Risky Bulletin: France Says Russia's Influence Operations Are Achieving Results
Release Date: May 9, 2025
Host: Claire Aird
Prepared by: Catalyn Kimparnu
1. Russian Influence Operations in Europe
Overview:
France and other European nations are increasingly vulnerable to Russian disinformation campaigns. The French disinformation agency Vigenoum released a report identifying sustained Russian influence operations impacting public discourse and electoral processes.
Key Points:
- Storm 1516 Group: Active since 2023, this group has interfered in elections across France, Germany, and the United States. They are linked to Russia's GRU military intelligence service, Yevgeny Prigozhin's troll farms, and Russian philosopher Alexander Dug.
- Impact on Elections: The group's activities aim to sow discord, influence voter behavior, and undermine trust in democratic institutions.
Notable Quote:
"Russian influence operations are achieving results," – Claire Aird [00:04]
2. U.S. Government Departments Cease Use of Telemessage
Overview:
Three unnamed U.S. government departments have instructed employees to discontinue using Telemessage, a messaging platform that logs Signal and WhatsApp conversations.
Key Points:
- Security Concerns: The decision follows recent breaches where hackers exploited vulnerabilities in Telemessage.
- Incident Trigger: The issue gained attention after Mike Waltz was photographed using Telemessage during a White House cabinet meeting.
- Privacy Risks: Telemessage's ability to log encrypted communications raises significant privacy and security concerns for government operations.
Notable Quote:
"Telemessage allows organisations to log signal and WhatsApp conversations," – Claire Aird [00:04]
3. Ireland Advocates for Stricter EU Regulations on Financial Advertisers
Overview:
Irish officials are pushing for the European Union to enforce stricter checks on the legitimacy of financial advertisers to combat fraudulent advertisements on social media platforms.
Key Points:
- Fraudulent Ads: The surge in deceptive financial advertisements has led to increased scams targeting EU citizens.
- Proposed Measures: EU lawmakers are also considering mandates for payment services to automatically reimburse victims of fraud.
- Objective: Strengthen consumer protection and ensure greater accountability among tech firms hosting financial ads.
Notable Quote:
"Ireland wants to counter the trend of fraudulent ads posted on social media," – Claire Aird [00:04]
4. Retirement of FBI’s Cyber Division Assistant Director Brian Vondren
Overview:
Brian Vondren, the Assistant Director of the FBI's Cyber Division and co-chair of the Joint Ransomware Task Force, is retiring after a distinguished career.
Key Points:
- Contributions: Vondren played a pivotal role in disrupting and seizing cybercrime infrastructure.
- Legacy: His leadership was instrumental in coordinating international efforts against ransomware and other cyber threats.
- Future Impact: His departure marks the end of an era for the FBI's cyber initiatives, raising questions about leadership continuity.
Notable Quote:
"He was central to the FBI's efforts to disrupt and seize cybercrime infrastructure," – Claire Aird [00:04]
5. Arrests in Poland for DDoS-as-a-Service Operations
Overview:
A joint American and European operation led to the arrest of four individuals in Poland suspected of running DDoS-for-hire services.
Key Points:
- Services Offered: The group operated six separate DDoS services, enabling users to launch attacks for as little as €10.
- Law Enforcement Tactics: Dutch authorities deployed fake DDoS sites to attract and identify potential customers.
- Implications: These operations facilitate widespread cyberattacks, undermining internet security and business operations.
Notable Quote:
"The group allegedly ran six separate DDoS services," – Claire Aird [00:04]
6. Canadian Pharmacist Linked to Notorious Deepfake Service
Overview:
David Doe, a Canadian pharmacist, has been identified as the administrator behind "Mr. Deep Deepfakes," a service known for creating explicit deepfake content featuring celebrities.
Key Points:
- Service Operations: Mr. Deepfakes specialized in producing and distributing non-consensual explicit content, raising significant ethical and legal concerns.
- Shutdown: The service was terminated in early May following media inquiries and increased scrutiny.
- Legal Repercussions: Doe's involvement may lead to further investigations into the misuse of deepfake technology.
Notable Quote:
"David Doe allegedly ran Mr. Deep Deepfakes," – Claire Aird [00:04]
7. Hackers Extort Schools Using Stolen PowerSchool Data
Overview:
Educational institutions in Canada and the U.S. are targets of ransomware attacks exploiting data stolen from the education software provider, PowerSchool.
Key Points:
- Ransom Demands: Hackers are demanding payments to return or delete the compromised data, with examples provided as proof.
- PowerSchool's Previous Ransom Payment: Despite having paid a ransom to delete stolen data last year, attackers have resumed their extortion tactics.
- Impact on Education: These attacks disrupt school operations, jeopardize student data, and strain institutional resources.
Notable Quote:
"Hackers are extorting schools using data stolen from an education software maker, PowerSchool," – Claire Aird [00:04]
8. Ransomware Attack Disrupts Masimo's Manufacturing Operations
Overview:
Medical device giant Masimo is experiencing ongoing disruptions in its manufacturing facilities due to a ransomware attack that occurred in late April.
Key Points:
- Operational Impact: The attack has hindered Masimo's ability to fulfill orders, affecting global healthcare supply chains.
- Ransomware Gang Involved: The specific ransomware group behind the attack remains unidentified, but the incident underscores vulnerabilities in the medical device sector.
- Recovery Efforts: Masimo is actively working to restore operations and mitigate the effects of the attack.
Notable Quote:
"A ransomware attack is disrupting the manufacturing facilities of medical device maker Masimo," – Claire Aird [00:04]
9. LockBit Ransomware Gang's Backend Database Leaked
Overview:
The LockBit ransomware group's backend database has been compromised and publicly dumped, revealing sensitive information.
Key Points:
- Leaked Data: The database includes Bitcoin addresses, user details, and chat logs with victims, providing unprecedented insight into the gang's operations.
- Targeted Attack: Version 4 of the LockBit ransomware portal was specifically targeted, following the seizure of the previous version by law enforcement.
- Hackers' Statement: The attacker left a message on LockBit's site mimicking a previous attack on the Everest ransomware gang, signaling ongoing cyber conflicts.
Notable Quote:
"The leaked data contains the group's Bitcoin addresses, user details and chat logs with victims," – Claire Aird [00:04]
10. New Vulnerabilities Found in SonicWall's SMA SSL VPN
Overview:
Three zero-day vulnerabilities have been discovered in SonicWall's SMA SSL VPN, posing significant security risks to affected systems.
Key Points:
- Discovery by Rapid7: The security firm identified the vulnerabilities, with at least one actively exploited in the wild.
- Security Updates Released: SonicWall has issued patches to address the vulnerabilities, though the company has yet to publicly confirm the attacks.
- Potential Exploits: These vulnerabilities could allow attackers to compromise systems and escalate privileges, leading to broader network breaches.
Notable Quote:
"Rapid7 identified the three zero days that combine to compromise systems and elevate privilege," – Claire Aird [00:04]
11. Brute Force Attacks on Microsoft Entra Environments
Overview:
Threat actors are conducting brute force attacks targeting Microsoft Entra environments that have not disabled legacy authentication protocols.
Key Points:
- Attack Vector: The brute force efforts focus on Entra customers utilizing traditional basic authentication for older email applications and devices.
- Geographical Distribution: Attacks have been strategically distributed across regions to evade detection.
- Timeline: Security firm Guards reports that these attacks commenced in March and are ongoing.
Notable Quote:
"The brute force attacks targeted Entra customers still using traditional basic authentication," – Claire Aird [00:04]
12. RAND User Agent JavaScript Library Compromised with Remote Access Trojan
Overview:
The popular RAND User Agent JavaScript library has been altered to include a remote access trojan (RAT), posing significant security threats to its extensive user base.
Key Points:
- Modification Details: The compromised package, despite being considered abandoned by its developer, continues to receive over 45,000 weekly downloads.
- Malicious Payload: The embedded RAT facilitates unauthorized remote access, potentially leading to data breaches and system compromises.
- User Awareness: Developers and organizations relying on RAND User Agent need to update or remove the affected library to mitigate risks.
Notable Quote:
"The package gets over 45,000 weekly downloads, despite its developer considering it abandoned," – Claire Aird [00:04]
13. Inferno Drainer Cryptocurrency Phishing Operation Persists Despite Shutdown Announcement
Overview:
The Inferno Drainer cryptocurrency phishing operation remains active despite a 2023 announcement of its shutdown, continuing to drain crypto wallets.
Key Points:
- Ongoing Activities: Security firm Check Point has found that smart contracts and wallet draining scripts associated with Inferno Drainer are still operational.
- Victim Impact: Over 30,000 crypto wallets have been drained, resulting in losses exceeding $9 million in the past six months.
- Detection and Prevention: Continued vigilance and advanced security measures are required to combat the persistent phishing threats posed by Inferno Drainer.
Notable Quote:
"Inferno Drainer cryptocurrency phishing operation continues to operate despite announcing it was shutting down in 2023," – Claire Aird [00:04]
14. Russian Hacking Group Targets UK Local Government Websites with DDoS Attacks
Overview:
A Russian hacking group, identified as No Name 057, has commenced DDoS attacks against local government websites in the United Kingdom.
Key Points:
- Shift in Targets: After previous campaigns targeting the Netherlands and Romania, the group has redirected its efforts to the UK.
- Attack Strategy: The DDoS attacks aim to overwhelm government websites, disrupting public services and eroding trust in local governance.
- Defense Measures: UK authorities are enhancing their cybersecurity defenses to mitigate the impact of these ongoing attacks.
Notable Quote:
"A Russian hacking group has launched DDoS attacks against UK local government websites," – Claire Aird [00:04]
15. CrowdStrike Announces Workforce Reduction Amidst AI Integration
Overview:
Cybersecurity firm CrowdStrike has announced layoffs affecting approximately 500 employees, representing 5% of its workforce. The CEO attributes the reduction to AI-driven productivity gains, emphasizing continued hiring efforts elsewhere.
Key Points:
- Layoff Details: The company employs around 10,000 staff globally, with the affected personnel spanning various departments.
- AI Impact: Integration of artificial intelligence technologies has streamlined operations, reducing the need for certain roles.
- Future Prospects: Despite the layoffs, CrowdStrike plans to continue expanding its team throughout the year, focusing on growth areas.
Notable Quote:
"AI productivity gains were a factor in the layoffs," – Claire Aird [00:04]
Conclusion:
This episode of Risky Bulletin underscores the multifaceted nature of contemporary cybersecurity threats, ranging from geopolitical influence operations to sophisticated ransomware attacks and vulnerabilities in widely-used software. The insights highlight the ongoing challenges faced by governments, corporations, and individuals in safeguarding digital environments against persistent and evolving threats.
Note: This summary excludes advertisements, introductions, and outros to focus solely on the core content discussed in the podcast episode.