Risky Bulletin: EU launches its own DNS service - Risky Bulletin

Summary5 min read

Risky Bulletin: EU Launches Its Own DNS Service
Hosted by risky.biz | Released on June 9, 2025

Introduction

In this episode of Risky Bulletin, host Claire Aird delves into the latest developments in the cybersecurity landscape. From the European Union's ambitious DNS service launch to significant shifts in U.S. cybersecurity policies under the Trump administration, the episode covers a broad spectrum of pressing issues. Additionally, listeners are updated on various cyber threats, law enforcement actions, and notable cybercrime cases worldwide.

EU Introduces DNS4EU Service

Claire Aird kicks off the episode by announcing the European Union's launch of its proprietary DNS service, DNS4EU. Aimed at enhancing digital sovereignty, DNS4EU offers tailored versions for government agencies, telecommunications companies, and home users.

Features of DNS4EU:
- Malware and Malicious Domain Filtering: The service includes robust filters to prevent users from accessing known bad sites.
- Compatibility: Available via both IPv4 and IPv6, and supports DNS over HTTPS (DoH) and DNS over TLS (DoT).
- Customizable Blocking: Public users can block combinations of malicious sites, adult content, and advertisements.

Claire Aird states, “The EU announced the service in late 2022 as part of a project to enhance digital sovereignty” (00:04). Importantly, the use of DNS4EU is not mandatory, allowing users to opt-in based on their preferences.

Changes in U.S. Cybersecurity Policies

Shifting focus to the United States, Aird discusses the Trump administration's revisions to previous cybersecurity executive orders.

Key Revisions:
- BGP Security Rollback: Efforts to secure the Border Gateway Protocol (BGP) have been scaled back.
- Post-Quantum Cryptography: The implementation for federal networks has been reduced.
- Authentication Priorities: Agencies are no longer mandated to prioritize phishing-resistant authentication and email encryption.
- Contractor Security: Removal of SOFTW security requirements for federal contractors.
- Cyber Sanctions: Limitation on the use of cybersecurity-related sanctions.

Aird remarks, “Donald Trump's executive order pulls back on efforts to secure BGP and the use of post quantum cryptography for federal networks” (00:04), highlighting significant policy shifts that may impact federal cybersecurity posture.

Cyber Threats and Incidents

AresLeaks and Russian Intelligence Documents

AresLeaks, a hacker group active since 2021, has been in the spotlight for selling a cache of sensitive documents purportedly from Russian intelligence agencies.

Details:
- Document Exposure: The leaked documents include information about an FSB project analyzing content from China's WeChat.
- Sales: The collection is being sold for $120,000.
- Additional Claims: The group also claims possession of similar data from North Korea and India.

Aird mentions, “Samples shared with the New York Times have exposed an FSB project designed to analyze content from China's WeChat” (00:04).

Russia's New Cybercrime Legislation

Russia is tightening its legal framework against Distributed Denial of Service (DDoS) attacks.

Penalties:
- Prison Sentences: Offenders can face up to eight years in prison.
- Fines: Up to 2 million rubles (~$25,000).
Exemptions: Users attacking sites deemed prohibited by the Russian government are exempt from these penalties.

Mysterious iOS Exploits

Traces of a mysterious exploit have been discovered on iPhones across the US and EU.

Victims: Include government officials, individuals linked to political campaigns, media organizations, and AI companies.
Vulnerability: Abused a feature allowing users to receive nicknames and avatars from contacts.
Timeline: The vulnerability was patched in January, with exploit attempts detected in March.
Attribution: Some victims were previously targeted by Chinese state-linked groups.
Apple’s Stance: Apple has denied that the vulnerability was exploited in the wild.

Aird notes, “Security firm Iver Iverify says some of the victims were previously targeted by Chinese state linked groups” (00:04).

Global Cybercrime Crackdowns

Nigeria's Operation Eagle Flush:

Arrests: 72 individuals sentenced for cybercrime and Internet fraud, including 55 Nigerians, 9 Chinese, and 8 Filipinos.
Details: 792 suspects were arrested from a seven-story building in Lagos, with Chinese nationals identified as the scam compound's leaders.

India's Tech Support Scams:

Arrests: Six suspects detained across Delhi, Haryana, and Uttar Pradesh.
Modus Operandi: Running tech support scams targeting Japanese victims.
Collaboration: Joint investigation between India, Japan, and Microsoft.

Crypto Theft in the U.S.:

Accused: A Chinese couple from Frisco, Texas.
Losses: $9.5 million worth of crypto assets stolen from at least 120 victims.
FBI Action: Attempting to seize crypto wallets containing $6 million of the stolen funds.
Status: The couple fled to China before charges were filed in June of the previous year.

Infrastructure Vulnerabilities

A recent study by security firm Census revealed that nearly 400 management interfaces for U.S. water facilities are exposed on the Internet.

Security Flaws:
- Unauthenticated Access: 40 interfaces allowed full control without authentication.
Collaboration: Census worked with the U.S. Environmental Protection Agency (EPA) to secure these systems.

Ransomware and Supply Chain Attacks

Dark Gaboon Ransomware Group:

Profile: A financially motivated group linked to Russian security firm Positive Technologies.
Tactics: Utilizes a leaked version of Lockbin ransomware.
Activity: Active since May 2023, with prior attacks involving remote access Trojans.

Gluestack UI Framework Breach:

Incident: A threat actor compromised node libraries from the Gluestack UI framework.
Method: Breached an admin account, inserted a remote access trojan into 16 libraries, and pushed malicious updates.
Impact: Affected packages are downloaded nearly 1 million times weekly.
Additional Activity: The attacker is also linked to a supply chain attack on the Rand user agent package.

Hosting and Disinformation Networks

Stark Industries' Rebranding:

Change: The notorious hosting provider Stark Industries has rebranded to the hosting Stark Industries.
Sanctions: Two founders were sanctioned by the EU last month for hosting cybercrime and Russian disinformation networks.
Company Statement: The new entity claims no affiliation with the original Stark Industries in a blog post.

Corporate Bug Bounty Programs

Samsung's Bug Bounty Achievements:

Payouts: Since 2017, Samsung has disbursed over $6 million to security researchers.
Last Year's Payouts: Over $1 million, with more than half allocated for critically rated and remote attack vectors.

Aird highlights, “South Korean phone maker Samsung has paid more than $6 million to security researchers through its bug bounty program since 2017” (00:04), emphasizing the company's commitment to cybersecurity.

Conclusion

This episode of Risky Bulletin provided a comprehensive overview of significant cybersecurity developments, highlighting the EU's strides towards digital sovereignty, shifts in U.S. cybersecurity policies, and various global cyber threats and law enforcement efforts. From advanced DNS services to intricate cybercrime cases, the bulletin underscores the evolving nature of the cybersecurity landscape and the continuous efforts required to safeguard digital infrastructures and assets.

For more in-depth discussions and the latest cybersecurity news, stay tuned to Risky Bulletin by risky.biz.

Loading summary

Transcript1 lines

[00:04]
Claire Aird
The EU launches its own DNS service Trump revises previous administration's cyber executive orders, a supply chain attack hits popular NPM packages and mysterious iOS attacks spotted in the wild. This is the risky bulletin prepared by Catalyn Kimparnu and read by me, Claire aird. Today is the 9th of June and this podcast episode is brought to you by Push Security. The EU has launched its own DNS service with versions for government agencies, telcos and home users. The DNS4EU service has filters for malicious and malware linked domains that prevent users from resolving known bad sites. It's available via both IPv4 and V6 as well as DNS over HTTPs and DNS over TLS. The public use version allows users to block any combination of malicious sites, adult content and ads. The EU announced the service in late 2022 as part of a project to enhance digital sovereignty. The use of DNS for EU is not mandatory. In other news, the Trump administration has scrapped or revised cybersecurity executive orders from previous administrations. Donald Trump's executive order pulls back on efforts to secure BGP and the use of post quantum cryptography for federal networks. Agencies are no longer required to prioritise phishing resistant authentication and email encryption. The order also removes SOFTW security requirements for federal contractors and limits the use of cybersecurity related sanctions. Hackers are selling a large collection of sensitive documents they claim to have collected from Russian intelligence agencies. Samples shared with the New York Times have exposed an FSB project designed to analyse content from China's WeChat. The group AresLeaks has been active since 2021. It's selling the cache of Russian intelligence documents for $120,000. The group also claims to have similar data from North Kore and India. Russia will introduce prison sentences for DDoS attacks. Offenders can face up to eight years in prison and fines of up to 2 million rubles, or around $25,000. The law exempts users who launch attacks against sites the Russian government considers prohibited. Traces of mysterious exploit have been found on iPhones in the US and eu. Possible victims include government officials and people linked to political campaigns, media organisations and AI companies. Security firm Iver Iverify says some of the victims were previously targeted by Chinese state linked groups. The underlying vulnerability was patched in January and the latest exploit attempts were detected in March. Iverify says the exploit abused a feature that allows iPhone users to receive nicknames and avatars from their contacts. Apple has denied that the vulnerability was exploited in the wild. Nigerian authorities have sentenced 72 people to prison over their roles in cybercrime and Internet fraud operations. 55 of them were Nigerian, 9 Chinese and 8 Filipino. Some of the individuals were detained during Operation Eagle Flush in December. At that time, Nigerian police arrested 792 suspects running scams from a seven storey building in Lagos. The Chinese nationals were allegedly the scam compound's leaders. Six suspects have been arrested in India after authorities raided 19 locations across Delhi and the states of Haryana and Uttar Pradesh. The suspects are accused of running tech support scams targeting Japanese. The group was arrested following a joint investigation between India, Japan and Microsoft. A Chinese couple has been accused of stealing $9.5 million worth of crypto assets from at least 120 victims. The couple allegedly operated for four years from Frisco, Texas and targeted Americans with Chinese heritage. The FBI is trying to seize crypto wallets holding $6 million of stolen funds. The couple fled to China before they were charged in June last year. Almost 400 management interfaces for US water facilities have been exposed on the Internet, according to new research. Security firm census says 40 of the interfaces didn't require authentication and allowed full control over water management systems. Census worked with the US EPA to get the system secured. Russian security firm Positive Technologies has linked ransomware attacks inside Russia to a financially motivated group named Dark Gaboon. The group uses a leaked version of Lockbin. Dark Gaboon has been active since May 2023 and previous attacks involved the deployment of remote access Trojans. A threat actor has compromised node libraries from the Gluestack UI framework. The attacker breached a Gluestack admins account, added a remote access trojan to 16 libraries and pushed updates on Friday. The affected packages are downloaded almost 1 million times a week. Aikido Security says the attacker was also behind a supply chain attack on the Rand user agent package. Last Bulletproof hosting provider Stark Industries appears to have rebranded to the hosting Stark Industries and its two founders were sanctioned by the EU last month for hosting cybercrime and Russian disinformation networks. In a blog post, the new company claimed it has no connection to Stark Industries. And finally, South Korean phone maker Samsung has paid more than $6 million to security researchers through its bug bounty program since 2017. The company paid over $1 million in re awards last year. More than half of that was paid out for critically rated and remote attack vectors. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Push Security. Find them@pushsecurity.com thanks for your company.