Very important
Cyberattacks by Russian intelligence services and their allies are already a real threat to the world
How it can affect your life and the situation in your country
The biggest fakes
Very important
Ukraine ranked fifth in the world and third in Europe in terms of cyberattacks
About 52% of world cyberattacks are related to ransomware, while only 4% – with cyber-espionage. Microsoft’s report says the company handles more than 100 trillion security signals daily, blocks 4.5 million attempts to infect malware and checks up to 5 billion emails for phishing.
According to Microsoft representative Renate Strazdina, Ukraine forms “digital resilience that inspires the world”.
Thus, Ukraine in the first half of 2025 took the fifth place in the world and the third in Europe in terms of cyberattacks – 9.5% of all incidents in the region. The main target of hackers are hospitals, schools and local authorities. Most attacks are carried out by organized cybercriminals, in 80% of cases with the purpose of stealing data. Therefore, Microsoft calls on governments and businesses to strengthen cyber defence and exchange of analytics within the Secure Future Initiative initiative. The most active are state hackers from China, russia, Iran and the DPRK.
Chinese criminal groups have converted SMS fraud into business in the USA
Over the past three years, organized groups from China have earned more than $1 billion in phishing SMS, reports The Wall Street Journal with reference to the US Security Report: https://www.wsj.com/tech/cybersecurity/url-scam-texts-china-gangs-68e96097How the scheme works:
▪ send SMS allegedly from the postal service or bank;
▪ links lead to a fake page where data cards and disposable codes (OTP) are requested; ▪ fraudsters add cards to Google/Apple Wallet and make purchases without confirmation.
Stolen funds are spent on iPhone, clothing, cosmetics, part of the goods are transferred to Asia. The newsletter is carried out via SIM farm – rooms with hundreds of SIM cards. The scheme attracts 400-500 Americans-“mules”, who make purchases for other people’s money and receive $0.12 for every $100 expenses. According to WSJ, this is one of the most sophisticated forms of digital fraud, which directly finances Chinese organized crime.Recall that China is an ally of putin’s criminal regime in all spheres, including in cyber space.
Chinese criminal groups have converted SMS fraud into business in the USA
Over the past three years, organized groups from China have earned more than $1 billion in phishing SMS, reports The Wall Street Journal with reference to the US Security Report: https://www.wsj.com/tech/cybersecurity/url-scam-texts-china-gangs-68e96097How the scheme works:
▪ send SMS allegedly from the postal service or bank;
▪ links lead to a fake page where data cards and disposable codes (OTP) are requested; ▪ fraudsters add cards to Google/Apple Wallet and make purchases without confirmation.
Stolen funds are spent on iPhone, clothing, cosmetics, part of the goods are transferred to Asia. The newsletter is carried out via SIM farm – rooms with hundreds of SIM cards. The scheme attracts 400-500 Americans-“mules”, who make purchases for other people’s money and receive $0.12 for every $100 expenses. According to WSJ, this is one of the most sophisticated forms of digital fraud, which directly finances Chinese organized crime.Recall that China is an ally of putin’s criminal regime in all spheres, including in cyber space.
The United Kingdom exposed China and Russia in large-scale espionage
Deputy National Security Advisor Matthew Collins said that Chinese intelligence services are conducting active operations against London, trying to promote Beijing's interests and undermine the country's security: https://www.politico.eu/article/china-spying-against-uk-matthew-collins/Two men are already accused of data transmission useful to China, "has harmed the security and interests of the United Kingdom".“China’s actions pose a threat to the economic stability of the United Kingdom and the integrity of our democratic institutions,” Collins said.
Meanwhile, the russian Lynx group kidnapped hundreds of confidential documents about eight UK military bases, according to Daily Mail: https://www.dailymail.co.uk/news/article-15205213/Russians-hack-files-EIGHT-MoD-bases-dark-web.html
Hackers have accessed files through the hacking of the British contractor’s network Dodd Group, which serves the Ministry of Defense. In the darknet, part of the archive has already been published – the names of the Ministry of Defense employees, e-mail addresses, car data and internal security instructions. The British media called the leak "a catastrophic security violation". The Defense Ministry is investigating and experts warn: even at first glance minor data can help the enemy to make a reconnaissance profile of British military structures.
cybercriminals from Russia hacked the U.S. court database PACER
According to The New York Times journalists, hackers purposefully tracked the average criminal proceedings in New York and several more regions: https://www.nytimes.com/2025/08/12/us/politics/russia-hack-federal-court-system.htmlWere particularly interested in cases where individuals with russian and Eastern European names were involved.Also reports Politico, as a result of the hacking, the attackers could get data about confidential
informants who cooperate with law enforcement officers, which poses a real threat to their security: https://www.politico.com/news/2025/08/06/federal-court-filing-system-pacer-hack-00496916
The stolen materials probably contain sealed criminal dossiers, arrest warrants and other documents that were not intended for publication.
In the administrative administration of the US courts confirmed the fact of the attack. In internal report to the Ministry of Justice, judges and courts employees noted that the hack was carried out by “resistant and technologically trained cybercriminals”. Now in the US, cyber defence of the judiciary is strengthening and new security measures are being implemented to prevent such attacks in the future.
Latvia reflected a large-scale DDoS attack on state sites
On the morning of October 2, Latvia’s state online resources were massively attacked by denial of service (DDoS), writes Delfi: https://rus.delfi.lv/57860/latvia/120089698/gosudarstvennye-sayty-podverglis-masshtabnoy-ddos-atake-rabota-internet-resursov-uzhe-vozobnovlena
The site of the State Income Service, portal Latvija.lv, as well as ministries, local self-government agencies and state institutions were hit.
Even the eParaksts.lv application was temporarily unavailable. Pages "layed" for about an hour, some - longer. At noon, the services were resumed, although some resources were still working with delays. Previously unknowns carried out a DDoS attack on the website of the Ministry of Defense of Finland. Also controlled by the kremlin hackers attack Polish hospitals and water supply systems. And in Norway suspected russian hackers in cyberattack on the dam.
russia tripled cyberattacks on Poland: under the blow – energy and water supply
During the three quarters of 2025, 170 thousand cyber incidents were recorded, of which a significant part is connected with the activities of russian cybercriminals, said Minister of Digital Affairs Krzysztof Gavkovsky: https://www.reuters.com/technology/poland-says-cyberattacks-critical-infrastructure-rising-blames-russia-2025-10-10/
Daily Poland suffered up to 4000 attacks, of which about a thousand posed a real threat to the functioning of state systems.
Under the impact – the energy sector, water supply and sewerage systems. The most powerful cyberattack took place on September 10, on the night when russian drones violated Poland’s airspace. “These facts confirm that putin’s regime is the most serious danger, as the russians are targeting the critical infrastructure needed to maintain normal life,” the minister said.
Russia intensifies hybrid attacks on the Netherlands
The Netherlands reported a cyberattack on its civil service. According to the director of the Netherlands Military Intelligence Directorate, Peter Reissink, russia attempted a cyberattack on the Dutch civil service to seize control of the system. The attack was repelled, but it is an alarming precedent, Reuters reports.Intelligence also detected an attempt to interfere with critical infrastructure, probably in preparation for future sabotage. russian hybrid threats include: cyber attacks; physical sabotage of critical facilities; disinformation campaigns; espionage.Read more: https://www.reuters.com/world/europe/russia-is-upping-hybrid-attacks-against-europe-dutch-intelligence-says-2025-04-22/
On the eve of the NATO summit, pro-russian hackers from the NoName057(16) group attacked an online platform used by municipalities and provinces to publish official documents, De Telegraaf reports: https://www.telegraaf.nl/binnenland/pro-russische-hackers-claimen-ddos-aanval-sites-nederlandse-gemeenten-en-provincies-slecht-bereikbaar/73241912.html
Due to the attack, access to municipal websites, including The Hague, has become unstable, with system overload and periodic page unavailability reported. The group uses the DDOSIA tool, which generates thousands of requests to target sites in order to paralyse their operation. The attack is coordinated via Telegram, and the tools themselves are stored on GitHub for anonymity.
It should be noted that this is not the first time NoName057(16) has attacked the infrastructure of countries supporting Ukraine. Previously, they targeted Italian banks and transport companies.
Russia and China join forces to spread disinformation and manipulation
According to the report, russia and China continue refining their manipulation tactics, with Beijing expanding its global media footprint while concealing involvement through proxies. Though operating independently, their narratives notably converged in blaming NATO for ‘escalation’.Both increasingly deploy AI tools and elaborate deception networks that function like icebergs – visible state channels above water, vast covert networks beneath.
The full report on the EEAS website offers more insights into these fast-evolving threats.
The latest EEAS report on Foreign Information Manipulation and Interference (FIMI) threats maps out the digital infrastructure deployed by foreign actors, mainly by russia, but also by China, to manipulate and interfere in the information space of the EU and partner countries with the objective to spread disinformation, to erode trust and undermine democratic societies. This map shows how attributed channels are only the tip of the iceberg of FIMI activities as they rely with extensive covert networks of channels with hidden connections, such as Doppelganger, African Initiative, Portal Kombat or False Façade. Details here.
North Korea Creates New Unit for AI Cyber Attacks
The Research Center 227 cyber group will operate under the Reconnaissance General Bureau (RGB) intelligence agency and focus on developing ‘offensive hacking technologies and data theft programs,’ TechCrunch reports.
In addition, this unit will study Western cybersecurity systems and computer networks to steal digital assets, develop AI-based methods to steal information, and coordinate with other north korean hacker groups abroad.
It is noted that north korean hackers have recently been actively attacking cryptocurrency exchanges and companies around the world. The FBI and the US National Security Agency have repeatedly accused the DPRK's intelligence agencies of cyberattacks and espionage. north korea has been a strategic partner of russia since 2023: It has been supplying the putin regime with weapons and taking part in military operations against Ukraine. Obviously, cyber espionage is also an important area of cooperation between the two dictatorial states.
Chinese-controlled hackers carried out a cyberattack on critical infrastructure in the Czech Republic
The Czech government has stated that APT31 is responsible for the cyberattack on one of the unclassified networks of the Ministry of Foreign Affairs.
This cyber group has been conducting its malicious activities since 2022, and its criminal actions have affected the work of a diplomatic institution that has the status of a critical facility. The hackers also have public ties to the Ministry of State Security of the People's Republic of China.
Unfortunately, there are more and more cases of cyber attacks on democratic countries by hackers controlled by China.
How Russians plant fakes in foreign media
russian propaganda tried to ‘sell’ the Estonian media a fake about the alleged death of an Estonian citizen in the war in Ukraine. The editorial office of the Estonian media outlet Postimees received a letter from an unidentified woman asking for help in finding her ‘missing husband’, allegedly an Estonian citizen who fought on the side of Ukraine. She attached screenshots with ‘an offer from the Ukrainian military to buy the body of the deceased for $2000.
The journalists found that the man in the photo was fictitious. There is neither a death registration nor confirmation of the existence of such a person in the databases.
The name, documents, photo - everything is generated or chosen at random: https://rus.postimees.ee/8248999/2000-dollarov-za-vozvrashchenie-tela-pogibshego-v-ukraine-zhitelya-estonii-kak-redakcii-pytalis-po-naglomu-vsuchit-feyk This case is about the methods of russian special services to use the so-called ‘human story’ to spread disinformation, including about the participation of foreigners in the war and the ‘cruelty’ of the Ukrainian military. The aim of these fakes is to raise doubts in foreign societies, discredit Ukraine and sow distrust in official sources.
Russia has launched a cyber attack on dozens of Italian companies and government agencies
The hackers targeted, in particular, Intesa Sanpaolo, Banca Monte dei Paschi, Iccrea Banca, Milan Linate and Malpensa airports, as well as the ports of Taranto and Trieste, Reuters reports: https://www.reuters.com/world/europe/alleged-pro-russian-hackers-hit-20-italian-websites-cybersecurity-agency-says-2025-02-17/
In addition, the websites of several ministries, carabinieri, financial police and some transport companies were attacked, ANSA reports.
The Italian National Cybersecurity Agency claims that the pro-russian hacker group NoName057(16) is behind the series of attacks. These cyberattacks did not affect the operation of companies.
Cybersecurity officials linked the attack to a statement by Italian President Sergio Mattarella, who compared modern russia to the Third Reich because of its war of aggression against Ukraine.
How DeepSeek spreads disinformation in favour of China
The threats posed by the Chinese AI assistant DeepSeek are so obvious that the chatbot is being banned in different countries. In Italy, the national regulator did this to protect user data. Due to security risks, the chatbot is also prohibited for government agencies in Taiwan. Employees of the Congress, the Pentagon, and the US Navy have been banned from using it. Australia's largest cybersecurity company urged critical organisations to stop using DeepSeek. The UK and Irish authorities are also checking it for security risks.In addition to problems with the security of personal information, DeepSeek has already been caught in Chinese propaganda.
The researchers tested the chatbot's capabilities and found that its answers not only reflect Beijing's view of certain events in the world, but also directly spread disinformation. For example, DeepSeek distorted the words of former US President Jimmy Carter, who allegedly agreed that Taiwan was part of China. This was one of several examples documented by NewsGuard, a company that monitors disinformation on the Internet.
NewsGuard has called DeepSeek a ‘disinformation machine’.South Korea's National Intelligence Service (NIS) has accused the DeepSeek of excessive collection of personal data and using all incoming queries for its own training. Unlike other services with generative AI, DeepSeek's chat history can be shared with other parties, as the app has a function to collect keyboard input patterns, which allows it to identify users and connect with servers of Chinese companies such as volceapplog.com.Obviously, artificial intelligence is becoming a key tool in the spread of disinformation, regardless of who creates it. And we, as conscious citizens, should take this into account when we draw new knowledge from the neural network.
Russian hackers launch first phishing campaign on WhatsApp
The launch of the campaign through this platform indicates a change in the tactics, methods and procedures of cybercriminals who are trying to avoid detection in this way, Microsoft said in a blog post.The mechanics of phishing are as follows: the attackers initiate electronic communication with the targeted organisations [organisations that support Ukraine in the full-scale war with russia] to attract their attention.
Next, an email with a malicious link is sent from an address purportedly belonging to a US government official.
The email contains a QR code that allegedly directs users to a WhatsApp group with information about ‘the latest non-governmental initiatives to support Ukrainian NGOs’.
After scanning the QR code, which is actually used by WhatsApp to connect the account, the attackers access the messages using existing browser plugins that are designed to export messages from the account to the WhatsApp web version.