Risky Bulletin: Cyberattack Hits Ukraine's State Railway
Hosted by risky.biz
Release Date: March 26, 2025

1. Ukraine’s State Railway Suffers Cyberattack

At the heart of this episode, Claire Aird reports a significant cyber incident affecting Ukraine's state railway company. A presumed data wiper ransomware attack disrupted the online ticketing system, leading to extensive queues at train stations across the country. Despite the website being offline, Ukrainian officials assure that train operations continue normally.

“A ransomware attack reduces Malaysia's largest airport to writing flight details on a whiteboard.”
— Claire Aird [00:04]

Ukraine has attributed the attack to Russian actors, escalating tensions amidst ongoing conflicts. Officials are currently restoring the compromised website from backups to resume normal operations.

2. U.S. President Donald Trump’s Stance on Secure Communication

In a separate but noteworthy development, former U.S. President Donald Trump made headlines by stating that senior government officials will limit their use of the Signal messaging app. He emphasized the need for more secure communication channels within the government.

“The best place for sensitive conversations is in the Situation Room with no phones on.”
— Donald Trump [00:04]

This declaration comes after an incident where a journalist was mistakenly added to a Signal group chat, purportedly planning a military strike in Yemen, raising concerns about the security and oversight of encrypted communication platforms.

3. Malaysian Prime Minister Resists Ransomware Demands

Claire Aird highlights a bold move by Malaysian Prime Minister Anwar Ibrahim, who refused to pay a $10 million ransom demanded by hackers targeting the country’s main airport. The ransomware attack crippled IT systems over the weekend, compelling airport staff to revert to manual methods, such as writing flight information on whiteboards.

“It took me less than five seconds to decline to pay the ransom.”
— Anwar Ibrahim [00:04]

No ransomware group has claimed responsibility yet, leaving authorities to investigate the perpetrators behind this disruptive assault.

4. Draytek Router Exploits Cause Global Disruptions

A widespread issue has emerged with Draytek Vigor routers, where attackers exploited recently disclosed vulnerabilities, leading to routers entering a reboot loop. This malfunction has been reported in multiple countries, including Australia, the UK, and Vietnam.

“Attackers were attempting to exploit Draytek Vigor vulnerabilities that were disclosed by Faraday Security last month.”
— Claire Aird [00:04]

Draytek has advised customers to update to the latest firmware and disable VPN and remote access features as they work to mitigate the threat.

5. Massive DDoS Attack Targets Russian ISP Lovett

Russia's Internet Watchdog has reported a devastating Distributed Denial of Service (DDoS) attack on the Russian Internet service provider Lovett, with traffic peaking at nearly 220 gigabits per second. This assault disrupted internet access for critical infrastructure operators and civilians alike.

“The IT army of Ukraine took credit.”
— Claire Aird [00:04]

Such large-scale attacks underscore the ongoing cyber warfare tactics employed amidst geopolitical tensions.

6. NYU Website Defaced and Data Leaked

A hacker has successfully defaced New York University’s website and leaked personal data of approximately 3 million students. The compromised information includes personal details and test scores from admissions since 1989. The hacker argues that the data reveals NYU's preferential admissions practices towards Black and Latino students, challenging the 2023 Supreme Court decision that invalidated affirmative action.

“The hacker claims the data shows NYU disproportionately admitted black and Latino students in violation of a 2023 Supreme Court decision that struck down affirmative action.”
— Claire Aird [00:04]

NYU has reported the breach to authorities and is taking steps to address the fallout from this significant data leak.

7. Interpol Arrests Over 300 Suspects in Africa

In a major crackdown, Interpol has detained over 300 individuals across seven African countries for their alleged involvement in various cybercrimes and scams. These suspects were primarily engaged in mobile banking, investment, and instant messaging scams, with nearly half of the arrests occurring in Nigeria.

“Almost half were detained in Nigeria. Most of them were foreigners operating out of scam hubs.”
— Claire Aird [00:04]

This operation showcases international cooperation in combating cyber fraud and protecting users from sophisticated scams.

8. Open Technology Fund Sues Trump Administration

The Open Technology Fund (OTF), a non-profit organization funded primarily by the United States Agency for Global Media, has filed a lawsuit against the Trump administration. The lawsuit challenges the recent executive order that cut its funding, arguing that such cuts violate congressional authorization.

“The lawsuit says the funding was authorised by Congress and can't be cut by the President.”
— Claire Aird [00:04]

OTF has been instrumental in supporting projects like Tor, Let’s Encrypt, and OpenVPN, which are essential for maintaining internet privacy and security.

9. 23andMe Files for Bankruptcy Following Data Breach

Genetic testing giant 23andMe has filed for bankruptcy protection amid mounting financial pressures exacerbated by a significant data breach in 2023. The breach, which compromised DNA profiles of over 15 million users, led to numerous class action lawsuits. Following these events, the company’s board resigned in 2024, and the CEO stepped down recently.

“Privacy regulators across the US and Europe are urging users to request the deletion of their data before it's sold.”
— Claire Aird [00:04]

Regulatory bodies are intensifying their scrutiny, prompting users to take proactive measures to protect their genetic information.

10. Russian Disinformation Campaign Uncovered in Austria

Austria's intelligence service has identified a Russian-run disinformation campaign aimed at spreading false narratives about the United Kingdom. Initiated shortly after Russia’s invasion, the campaign was allegedly orchestrated by a Bulgarian woman residing in Austria. The suspect has been charged with espionage and released on bail pending further legal proceedings.

“DSN says it's filed espionage charges against the suspect who's been released on bail.”
— Claire Aird [00:04]

This revelation highlights the persistent efforts by state actors to influence public opinion and destabilize foreign nations through misinformation.

11. Vulnerabilities in Kubernetes Systems

A newly discovered vulnerability chain, dubbed the "Ingress nightmare" attack, poses a threat to over 40% of Kubernetes systems. This exploit comprises four vulnerabilities that can lead to unauthenticated remote code execution within Kubernetes clusters. Security firm WIZ has identified at least 6,500 vulnerable deployments, including those in Fortune 500 companies.

“The Kubernetes project released patches on Monday.”
— Claire Aird [00:04]

Organizations using Kubernetes are urged to apply the latest patches immediately to safeguard their infrastructure.

12. NIST’s Growing CVE Backlog

The National Institute of Standards and Technology (NIST) faces an expanding backlog in its National Vulnerability Database (NVD). Since February 2024, the backlog for new Common Vulnerabilities and Exposures (CVE) entries has been increasing, with over tens of thousands of entries lacking essential metadata. NIST attributes this issue to a 32% surge in vulnerability submissions last year, a trend expected to continue.

“The agency is exploring machine learning to automate certain processing tasks.”
— Claire Aird [00:04]

Efforts to mitigate the backlog are ongoing, but the growing volume of vulnerabilities presents a significant challenge for timely cybersecurity responses.

Conclusion

This episode of Risky Bulletin by risky.biz provides a comprehensive overview of recent cybersecurity incidents and trends, highlighting the ever-evolving landscape of cyber threats. From nation-state attacks and ransomware incidents to vulnerabilities in critical infrastructure and the challenges faced by organizations like NIST and 23andMe, the bulletin underscores the importance of robust cybersecurity measures and international cooperation in combating digital threats.

For those seeking to stay informed on the latest in cybersecurity, this episode offers valuable insights and timely updates on pressing issues affecting both public and private sectors worldwide.