Risky Bulletin: EU Launches Its Own DNS Service
Hosted by risky.biz | Released on June 9, 2025

Introduction

In this episode of Risky Bulletin, host Claire Aird delves into the latest developments in the cybersecurity landscape. From the European Union's ambitious DNS service launch to significant shifts in U.S. cybersecurity policies under the Trump administration, the episode covers a broad spectrum of pressing issues. Additionally, listeners are updated on various cyber threats, law enforcement actions, and notable cybercrime cases worldwide.

EU Introduces DNS4EU Service

Claire Aird kicks off the episode by announcing the European Union's launch of its proprietary DNS service, DNS4EU. Aimed at enhancing digital sovereignty, DNS4EU offers tailored versions for government agencies, telecommunications companies, and home users.

• Features of DNS4EU:
  • Malware and Malicious Domain Filtering: The service includes robust filters to prevent users from accessing known bad sites.
  • Compatibility: Available via both IPv4 and IPv6, and supports DNS over HTTPS (DoH) and DNS over TLS (DoT).
  • Customizable Blocking: Public users can block combinations of malicious sites, adult content, and advertisements.

Claire Aird states, “The EU announced the service in late 2022 as part of a project to enhance digital sovereignty” (00:04). Importantly, the use of DNS4EU is not mandatory, allowing users to opt-in based on their preferences.

Changes in U.S. Cybersecurity Policies

Shifting focus to the United States, Aird discusses the Trump administration's revisions to previous cybersecurity executive orders.

• Key Revisions:
  • BGP Security Rollback: Efforts to secure the Border Gateway Protocol (BGP) have been scaled back.
  • Post-Quantum Cryptography: The implementation for federal networks has been reduced.
  • Authentication Priorities: Agencies are no longer mandated to prioritize phishing-resistant authentication and email encryption.
  • Contractor Security: Removal of SOFTW security requirements for federal contractors.
  • Cyber Sanctions: Limitation on the use of cybersecurity-related sanctions.

Aird remarks, “Donald Trump's executive order pulls back on efforts to secure BGP and the use of post quantum cryptography for federal networks” (00:04), highlighting significant policy shifts that may impact federal cybersecurity posture.

Cyber Threats and Incidents

AresLeaks and Russian Intelligence Documents

AresLeaks, a hacker group active since 2021, has been in the spotlight for selling a cache of sensitive documents purportedly from Russian intelligence agencies.

• Details:
  • Document Exposure: The leaked documents include information about an FSB project analyzing content from China's WeChat.
  • Sales: The collection is being sold for $120,000.
  • Additional Claims: The group also claims possession of similar data from North Korea and India.

Aird mentions, “Samples shared with the New York Times have exposed an FSB project designed to analyze content from China's WeChat” (00:04).

Russia's New Cybercrime Legislation

Russia is tightening its legal framework against Distributed Denial of Service (DDoS) attacks.

• Penalties:
  • Prison Sentences: Offenders can face up to eight years in prison.
  • Fines: Up to 2 million rubles (~$25,000).
• Exemptions: Users attacking sites deemed prohibited by the Russian government are exempt from these penalties.

Mysterious iOS Exploits

Traces of a mysterious exploit have been discovered on iPhones across the US and EU.

• Victims: Include government officials, individuals linked to political campaigns, media organizations, and AI companies.
• Vulnerability: Abused a feature allowing users to receive nicknames and avatars from contacts.
• Timeline: The vulnerability was patched in January, with exploit attempts detected in March.
• Attribution: Some victims were previously targeted by Chinese state-linked groups.
• Apple’s Stance: Apple has denied that the vulnerability was exploited in the wild.

Aird notes, “Security firm Iver Iverify says some of the victims were previously targeted by Chinese state linked groups” (00:04).

Global Cybercrime Crackdowns

Nigeria's Operation Eagle Flush:

• Arrests: 72 individuals sentenced for cybercrime and Internet fraud, including 55 Nigerians, 9 Chinese, and 8 Filipinos.
• Details: 792 suspects were arrested from a seven-story building in Lagos, with Chinese nationals identified as the scam compound's leaders.

India's Tech Support Scams:

• Arrests: Six suspects detained across Delhi, Haryana, and Uttar Pradesh.
• Modus Operandi: Running tech support scams targeting Japanese victims.
• Collaboration: Joint investigation between India, Japan, and Microsoft.

Crypto Theft in the U.S.:

• Accused: A Chinese couple from Frisco, Texas.
• Losses: $9.5 million worth of crypto assets stolen from at least 120 victims.
• FBI Action: Attempting to seize crypto wallets containing $6 million of the stolen funds.
• Status: The couple fled to China before charges were filed in June of the previous year.

Infrastructure Vulnerabilities

A recent study by security firm Census revealed that nearly 400 management interfaces for U.S. water facilities are exposed on the Internet.

• Security Flaws:
  • Unauthenticated Access: 40 interfaces allowed full control without authentication.
• Collaboration: Census worked with the U.S. Environmental Protection Agency (EPA) to secure these systems.

Ransomware and Supply Chain Attacks

Dark Gaboon Ransomware Group:

• Profile: A financially motivated group linked to Russian security firm Positive Technologies.
• Tactics: Utilizes a leaked version of Lockbin ransomware.
• Activity: Active since May 2023, with prior attacks involving remote access Trojans.

Gluestack UI Framework Breach:

• Incident: A threat actor compromised node libraries from the Gluestack UI framework.
• Method: Breached an admin account, inserted a remote access trojan into 16 libraries, and pushed malicious updates.
• Impact: Affected packages are downloaded nearly 1 million times weekly.
• Additional Activity: The attacker is also linked to a supply chain attack on the Rand user agent package.

Hosting and Disinformation Networks

Stark Industries' Rebranding:

• Change: The notorious hosting provider Stark Industries has rebranded to the hosting Stark Industries.
• Sanctions: Two founders were sanctioned by the EU last month for hosting cybercrime and Russian disinformation networks.
• Company Statement: The new entity claims no affiliation with the original Stark Industries in a blog post.

Corporate Bug Bounty Programs

Samsung's Bug Bounty Achievements:

• Payouts: Since 2017, Samsung has disbursed over $6 million to security researchers.
• Last Year's Payouts: Over $1 million, with more than half allocated for critically rated and remote attack vectors.

Aird highlights, “South Korean phone maker Samsung has paid more than $6 million to security researchers through its bug bounty program since 2017” (00:04), emphasizing the company's commitment to cybersecurity.

Conclusion

This episode of Risky Bulletin provided a comprehensive overview of significant cybersecurity developments, highlighting the EU's strides towards digital sovereignty, shifts in U.S. cybersecurity policies, and various global cyber threats and law enforcement efforts. From advanced DNS services to intricate cybercrime cases, the bulletin underscores the evolving nature of the cybersecurity landscape and the continuous efforts required to safeguard digital infrastructures and assets.

For more in-depth discussions and the latest cybersecurity news, stay tuned to Risky Bulletin by risky.biz.