Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Latest News

FBI Warns of Scattered Spider Cyberattacks on Airline and Transport Sectors

  The FBI, along with top cybersecurity firms, has issued a fresh warning that the notorious hacking group Scattered Spider is expanding its...

All the recent news you need to know

ByBit Crypto Heist: First Half of 2025 Records All-time High Crypto Theft

ByBit Crypto Heist: First Half of 2025 Records All-time High Crypto Theft

2025 H1 records all-time crypto theft

In the first half of 2025, hackers stole a record $2.1 billion in cryptocurrency, marking an all-time high. The data highlights the vulnerable state of the cryptocurrency industry. North Korean state-sponsored hackers accounted for 70% of the losses, responsible for USD 1.6 billion, rising as the most notorious nation-state actor in the crypto space, according to a report by TRM Labs

This indicates a significant increase in illegal operations, surpassing the 2022 H1 record by 10% and nearly matching the total amount stolen for the entire 2022 year, highlighting the danger to digital assets. 

Implications of nation-state actors in crypto attacks

The biggest cryptocurrency attack has redefined the H1 2025 narrative, the attack on Dubai-based crypto exchange Bybit. TRM believes the attack highlights a rising effort by the Democratic People’s Republic of Korea (DPRK) for cryptocurrency profits that can help them escape sanctions and fund strategic aims like nuclear weapons programs, besides being a crucial component of their statecraft. 

“Although North Korea remains the dominant force in this arena, incidents such as reportedly Israel-linked group Gonjeshke Darande (also known as Predatory Sparrow) hacking Iran’s largest crypto exchange, Nobitex, on June 18, 2025, for over USD 90 million, suggest other state actors may increasingly leverage crypto hacks for geopolitical ends,” TRM said in a blog post. 

Mode of operation

"Infrastructure attacks — such as private key and seed phrase thefts, and front-end compromises — accounted for over 80% of stolen funds in H1 2025 and were, on average, ten times larger than other attack types," reports TRM. These attacks target the technical spine of the digital asset system to get illicit access, reroute assets, and mislead users. Infrastructure attacks are done via social engineering or insider access and expose fractures in the cryptosecurity foundation.

Takeaways 

H1 2025 has shown a shift towards crypto hacking, attacks from state-sponsored hackers, and geopolitically motivated groups are rising. Large-scale breaches related to nation-state attacks have trespassed traditional cybersecurity. The industry must adopt advanced, effective measures to prevent such breaches. Global collaboration through information sharing and teamed efforts can help in the prosecution of such cyber criminals. 

Chinese Attackers Target France Infrastructure in Ivanti Zero-Day Exploit Campaign

 

The French cybersecurity agency stated in a study released Tuesday that three zero-day flaws impacting Ivanti Cloud Services Appliance devices triggered an attack spree in France last year that affected several critical infrastructure sectors.

The French National Agency for the Security of Information Systems reports that from early September to late November 2024, widespread zero-day exploits of CVE-2024-8190, CVE-2024-8963, and CVE-2024-9380 affected government agencies and organisations in the media, finance, transportation, and telecommunications sectors.

According to Mandiant, the attacks were carried out by UNC5174, a former member of Chinese hacktivist collectives who was probably working as a contractor for China's Ministry of State Security. The attacker, known as "Uteus," has previously targeted edge device flaws in ConnectWise ScreenConnect, F5 BIG-IP, Atlassian Confluence, the Linux kernel, and the Zyxel firewall. 

Authorities in France discovered that UNC5174 employed a unique intrusion set known as "Houken," which included zero-day vulnerabilities, a sophisticated rootkit, numerous open-source tools, commercial VPNs, and dedicated servers. Officials believe Houken and UNC5174 are operated by the same threat actor, an initial access broker who steals credentials and implements methods to gain persistent access to target networks. 

“Though already documented for its opportunistic exploitation of vulnerabilities on edge devices, the use of zero-days by a threat actor linked to UNC5174 is new,” France’s cybersecurity agency noted in the report. “The operators behind the UNC5174 and Houken intrusion sets are likely primarily looking for valuable initial accesses to sell to a state-linked actor seeking insightful intelligence.”

Earlier this year in January, the Cybersecurity and Infrastructure Security Agency said that threat actors used the three Ivanti zero-days in a chain to get credentials, execute remote code, establish initial access, and install webshells on victim networks. In April, Sysdig researchers said that they had observed the China state-sponsored hacker organisation UNC5174 use open-source offensive security techniques like WebSockets and VShell to blend in with more common cybercriminal activities. 

Numerous attackers have frequently taken advantage of long-standing flaws in Ivanti products, including espionage outfits with ties to China. Since 2021, Ivanti has shipped software with a high number of vulnerabilities across at least ten different product lines, more than any other vendor in this market since the start of last year. According to cyber authorities, cybercriminals have exploited seven flaws in Ivanti products so far this year, and 30 Ivanti faults have been discovered over the past four years in CISA's known exploited vulnerabilities catalogue. 

“We support information sharing to aid defenders. This report covers threat actor activity from last fall that affected an end-of-life version of Cloud Services Appliance. Customers on fully patched or upgraded versions were not affected,” a spokesperson for Ivanti noted in a statement. “Ivanti released a patch in 2024 and strongly urged all customers to upgrade to CSA version 5.0, which was not affected by this vulnerability. The security and protection of our customers remain our top priority, and we are committed to supporting them.”

North Korea-Linked Hackers Behind $2.1 Billion in Crypto Theft in Early 2025

 

A new report from blockchain analytics firm TRM Labs reveals that hackers stole an unprecedented $2.1 billion in cryptocurrency during the first half of 2025—marking the highest amount ever recorded for a six-month period. A staggering 70% of the total, or around $1.6 billion, has been attributed to cybercriminal groups sponsored by North Korea. 

According to TRM Labs’ “H1 2025 Crypto Hacks and Exploits” report, this figure surpasses the previous record set in 2022 by 10%, pointing to an escalating trend in high-stakes cybercrime. The report also emphasizes how North Korea has solidified its role as the leading state-backed threat actor in the cryptocurrency ecosystem.  

“These thefts are not just criminal—they’re tools of statecraft,” the report states, highlighting how stolen crypto plays a strategic role in funding the sanctioned regime’s national objectives, including its controversial weapons program. 

Much of this year’s unprecedented losses stem from a single massive incident: the $1.5 billion hack targeting Ethereum and related assets held by the crypto exchange Bybit in February. This attack is being considered the largest theft in the history of the cryptocurrency sector.  

Safe, a provider of multi-signature wallet solutions, traced the breach back to a compromised laptop belonging to one of its senior developers. The device was reportedly infected on February 4 after interacting with a malicious Docker project. The infiltration ultimately allowed attackers to gain unauthorized access to private keys.  

Both U.S. law enforcement and TRM Labs have linked the Bybit attack to North Korean hackers, aligning with prior assessments that the regime increasingly relies on crypto theft as a state-funded operation. 

This event drastically skewed the average size of crypto heists for 2025 and emphasized the changing nature of these attacks—from purely profit-driven motives to broader geopolitical strategies. 

TRM Labs noted that 80% of all crypto losses in 2025 were due to infrastructure breaches, with attackers exploiting vulnerabilities in systems that store private keys and seed phrases—essential components in controlling digital wallets. 

Analysts warn that such incidents signal a shift in the threat landscape. “Crypto hacking is becoming less about financial gain and more about political symbolism or strategic advantage,” TRM concluded. 

As the year continues, security experts urge crypto platforms and users to enhance infrastructure protection, especially against sophisticated, nation-backed threats that blur the line between cybercrime and cyberwarfare.

Denmark Empowers Public Against Deepfake Threats


 

A groundbreaking bill has been proposed by the Danish government to curb the growing threat of artificial intelligence-generated deepfakes, a threat that is expected to rise in the future. In the proposed framework, individuals would be entitled to claim legal ownership rights over their own likeness and voice, allowing them to ask for the removal of manipulated digital content that misappropriates their identity by requesting its removal. 

According to Danish Culture Minister Jakob Engel-Schmidt, the initiative has been launched as a direct response to the rapid advancements of generative artificial intelligence, resulting in the alarmingly easy production of convincing audio and video for malicious or deceptive purposes. According to the minister, current laws have failed to keep up with the advancement of technology, leaving artists, public figures, and ordinary citizens increasingly vulnerable to digital impersonation and exploitation. 

Having established a clear property right over personal attributes, Denmark has sought to safeguard its population from identity theft, which is a growing phenomenon in this digital age, as well as set a precedent for responsible artificial intelligence governance. As reported by Azernews, the Ministry of Culture has formally presented a draft law that will incorporate the images and voices of citizens into national copyright legislation to protect these personal attributes. 

The proposal embodies an important step towards curbing the spread and misuse of deepfake technologies, which are increasingly being used to deceive audiences and damage reputations. A clear prohibition has been established in this act against reproducing or distributing an individual's likeness or voice without their explicit consent, providing affected parties with the legal right to seek financial compensation should their likeness or voice be abused. 

Even though exceptions will be made for satire, parody, and other content classified as satire, the law places a strong stop on the use of deepfakes for artistic performances without permission. In order to comply with the proposed measures, online platforms hosting such material would be legally obligated to remove them upon request or face substantial fines for not complying. 

While the law is limited to the jurisdiction of Denmark, it is expected to be passed in Parliament by overwhelming margins, with estimates suggesting that up to 90% of lawmakers support it. Several high-profile controversies have emerged over the past few weeks, including doctored videos targeted at the Danish Prime Minister and escalating legal battles against creators of explicitly deepfake content, thus emphasizing the need for comprehensive safeguards in the age of digital technology. 

It has recently been established by the European Union, in its recently passed AI Act, that a comprehensive regulatory framework is being established for the output of artificial intelligence on the European continent, which will be categorized according to four distinct risks: minimal, limited, high, and unacceptable. 

The deepfakes that fall under the "limited risk" category are not outright prohibited, but they have to adhere to specific transparency obligations that have been imposed on them. According to these provisions, companies that create or distribute generative AI tools must make sure that any artificial intelligence-generated content — such as manipulated videos — contains clear disclosures about that content. 

To indicate that the material is synthetic, watermarks or similar labels may typically be applied in order to indicate this. Furthermore, developers are required to publicly disclose the datasets they used in training their AI models, allowing them to be held more accountable and scrutinized. Non-compliance carries significant financial consequences: organisations that do not comply with transparency requirements could face a penalty of up to 15 million euros or 3 per cent of their worldwide revenue, depending on which figure is greater. 

In the event of practices which are explicitly prohibited by the Act, such as the use of certain deceptive or harmful artificial intelligence in certain circumstances, a maximum fine of €35 million or 7 per cent of global turnover is imposed. Throughout its history, the EU has been committed to balancing innovation with safeguards that protect its citizens from the threat posed by advanced generative technologies that are on the rise. 

In her opinion, Athena Karatzogianni, an expert on technology and society at the University of Leicester in England, said that Denmark's proposed legislation reflects a broader effort on the part of international governments and institutions to combat the dangers that generative artificial intelligence poses. She pointed out that this is just one of hundreds of policies emerging around the world that deal with the ramifications of advanced synthetic media worldwide. 

According to Karatzogianni, deepfakes have a unique problem because they have both a personal and a societal impact. At an individual level, they can violate privacy, damage one's reputation, and violate fundamental rights. In addition, she warned that the widespread use of such manipulated content is a threat to public trust and threatens to undermine fundamental democratic principles such as fairness, transparency, and informed debate. 

A growing number of deepfakes have made it more accessible and sophisticated, so robust legal frameworks must be put in place to prevent misuse while maintaining the integrity of democratic institutions. As a result of this, Denmark's draft law can serve as an effective measure in balancing technological innovation with safeguards to ensure that citizens as well as the fabric of society are protected. 

Looking ahead, Denmark's legislative initiative signals a broader recognition that regulatory frameworks need to evolve along with technological developments in order to prevent abuse before it becomes ingrained in digital culture. As ambitious as the measures proposed are, they also demonstrate the delicate balance policymakers need to strike between protecting individual rights while preserving legitimate expression and creativity at the same time. 

The development of generative artificial intelligence tools, as well as the collaboration between governments, technology companies, and civil society will require governments, technology companies, and civil society to work together closely to establish compliance mechanisms, public education campaigns, and cross-border agreements in order to prevent misuse of these tools.

In this moment of observing the Danish approach, other nations and regulatory bodies have a unique opportunity to evaluate both the successes and the challenges it faces as a result. For emerging technologies to contribute to the public good rather than undermining trust in institutions and information, it will be imperative to ensure that proactive governance, transparent standards, and sustained public involvement are crucial. 

Finally, Denmark's efforts could serve as a catalyst for the development of more resilient and accountable digital landscapes across the entire European continent and beyond, but only when stakeholders act decisively in order to uphold ethical standards while embracing innovation responsibly at the same time.

UK Man Accused in Major International Hacking Case, Faces US Charges




A 25-year-old British citizen has been formally charged in the United States for allegedly leading an international hacking operation that caused millions in damages to individuals, companies, and public institutions.

Authorities in the US claim the man, identified as Kai West, was the person behind an online identity known as "IntelBroker." Between 2022 and 2025, West is accused of breaking into systems of more than 40 organizations and trying to sell sensitive data on underground online forums.

According to court documents, the financial impact of the operation is estimated to be around £18 million. If convicted of the most serious offense—wire fraud—West could face up to 20 years in prison.

Prosecutors believe that West worked with a group of 32 other hackers and also used the online alias “Kyle Northern.” While officials didn’t name the specific forum used, various sources suggest that the activity took place on BreachForums, a site often linked to the trade of stolen data.

Investigators say West posted nearly 160 threads offering stolen data for sale, often in exchange for money, digital credits, or even for free. His alleged victims include a healthcare provider, a telecom company, and an internet service provider—all based in the US. While official names were not disclosed in court, separate reports connect the IntelBroker identity to past breaches involving major companies and even government bodies.

One particularly concerning incident tied to the IntelBroker persona occurred in 2023, when a data leak reportedly exposed health and personal information of US lawmakers and their families. This included details such as social security numbers and home addresses.

Officials say they were able to trace West’s identity after an undercover operation led them to one of his cryptocurrency transactions. A $250 Bitcoin payment for stolen data allegedly helped link him to email addresses used in the operation.

West was arrested in France in February and remains in custody there. The United States is now seeking his extradition so he can stand trial.

The US Department of Justice has called this a “global cybercrime operation” and emphasized the scale of damage caused. FBI officials described West’s alleged activity as part of a long-running scheme aimed at profiting from illegally obtained data.

French authorities have also detained four other individuals in their twenties believed to be connected to the same forum, although no further details have been made public.

As of now, there has been no official response or legal representation comment from West’s side. 

Cloudflare Thwarts Record-Breaking DDoS Attack as Global Threat Escalates

 

Cloudflare has successfully blocked the largest distributed denial-of-service (DDoS) attack ever recorded, marking a significant moment in the escalating battle against cyber threats. The attack peaked at an unprecedented 7.3 terabits per second (Tbps), targeting an unnamed hosting provider and unleashing 37.4 terabytes of data in just 45 seconds. Cloudflare’s Magic Transit service absorbed the blow, which was composed almost entirely—99.996%—of User Datagram Protocol (UDP) flood attacks. 

While UDP is commonly used for real-time applications like streaming and gaming due to its speed, that same characteristic makes it vulnerable to exploitation in high-volume cyberattacks. The remaining 0.004% of the traffic—about 1.3 GBps—included various amplification and reflection attack methods such as NTP reflection, Echo reflection, Mirai UDP flood, and RIPv1 amplification. This sliver alone would be enough to cripple most unprotected systems. 

What set this attack apart wasn’t just volume but velocity—it carpet-bombed an average of 21,925 destination ports per second, with peaks reaching 34,517 ports on a single IP address. The attack originated from over 122,000 unique IP addresses spanning 161 countries, with the most significant traffic coming from Brazil, Vietnam, Taiwan, China, Indonesia, and Ukraine. This historic attack is part of a growing wave of DDoS incidents. In the first quarter of 2025 alone, Cloudflare mitigated 20.5 million DDoS attacks—a staggering 358% increase from the same period last year. Nearly 700 of these were hyper-volumetric attacks, averaging eight per day and overwhelmingly leveraging network-layer vulnerabilities via UDP floods. 

Earlier this year, Cloudflare had also defended against a 6.5 Tbps strike linked to the Eleven11bot botnet, composed of tens of thousands of compromised webcams and IoT devices. The rise in DDoS activity is not just a technical issue—it’s being fueled by geopolitical tensions as well. According to Radware’s director of threat intelligence, Pascal Geenens, hacktivist DDoS attacks against U.S. targets surged by 800% in just two days in June, following U.S. involvement in the Israel-Iran conflict. Radware’s 2025 Global Threat Analysis Report highlights a 550% global increase in web-based DDoS attacks and a near 400% year-over-year growth in overall DDoS traffic volume. Experts warn that these attacks are only going to become more frequent and intense. To counter this threat, experts recommend a multi-layered defense strategy. 

Partnering with specialized DDoS mitigation providers such as Cloudflare, Akamai, Imperva, or Radware is essential for organizations that lack the infrastructure to defend against large-scale attacks. Blocking traffic from known malicious Autonomous System Numbers (ASNs) and using geoblocking can filter out harmful sources, although attackers often bypass these measures with spoofed IPs or botnets. Distributing network infrastructure can prevent single points of failure, while configuring routers and firewalls to block unsafe protocols like ICMP and FTP adds an additional line of defense. Businesses are also advised to work closely with their internet service providers to filter unnecessary traffic upstream. 

Deploying Web Application Firewalls (WAFs) is critical for defending against application-layer threats, and using multiple DNS providers with DNSSEC can ensure site availability even during attacks. Specialized tools like Wordfence for WordPress add another layer of protection for widely used platforms. Importantly, no single solution is sufficient. Organizations must adopt layered defenses and routinely test their systems through red team exercises using tools like HULK, hping3, or GoldenEye to identify vulnerabilities before attackers exploit them. Even small websites are no longer safe from DDoS campaigns. As cybersecurity journalist Steven Vaughan-Nichols noted, his personal site faces about a dozen DDoS attacks every week. In today's threat landscape, robust DDoS defense isn't a luxury—it’s a necessity.

Cybercrime Gang Hunters International Shuts Down, Returns Stolen Data as Goodwill

Cybercrime Gang Hunters International Shuts Down, Returns Stolen Data as Goodwill

Cybercrime gang to return stolen data

The Hunters International Ransomware-as-a-Service (RaaS) operation has recently announced that it is shutting down its operation and will provide free decryptors to help targets recover their data without paying a ransom. 

"After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with," the cybercrime gang said. 

Hunter International claims goodwill

As a goodwill gesture to victims affected by the gang’s previous operations, it is helping them recover data without requiring them to pay ransoms. The gang has also removed all entries from the extortion portal and stated that organizations whose systems were encrypted in the Hunters International ransomware attacks can request assistance and recovery guidance on the group’s official website.

Gang rebranding?

The gang has not explained the “recent developments” it referred to, the recent announcement comes after a November 17 statement announcing Hunters International will soon close down due to strict law enforcement actions and financial losses. 

In April, Group-IB researchers said the group was rebranding with the aim to focus on extortion-only and data theft attacks and launched “World Leaks”- a new extortion-only operation. Group-IB said that “unlike Hunters International, which combined encryption with extortion, World Leaks operates as an extortion-only group using a custom-built exfiltration tool. The new tool looks like an advanced version of the Storage Software exfiltration tool used by Hunter International’s ransomware associates.

The emergence of Hunter International

Hunter International surfaced in 2023, and cybersecurity experts flagged it as a rebrand of as it showed code similarities. The ransomware gang targeted Linux, ESXi (VMware servers), Windows, FreeBSD, and SunOS. In the past two years, Hunter International has attacked businesses of all sizes, demanding ransom up to millions of dollars. 

The gang was responsible for around 300 operations globally. Some famous victims include the U.S Marshals Service, Tata Technologies, Japanese optics mammoth Hoya, U.S Navy contractor Austal USA, Oklahoma’s largest not-for-profit healthcare Integris Health, AutoCanada, and a North American automobile dealership. Last year, Hunter International attacked the Fred Hutch Cancer Center and blackmailed to leak stolen data of more than 800,000 cancer patients if ransom was not paid.