Tag: geopolitics
WEF predicts perfect storm for cybercrime
The World Economic Forum (WEF) Global Cybersecurity Outlook 2025 reports that several compounding factors are creating an increasingly complex and risky business environment. These include the growing complexity of supply chains, rising geopolitical tensions, cybercriminal's increasing use of artificial intelligence (AI), and the entry of traditional organized crime groups into cybercrime. Ransomware remains the top organizational cyber risk year on year, with 45 percent of respondents ranking it as a top concern in this year’s survey. Over half of the large organizations surveyed worldwide, 54 percent, identified supply chain challenges as the most challenging barrier to achieving cyber resilience, citing the increasing complexity of supply chains, coupled with a lack of visibility and oversight into the security levels of suppliers.
FBI unplugs Chinese hackers
The US Justice Department and FBI have completed a law enforcement operation to delete Chinese malware from approximately 4,258 U.S.-based computers and networks. The international operation was led by French law enforcement and France-based private cybersecurity company Sekoia.io. According to court documents unsealed in the Eastern District of Pennsylvania, a group of hackers paid by the People’s Republic of China (PRC), known as “Mustang Panda” and “Twill Typhoon,” used a version of PlugX malware to infect, control, and steal information from victim computers. Since at least 2014, Mustang Panda hackers have infiltrated thousands of computer systems in campaigns targeting US victims, European and Asian governments and businesses, and Chinese dissident groups.
China ramps up cyber-attacks on the US
The latest US security breach attributed to systematic attempts by China to compromise US institutions and critical infrastructure has impacted the US Treasury. The intrusion is being billed as “a major cybersecurity incident”. According to a letter from the US Department of the Treasury: “The threat actor was able to override the service’s security, remotely access certain Treasury Departmental Office user workstations, and access certain unclassified documents maintained by those users… Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor.”
Russian cyber gangs escalate attacks on US
Two Russian groups, the People’s Cyber Army and Z-Pentest, claim to have taken attacks on critical infrastructure in the US to a new and more dangerous level. Dark web researchers at threat intelligence firm Cyble have discovered Telegram videos detailing attacks on US energy and water facilities far beyond the previously supposed capabilities of such groups. Cyble believes that the two groups may be working in cooperation with one another. Previously, the People’s Cyber Army, which also goes by the name of the Cyber Army of Russia Reborn, and lesser-known groups such as Z-Pentest, have largely confined their attacks on US critical infrastructure to simple and easy-to-repel distributed denial of service (DDoS) attacks.
China’s Telecom Hack ‘Most Serious’ in US History
US Senator Mark Warner has called the Salt Typhoon hack, conducted by a group that has been linked to Chinese intelligence, “the most serious telecoms hack in our history.” In a recent interview with the NY Times, Warner also said that hackers were able to listen in on telephone calls and access text messages, emphasizing that “every major provider has been broken into.” This follows hard on the FBI releasing a joint statement with the US Cybersecurity and Infrastructure Security Agency (CISA), in which they announced that “China-affiliated actors have compromised networks at multiple telecommunications companies.”
Women break glass ceiling of Russian cybercrime
Women cybercriminals and lady Darknet hackers are now starting to make inroads into the hitherto male-dominated fraternities of Russian-speaking cybercrime. According to the cybersecurity training and certification cooperative, the SANS Institute, women cybercriminals sometimes now pose as men in order to obfuscate their identities as well as to gain credibility among Russian-speaking criminals. The SANS Institute interviewed one such woman cybercriminal, who is referred to only as a "Confidential Human Source (CHS)" in order to comply with her request for anonymity. “I often took my boyfriend to in-person meetings,” CHS revealed, shining a new light on a so-far largely unrecognized aspect of cybercrime, the fact that cybercriminals meetings are frequently also conducted offline.
US water supply threatened by cyber-attacks
The USA’s drinking water is under threat. According to the US Environmental Protection Agency (EPA), 97 drinking water systems serving around 27 million users have critical or high-risk cybersecurity. Although the EPA’s latest report focuses on the potential financial costs of cyber-attacks, there is also strong evidence that such attacks could also result in significant loss of life, with thousands or even millions of people being deliberately poisoned by terrorists or a hostile foreign power. “We estimate that a [California] state-wide water service disruption could potentially cost at least $61 billion in lost revenue per day,” says the EPA report, Cybersecurity Concerns Related to Drinking Water Systems.
Disgruntled ex-Disney employee highlights insider threat
The Walt Disney Company, which has long had a history of troubled labor relations, recently found itself the victim of a disgruntled former employee. According to an affidavit in support of a criminal complaint against the former employee, Michael Scheuer, Disney discovered a security breach allegedly used to make its menus unusable, together with the redirection of QR codes to direct Disney customers to a website calling for a boycott of Israel. More seriously, it alleged that the threat actor manipulated allergen information on Disney menus, indicating that certain menu items were safe for people with peanut allergies when, in fact, they could have been potentially deadly for some diners. Scheuer is also alleged to have conducted denial of service attacks on four former colleagues and to have paid visits outside the home of one of them.
The Chinese Communist Party is watching you
Research conducted by Which, the consumer watchdog magazine, has confirmed something the smartphone industry has known for years: Chinese electronic products are routinely used to spy on citizens in countries like the US and the UK. The latest suspects, domestic air fryers, join a long list of products the Chinese are accused of having used to spy on the West, which already ranges from smart watches to automobiles. Which analyzed three air fryers sold in the UK and found that Aigostar, Xiaomi Mi Smart, and Cosori CAF-LI401S knew their customers' precise locations and demanded permission to listen in on users' conversations. The Aigostar air fryer even wanted to know the user's gender and date of birth when setting up an account. Disturbingly, both the Aigostar and Xiaomi air fryers are reported to have sent personal data to servers in China.
Russian secret service steps up cyber-attacks on the West
Software giant Microsoft has made an urgent public announcement that the Russian secret service is currently sending thousands of weaponized spear-phishing emails to key individuals in over 100 organizations in countries including the US and the UK. According to Microsoft: “The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS)… In some of the lures, the actor attempted to add credibility to their malicious messages by impersonating Microsoft employees.”
Big tech goes nuclear
America’s leading technology companies are now engaged in their own nuclear power race. Advertising and search giant Google has announced that it has signed the world’s first corporate agreement to purchase nuclear energy from multiple small modular reactors (SMR), to be developed by Kairos Power. By investing in its own nuclear energy facilities, Google has now joined the ranks of Amazon, Microsoft, and Oracle in investing heavily in nuclear facilities to power the rollout of new services based around their prematurely launched artificial intelligence (AI) services. According to a recent report from US Madison Avenue investment bankers, Jeffries: “If it feels like Graphics Processing Units (GPUs) are suddenly everywhere, it’s because they are. GPUs drive computation across a wide range of industries and applications, from big data analytics to machine learning [AI].”
Feds try to block N. Korea’s crypto-cash pipeline
The US Federal Bureau of Investigation (FBI) is conducting an ongoing investigation into the notorious North Korean cybercrime group Lazarus, formerly known as “God’s Apostles”. The group is alleged to have stolen over $800 million in virtual currency. Over the past decade, the Lazarus group has targeted entertainment companies, banks, and pharmaceutical companies both in the US and worldwide. One heist, in particular, is referenced in the court documents, where approximately $41 million worth of virtual money was allegedly stolen from the online casino platform Stake.com and laundered through VCM Sinbad. Sinbad has since been sanctioned by the US Treasury Department’s Office of Foreign Assets Control for its involvement in laundering money from the Stake.com heist, among others executed by Lazarus.