defence Centre (NICC).

The Centre is tasked with enhancing the protection of NATO and allied networks, as well as supporting the operational use of cyberspace. It provides commanders with insights into potential cyber threats and vulnerabilities, including those related to civilian infrastructure essential to military operations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

DW Weekly #207 – China disagrees with Trump over $54B TikTok deal due to tariffs rise

Logo, Text

6 – 14 April 2025

People, Person, Crowd, Face, Head, Audience

Dear readers,

Last week, we saw the TikTok saga unfold as the Chinese government has not agreed to sell the ByteDance daughter company to a US majority TikTok entity, so US President Donald Trump extended the deadline to find a non-Chinese buyer by another 75 days, pushing the cutoff to mid-June after a near-miss on 5 April.

Amid the tariff rise turmoil, President Donald Trump’s administration has granted exemptions from steep tariffs on smartphones, laptops, and other electronics, relieving tech giants like Apple and Dell. 

The cryptocurrency landscape was waved by a blockchain analytics firm, which has alleged that the team behind the Melania Meme (MELANIA) cryptocurrency moved $30 million worth of tokens, allegedly taken from community reserves without explanation.

In the ever-evolving world of AI, two leading AI systems, OpenAI’s GPT-4.5 and Meta’s Llama-3.1, have passed a key milestone by outperforming humans in a modern version of the Turing Test. 

On the cybersecurity stage, Oracle Health has reportedly suffered a data breach that compromised sensitive patient information stored by US hospitals.

The European Union has firmly ruled out dismantling its strict digital regulations in a bid to secure a trade deal with Donald Trump. Henna Virkkunen, the EU’s top official for digital policy, said the bloc remained fully committed to its digital rulebook instead of relaxing its standards to satisfy US demands.

Meta’s existence is threatened by a colossal antitrust trial which commenced in Washington, with the US Federal Trade Commission (FTC) arguing that the company’s acquisitions of Instagram in 2012 and WhatsApp in 2014 were designed to crush competition with monopoly aims instead of fostering innovation.

Elon Musk’s legal saga with OpenAI intensifies, as OpenAI has filed a countersuit accusing the billionaire entrepreneur of a sustained campaign of harassment intended to damage the company and regain control over its AI developments.

For the main updates and reflections, consult the Radar and Reading Corner below.

DW Team

RADAR

Highlights from the week of 6 – 14 April 2025

meta brazil hate speech policy

Former Facebook executive says Meta misled over China

Wynn-Williams says Meta executives prioritised business growth in China over national security.

Read more
Algorithms confront tariffs featured image

Tech stocks rally after Trump halts tariffs

The Nasdaq jumped over 12%, its best day in decades, following a temporary halt on trade tariffs by the Trump administration.

Read more
deepseek AI China research innovation

DeepSeek highlights the risk of data misuse

Data stored today could be vulnerable to decryption in the near future.

Read more
instagram 5409107 1280

Meta to block livestreaming for under 16s without parental permission

Instagram users under 16 won’t be able to livestream or view blurred nudity in messages unless approved by a parent, Meta announced.

Read more
openAI Sam Altman TED 2025 ChatGPT users

ChatGPT hits 800 million users after viral surge

OpenAI is developing agents that can act autonomously on behalf of users, with safeguards.

Read more
electricity 4666566 1280

Google rolls out AI to improve US power grid connections

Energy connection delays face AI-powered fix through Google’s new initiative.

Read more
google 959059 1280

Google offers steep discounts to US federal agencies

The 71% discount on Google Workspace is part of a cost-cutting initiative under President Trump’s government reform, targeting federal spending efficiency.

Read more
japan 1184122 1280

Japan’s FSA proposes new framework for regulating crypto assets in Japan

A discussion paper on crypto regulation in Japan highlights issues like market access, insider trading, and classification of assets into funding and non-funding categories.

Read more
building 1011876 1280

Microsoft pauses $1 billion data centre project in Ohio

As AI demand shifts, Microsoft has slowed down major data centre projects, including the one in Ohio, and plans to invest $80 billion in AI infrastructure this year.

Read more
View all updates
READING CORNER
navigating the ai maze featured image

Navigating the AI maze: How to choose the right AI platform or tool – Diplo

With over 10,000 AI applications available, selecting the right AI tool can be daunting. Diplo advocates starting with a ‘good enough’ tool to avoid paralysis by analysis, tailoring it to specific needs through practical use.

Read more
BLOG featured image 2025 54

Don’t waste the crisis: How AI can help reinvent International Geneva – Diplo

International Geneva faces significant challenges, including financial constraints, waning multilateralism, and escalating geopolitical tensions. To remain relevant, it must embrace transformative changes, particularly through Artificial Intelligence (AI).

Read more
1524167e 54ef 4a3f a7f3 00814510c175

Microsoft at 50 – A journey through code, cloud, and AI

Founded by Bill Gates and Paul Allen in 1975, Microsoft grew from a small startup into the world’s largest software company. Through strategic acquisitions, the company expanded into diverse sectors,…

Read more
650 312 max 1

On the origins of ideas – Diplo

Do ideas have origins? From medieval communes to WWI, Aldo Matteucci shows how political thought, like a river, is shaped by experience, institutions, and historical context — not just theory.

Read more
UPCOMING EVENTS
gitex africa
www.diplomacy.edu

GITEX Africa 2025 – Diplo Event

GITEX Africa 2025 Jovan Kurbalija will participate at GITEX Africa (14-16 April 2025 in Marrakech, Morocco).

Read more
Geneva Internet Platform
www.diplomacy.edu

Tech attache briefing: WSIS+20 and AI governance negotiations – Updates and next steps – Diplo Event

Tech attache briefing: WSIS+20 and AI governance negotiations – Updates and next steps. The event is part of a series of regular briefings the Geneva

 Internet Platform (GIP) is delivering for diplomats at permanent missions and delegations in Geneva following digital policy issues. It is an invitation-only event.
Read more
geneva human rights platform
23 April 2025

Demystifying AI: How to prepare international organisations for AI transformation?

The event will provide a timely discussion on methods, approaches, and solutions for AI transformation of International Organisaitons. 
Read more
WIPO
dig.watch

WIPO Conversation 11: AI and IP: Infrastructure for rights holders and innovation

WIPO’s 11th Conversation on IP and AI will take place on April 23-24, 2025, focusing on the role of copyright infrastructure in supporting both rights holders and AI-driven innovation. As…

Read more