Risky Bulletin: Dutch Intelligence Discovers a New Russian APT
Hosted by risky.biz
Release Date: May 28, 2025

Introduction

In the latest episode of Risky Bulletin, host Caitlin Sorey delves into significant developments in the cybersecurity landscape. From the discovery of a new Russian Advanced Persistent Threat (APT) group by Dutch intelligence to high-profile ransomware attacks affecting major corporations, this episode provides a comprehensive overview of the current cyber threats shaping our world.

Discovery of a New Russian APT: Laundry Bear / Void Blizzard

Dutch intelligence agencies have recently uncovered a new Russian cyber espionage group, initially identified during an investigation into a security breach of the Dutch police force last September. This group, formed last year to support Russia's war efforts in Ukraine, is monitored under the name Laundry Bear by Dutch authorities and Void Blizzard by Microsoft.

Key Targets:

• Defense and foreign affairs ministries in NATO member states
• Ambassadors and branches of armed forces
• Defense contractors
• High-tech businesses involved in military production

Notable Quote:

"Dutch intelligence agencies have uncovered a new Russian cyber espionage group formed last year to aid Russia's war effort in Ukraine."
— Caitlin Sorey [02:15]

Enhancing Military Cyber Capabilities: Australia’s Initiative

In response to the escalating cyber threats, the Australian Defence Force (ADF) has introduced a new skills-based pay structure aimed at recruiting and retaining cyber warfare personnel. Lt. Gen. Susan Coyle, ADF's Chief of Joint Capabilities, emphasized that this initiative will also open reservist roles to individuals with relevant industry experience, reflecting a broader trend of nations prioritizing military cyber capabilities.

Notable Quote:

"The new structure would also open reservist roles to people with industry experience."
— Caitlin Sorey [05:40]

China-Taiwan Cyber Accusations

Tensions between China and Taiwan have extended into the cyber realm, with China accusing Taiwan of orchestrating cyberattacks against an unnamed technology company in Guangzhou and targeting organizations across ten provinces. China characterized the attackers as "unsophisticated" and linked them to Taiwan's Pro Independence party. Conversely, Taiwan has denied these allegations, countering that Beijing is attempting to divert attention from its own cyber activities.

Notable Quote:

"Taiwan has denied the accusations and accused Beijing of spreading false information to shift focus from its own hacks."
— Caitlin Sorey [09:10]

Ransomware and Cybercriminal Prosecutions

Iranian Hacker's Guilty Plea

An Iranian national, Sinha Golangard, aged 37, has pleaded guilty in the United States to charges related to hacking American companies and deploying the Robin Hood ransomware. Facing up to 30 years in prison, Golangard is associated with the Robin Hood group, notorious for attacking and extorting the US city of Baltimore, as well as several other smaller American cities.

Notable Quote:

"An Iranian national has pleaded guilty in the US to hacking American companies and deploying the Robin Hood ransomware."
— Caitlin Sorey [12:30]

MATLAB Ransomware Attack

On May 18th, MathWorks, the developer of the popular numeric computing software MATLAB, suffered a ransomware attack that disrupted internal systems and online applications. As of now, no ransomware group has claimed responsibility for the breach.

Notable Quote:

"A ransomware attack has brought down MathWorks, the company that makes a numeric computing software package."
— Caitlin Sorey [15:05]

Corporate Cyber Breaches

Tiffany & Co. Data Theft

Tiffany & Co. has confirmed a data breach affecting its South Korean network, compromising customer information such as names, emails, phone numbers, and home addresses. This incident marks the second breach within the LVMH group, following similar attacks on Christian Dior's South Korean and Chinese networks.

Notable Quote:

"A hacker has stolen customer data from the South Korean network of jewelry brand Tiffany & Co."
— Caitlin Sorey [17:20]

Network Forum Hacked by UTG Q015

Chinese security firm Qianxin reported that the hack of the Chinese software developer Network Forum was orchestrated by a group dubbed UTG Q015. The attack, which took place in December last year, was part of a watering hole strategy aimed at stealing code from other developers. Qianxin believes the group comprises Chinese nationals based in Southeast Asia.

Notable Quote:

"The forum was hacked to host a watering hole attack in December last year."
— Caitlin Sorey [19:45]

Arrests and Legal Actions

Estonia's Arrest Warrant

An arrest warrant has been issued in Estonia for Adrar Khalid, a 25-year-old Moroccan citizen accused of hacking a major pharmacy chain, Apotheca, last year. Khalid allegedly obtained admin credentials and downloaded customer loyalty card data, compromising sensitive personal information.

Notable Quote:

"An arrest warrant has been issued in Estonia for a Moroccan citizen accused of hacking a major pharmacy chain last year."
— Caitlin Sorey [22:10]

Nigeria's Exam Board Hack

Twenty individuals have been apprehended in Nigeria for hacking the nation's national exam board, altering examination results. These hackers are believed to be part of a larger syndicate offering to modify exam scores for up to $1,200 per instance. Additionally, they are suspected of stealing personal data of nearly 380,000 students.

Notable Quote:

"Twenty suspects have been arrested in Nigeria and charged with hacking the country's national exam board to alter results."
— Caitlin Sorey [24:50]

Cybersecurity Events and Vulnerabilities

US Security Conference Postponement

The InSyber forum has postponed its US security conference, attributing the decision to changes in the country's border procedures. This move follows a trend of several US security conferences canceling or delaying events due to low ticket sales and increased border restrictions, with multiple countries issuing travel advisories for US-bound travelers.

Notable Quote:

"The InSyber forum has postponed its US security conference, citing changes in the country's border procedures."
— Caitlin Sorey [27:05]

GitHub AI Agents Vulnerability

A significant vulnerability has been identified in the GitHub Model Context Protocol (MCP) servers, allowing attackers to hijack GitHub AI agents. Exploiting this flaw, cybercriminals can leak data or execute malicious code within private repositories by simply filing an issue in the target repository.

Notable Quote:

"Attackers can hijack GitHub AI agents through a vulnerability in the GitHub Model Context Protocol server."
— Caitlin Sorey [29:30]

Community Responses and Fraud Prevention

Web3 Antivirus Tackles Crypto Scams

Web3 Antivirus has proactively created over 50,000 community notes to alert users about crypto scam advertisements on X (formerly Twitter). The firm highlights the lack of response from X to such scams and aims to bridge this gap through its automated alert system, which has outpaced the contributions of the next nine community members combined.

Notable Quote:

"Web3 Antivirus...has created more than 50,000 community notes alerting users to crypto scam advertisements on X."
— Caitlin Sorey [32:15]

Apple's Fraud Prevention Measures

Apple reported halting over $2 billion in fraudulent transactions within its App Store last year. Additionally, the tech giant shut down more than 146,000 developer accounts due to fraud concerns. Apple identified attempted fraudulent activities using over 4.7 million stolen credit cards, successfully blocking over $9 billion in such transactions to date.

Notable Quote:

"Apple stopped more than $2 billion in fraudulent app store transactions last year."
— Caitlin Sorey [34:50]

Conclusion

This episode of Risky Bulletin underscores the dynamic and multifaceted nature of cybersecurity threats in 2025. From state-sponsored espionage and robust military cyber initiatives to sophisticated ransomware attacks and significant corporate breaches, the landscape demands continuous vigilance and adaptive strategies. As nations and organizations grapple with these challenges, the insights shared by Caitlin Sorey highlight the critical need for international cooperation, advanced security measures, and proactive community engagement to safeguard against evolving cyber threats.

This summary was crafted based on the transcript provided and aims to encapsulate all pivotal discussions and insights from the episode.