Newsletters

Reactions to the rise of Chinese AI company DeepSeek have so far focused on its economic and geopolitical implications, but the company's models will also provide Chinese cyber espionage actors with their own indigenous capabilities. 

The company made headlines in January when it released its 'R1' Large Language Model (LLM), which boasts performance comparable to the latest LLMs from US companies such as OpenAI and Anthropic. DeepSeek was able to train and run its model at a considerably lower cost than its rivals, so it charges about 95% less for API access than OpenAI or Anthropic do for comparable models.  

However, last week the Italian government banned DeepSeek from operating in the country and this week the Australian government banned DeepSeek from government devices. 

Kaspersky researchers have discovered a new crypto-stealer that has found its way into both the iOS and Android app stores.

Named SparkCat, the trojan takes photos from the phone's gallery and scans them with an OCR module to extract text that may appear in any of the images.

The malware looks for text that resembles mnemonic phrases in different languages, which may indicate the photo might be a screenshot of a cryptocurrency wallet recovery phrase.

The US government warns that Contec patient monitors contain a backdoor that collects and sends patient data to a remote Chinese IP address and can even secretly download and execute files.

The US Food and Drug Administration (FDA) and the Cybersecurity and Infrastructure Security Agency (CISA) published security alerts last week warning hospitals to disconnect devices from the internet.

The backdoor behavior has been confirmed in Contec CMS8000 patient monitors, but officials say the devices are often re-labeled and sold under other names, such as Epsimed MN-120.

Law enforcement agencies from Europe and the US have seized the domains of Cracked and Nulled, two of today's most popular cybercrime forums.

Authorities have seized 12 domains and made two arrests after searches at seven locations across the EU.

The US Justice Department has identified one of the Nulled admins as Lucas Sohn, 29, an Argentinian national residing in Spain.

The European Union has sanctioned three Russian military hackers for their role in cyberattacks against Estonian government agencies in 2020.

Sanctions were levied against Yuriy Denisov, Nikolay Korchagin, and Vitaly Shevchenko.

The three are officers in Unit 29155 in Russia's military intelligence service, also known as the GRU.

Anti-government hackers have defaced payment systems installed in public transport buses in Georgia's capital, Tbilisi, to play pro-European songs and slogans.

The incident took place on Friday morning as residents headed to work.

The ticket scanners and point-of-sale devices played the national anthems of Georgia and the EU, along with pro-EU speeches from local politicians:

Russians have lost over 40 million rubles (~$400,000) to a new type of scheme that steals their payment card NFC data and relays it to a remote threat actor, who then empties their accounts.

Russian security firm FACCT says it detected over 400 NFC relay attacks over the past two months alone, suggesting the scheme is gaining popularity with criminal gangs.

NFC cloning and relay attacks were first seen in Czechia in late 2023 and spread to Russian banks in August of last year.

A cyber-espionage group has mimicked the tactics of an FSB-linked APT to target Russian organizations for months.

Named GamaCopy (or Core Werewolf), the group emulated the tactics of Gamaredon (or Armageddon), a cyber-espionage group operated by the Russian FSB intelligence agency from the occupied region of Crimea.

The group's false flag attacks have been taking place since June of last year. The campaign has tricked several security vendors who misattributed attacks to Gamaredon, according to a report from Chinese security firm Knownsec 404.

In its last days in office last week, the Biden administration signed an executive order (EO 14144) with new requirements and standards for strengthening the US' cybersecurity defenses and ecosystem.

This is the administration's second cyber executive order after EO 14028 from May 2021.

Below, we're gonna go over all the main points included in last week's release. The list is going through the EO from top to bottom. Items are not listed based on "importance."

Five hacks linked to the DPRK: The US, South Korea, and Japan have linked five 2024 crypto-heists to North Korean hackers. This includes DMM Bitcoin ($308mil), WazirX ($235mil), Upbit ($50mil), Radiant Capital ($50mil), and Rain Management ($16mil).

Synnovius attack fallout: The UK NHS says that a ransomware attack on lab service provider Synnovis last year has had an impact on the health of several patients, including permanent long-term damage in at least two cases. [Additional coverage in Bloomberg]

Fico blames Ukraine for cyberattack: Slovakia's PM Robert Fico has blamed Ukraine for a ransomware attack that crippled its cadastre agency earlier this year. As local media puts it, Fico, who is a known Putin fanboy and a pro-Kremlin propaganda mouthpiece, has cited no evidence.