Cyberattacks by Russian intelligence services and their allies are already a real threat to the world

Russia intensifies hybrid attacks on the Netherlands

The Netherlands reported a cyberattack on its civil service. According to the director of the Netherlands Military Intelligence Directorate, Peter Reissink, russia attempted a cyberattack on the Dutch civil service to seize control of the system. The attack was repelled, but it is an alarming precedent, Reuters reports.Intelligence also detected an attempt to interfere with critical infrastructure, probably in preparation for future sabotage. russian hybrid threats include: cyber attacks; physical sabotage of critical facilities; disinformation campaigns; espionage.Read more: https://www.reuters.com/world/europe/russia-is-upping-hybrid-attacks-against-europe-dutch-intelligence-says-2025-04-22/

On the eve of the NATO summit, pro-russian hackers from the NoName057(16) group attacked an online platform used by municipalities and provinces to publish official documents, De Telegraaf reports: https://www.telegraaf.nl/binnenland/pro-russische-hackers-claimen-ddos-aanval-sites-nederlandse-gemeenten-en-provincies-slecht-bereikbaar/73241912.html

Due to the attack, access to municipal websites, including The Hague, has become unstable, with system overload and periodic page unavailability reported. The group uses the DDOSIA tool, which generates thousands of requests to target sites in order to paralyse their operation. The attack is coordinated via Telegram, and the tools themselves are stored on GitHub for anonymity.
It should be noted that this is not the first time NoName057(16) has attacked the infrastructure of countries supporting Ukraine. Previously, they targeted Italian banks and transport companies.

Russia and China join forces to spread disinformation and manipulation

According to the report, russia and China continue refining their manipulation tactics, with Beijing expanding its global media footprint while concealing involvement through proxies. Though operating independently, their narratives notably converged in blaming NATO for ‘escalation’.Both increasingly deploy AI tools and elaborate deception networks that function like icebergs – visible state channels above water, vast covert networks beneath. 

The full report on the EEAS website offers more insights into these fast-evolving threats.

The latest EEAS report on Foreign Information Manipulation and Interference (FIMI) threats maps out the digital infrastructure deployed by foreign actors, mainly by russia, but also by China, to manipulate and interfere in the information space of the EU and partner countries with the objective to spread disinformation, to erode trust and undermine democratic societies. This map shows how attributed channels are only the tip of the iceberg of FIMI activities as they rely with extensive covert networks of channels with hidden connections, such as Doppelganger, African Initiative, Portal Kombat or False Façade. Details here.

North Korea Creates New Unit for AI Cyber Attacks

The Research Center 227 cyber group will operate under the Reconnaissance General Bureau (RGB) intelligence agency and focus on developing ‘offensive hacking technologies and data theft programs,’ TechCrunch reports.
In addition, this unit will study Western cybersecurity systems and computer networks to steal digital assets, develop AI-based methods to steal information, and coordinate with other north korean hacker groups abroad.

It is noted that north korean hackers have recently been actively attacking cryptocurrency exchanges and companies around the world. The FBI and the US National Security Agency have repeatedly accused the DPRK's intelligence agencies of cyberattacks and espionage. north korea has been a strategic partner of russia since 2023: It has been supplying the putin regime with weapons and taking part in military operations against Ukraine. Obviously, cyber espionage is also an important area of cooperation between the two dictatorial states.

Chinese-controlled hackers carried out a cyberattack on critical infrastructure in the Czech Republic

The Czech government has stated that APT31 is responsible for the cyberattack on one of the unclassified networks of the Ministry of Foreign Affairs.

This cyber group has been conducting its malicious activities since 2022, and its criminal actions have affected the work of a diplomatic institution that has the status of a critical facility. The hackers also have public ties to the Ministry of State Security of the People's Republic of China.
Unfortunately, there are more and more cases of cyber attacks on democratic countries by hackers controlled by China.

How Russians plant fakes in foreign media

russian propaganda tried to ‘sell’ the Estonian media a fake about the alleged death of an Estonian citizen in the war in Ukraine. The editorial office of the Estonian media outlet Postimees received a letter from an unidentified woman asking for help in finding her ‘missing husband’, allegedly an Estonian citizen who fought on the side of Ukraine. She attached screenshots with ‘an offer from the Ukrainian military to buy the body of the deceased for $2000.

The journalists found that the man in the photo was fictitious. There is neither a death registration nor confirmation of the existence of such a person in the databases.

The name, documents, photo - everything is generated or chosen at random: https://rus.postimees.ee/8248999/2000-dollarov-za-vozvrashchenie-tela-pogibshego-v-ukraine-zhitelya-estonii-kak-redakcii-pytalis-po-naglomu-vsuchit-feyk This case is about the methods of russian special services to use the so-called ‘human story’ to spread disinformation, including about the participation of foreigners in the war and the ‘cruelty’ of the Ukrainian military. The aim of these fakes is to raise doubts in foreign societies, discredit Ukraine and sow distrust in official sources.

Russia has launched a cyber attack on dozens of Italian companies and government agencies

The hackers targeted, in particular, Intesa Sanpaolo, Banca Monte dei Paschi, Iccrea Banca, Milan Linate and Malpensa airports, as well as the ports of Taranto and Trieste, Reuters reports: https://www.reuters.com/world/europe/alleged-pro-russian-hackers-hit-20-italian-websites-cybersecurity-agency-says-2025-02-17/

In addition, the websites of several ministries, carabinieri, financial police and some transport companies were attacked, ANSA reports.
The Italian National Cybersecurity Agency claims that the pro-russian hacker group NoName057(16) is behind the series of attacks. These cyberattacks did not affect the operation of companies.
Cybersecurity officials linked the attack to a statement by Italian President Sergio Mattarella, who compared modern russia to the Third Reich because of its war of aggression against Ukraine.

How DeepSeek spreads disinformation in favour of China

The threats posed by the Chinese AI assistant DeepSeek are so obvious that the chatbot is being banned in different countries. In Italy, the national regulator did this to protect user data. Due to security risks, the chatbot is also prohibited for government agencies in Taiwan. Employees of the Congress, the Pentagon, and the US Navy have been banned from using it. Australia's largest cybersecurity company urged critical organisations to stop using DeepSeek. The UK and Irish authorities are also checking it for security risks.In addition to problems with the security of personal information, DeepSeek has already been caught in Chinese propaganda.

The researchers tested the chatbot's capabilities and found that its answers not only reflect Beijing's view of certain events in the world, but also directly spread disinformation. For example, DeepSeek distorted the words of former US President Jimmy Carter, who allegedly agreed that Taiwan was part of China. This was one of several examples documented by NewsGuard, a company that monitors disinformation on the Internet.

NewsGuard has called DeepSeek a ‘disinformation machine’.South Korea's National Intelligence Service (NIS) has accused the DeepSeek of excessive collection of personal data and using all incoming queries for its own training. Unlike other services with generative AI, DeepSeek's chat history can be shared with other parties, as the app has a function to collect keyboard input patterns, which allows it to identify users and connect with servers of Chinese companies such as volceapplog.com.Obviously, artificial intelligence is becoming a key tool in the spread of disinformation, regardless of who creates it. And we, as conscious citizens, should take this into account when we draw new knowledge from the neural network.

Russian hackers launch first phishing campaign on WhatsApp

The launch of the campaign through this platform indicates a change in the tactics, methods and procedures of cybercriminals who are trying to avoid detection in this way, Microsoft said in a blog post.The mechanics of phishing are as follows: the attackers initiate electronic communication with the targeted organisations [organisations that support Ukraine in the full-scale war with russia] to attract their attention.

Next, an email with a malicious link is sent from an address purportedly belonging to a US government official.
The email contains a QR code that allegedly directs users to a WhatsApp group with information about ‘the latest non-governmental initiatives to support Ukrainian NGOs’.
After scanning the QR code, which is actually used by WhatsApp to connect the account, the attackers access the messages using existing browser plugins that are designed to export messages from the account to the WhatsApp web version.

Kremlin cybercriminals are attacking government websites and companies in Belgium

Hackers use DDoS attacks to overload servers with an excessive number of malicious requests, making websites inaccessible to real users.
In particular, the websites of the banking federation Febelfin, the Ministry of Economy, and the port of Antwerp-Zebrugge are not working. The website of the Belgian Cyber ​​Security Center is also unavailable.

According to VRT (https://www.vrt.be/vrtnws/nl/2024/10/10/hackerscollectief-opnieuw/), the pro-russian hacker group NoName057 is involved in cyberattacks. Hackers claim that their actions are a response to the statement of Defense Minister Lyudivin Dedonder about the intention to purchase three Caesar artillery installations for Ukraine.
Let's add that NoName057 has been carrying out attacks on allied sites since the beginning of the full-scale russian invasion of Ukraine.
At the same time, a fairly powerful cyber community is also working on the side of Ukraine, which neutralizes similar hacker groups, as well as institutions involved in the kremlin's armed and informational aggression. You can join here

Polish special services neutralized a group of cyberspies controlled by Moscow, and Norway is preparing for sabotage

The exposed cyber group is connected to the Belarusian and russian special services, Polish Minister of Digitalization Krzysztof Hawkowski said.
The attackers started their cyberespionage campaign with an attack on the website of the Polish Press Agency (PAP), and their key goal was to infiltrate various Polish institutions, government agencies and state-owned companies that are connected to the security sector to steal information.

The minister also noted that more than 400,000 incidents related to cyber attacks were recorded in just six months.
Meanwhile, in Norway, a change in the threat level of sabotage on critical infrastructure facilities by the russian Federation is recorded.

According to intelligence data, russia has become more prone to sabotage, in particular at oil and gas facilities, than a year ago. As noted by the head of the Foreign Intelligence Service (SSR), Vice Admiral Nils Andreas Stensens, quoted by Reuters (https://www.reuters.com/world/europe/norways-spy-chief-sees-russia-more-likely-attempt-sabotage- 2024-09-10/), this intensification is, among other things, related to the kremlin's attempts to stop Western support for Ukraine: "We are observing planned acts of sabotage throughout Europe, which indicates Russia's clear efforts in this direction."

Kremlin bots attacked Macron and France's agreement with the UAE

russian propaganda is actively spreading the lie that the United Arab Emirates, after the arrest of the owner of the Telegram social network Pavel Durov in Paris, allegedly froze an agreement with France to purchase a batch of fighter jets from it. Al Jazeera's fake story on this topic became the most viral video of the "matryoshka" and "doppelganger" disinformation network.

He was picked up by the media of russia, Iran and India.On the X network, it collected 7.7 million views, and the "Al Jazeera video" published by bots was actively distributed on X and Telegram. 

The promotion of the video was facilitated by the founder of the Mega file exchange and blogger Kim Dotcom, who published the video after the russian channels, - the analysis of the fact-checking journalist David Puente shows.For some reason, russia is very worried about the fate of a supposedly "independent businessman" who apparently secretly cooperates with the kremlin's special services (a recent meeting with putin's representatives confirms this). And the arrest of Durov was definitely not part of their plans.

Russia's ally has stepped up phishing cyberattacks against high-ranking US and Israeli officials

Iranian hacker group APT42 has targeted political campaigns, diplomats, think tanks, non-governmental organizations and academic institutions involved in foreign policy discussions.The Google Threat Intelligence Group report (https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/) states that over 

Importantly, by circumventing the restrictions insisted on by EU law, cardholders are being including Israeli ex-military and Democratic and Republican accounts linked to the US election campaign.

Iranian hacker group APT42 has targeted political campaigns, diplomats, think tanks, non-governmental organizations and academic institutions involved in foreign policy discussions.The Google Threat Intelligence Group report (https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/) states that over the past six months, the US and Israel accounted for about 60% of APT42's targets, including Israeli ex-military and Democratic and Republican accounts linked to the US election campaign.

A bot farm that was part of the "RT" media network was liquidated in the USA

A bot farm using artificial intelligence with almost a thousand accounts in the X social network was discovered by law enforcement officers of the USA, Canada and the Netherlands, it is said (https://www.justice.gov/opa/pr/justice-department-leads-efforts-among-federal-international -and-private-sector-partners) in the notification of the US Department of Justice.

The fake profiles were created with the help of the tool "Meliorator" (creates authentic personas in social networks) and pretended to be Americans - used typical names and indicated geolocation in different parts of the United States. The purpose of the bot farm was to spread anti-American, anti-Ukrainian disinformation and kremlin narratives.
The investigation established that the bot farm was created by a russian who, at the beginning of 2022, worked as the deputy editor-in-chief of "RT". So far, the US Department of Justice has confiscated two domain names and blocked 968 accounts that supported the bot farm.