Risky Bulletin: French Government Grows Spine, Calls Out Russian Hacks

Podcast Information:

• Title: Risky Bulletin
• Host/Author: risky.biz
• Description: Regular cybersecurity news updates from the Risky Business team.
• Episode: Risky Bulletin: French government grows spine, calls out Russian hacks
• Release Date: April 30, 2025

Introduction

In this episode of Risky Bulletin, host Claire Aird delves into a spectrum of pressing cybersecurity issues, from state-sponsored cyberattacks to significant breaches in major corporations. The episode, released on April 30, 2025, provides a comprehensive overview of global cyber threats, legislative developments, and emerging vulnerabilities in widely-used technologies.

Major Cyber Attacks and State Accusations

French Government Accuses Russia of Cyber Interference

At the forefront, Claire highlights a landmark development where the French government publicly accuses Russia of orchestrating offensive cyber operations. [00:04]

"This is the first time that France has publicly called out Russia's offensive cyber operations."

The French Ministry of Foreign Affairs alleges that Russian hackers, linked to the GRU military intelligence service, engaged in a hack-and-leak campaign aimed at influencing the 2017 presidential election. Additionally, these cyber operatives attempted to disrupt a TV channel and the Paris Olympics held last year. This bold stance signifies France's growing assertiveness in combating foreign cyber interference.

China Accuses the United States of Cyber Espionage

In another geopolitical cyber conflict, China has leveled accusations against U.S. intelligence services for hacking a major Chinese cryptography company. [00:04]

"Last year, US Hackers allegedly exploited a zero day in the company's CRM platform to deploy backdoors and steal data."

The alleged breach involved exploiting a zero-day vulnerability in the company's CRM platform, enabling unauthorized access to source code, customer information, and order details. This attack underscores the ongoing cyber espionage tensions between the two superpowers.

Significant Corporate Breaches

Marks and Spencer Suffers Ransomware Attack

British retail giant Marks and Spencer faced a significant ransomware attack, prompting the shutdown of online sales and sending approximately 200 employees home temporarily. [00:04]

"Sources claim a member of the Scattered Spider hacking group deployed the Dragon Force ransomware on the company's network."

The attack, attributed to the Scattered Spider group using Dragon Force ransomware, has resulted in a staggering loss of nearly £500 million in market value for the company. The disruption primarily affected the logistics hub responsible for handling online orders, highlighting the vulnerability of supply chain operations to cyber threats.

Loopscale DeFi Platform Hit by Crypto Theft

In the decentralized finance sector, Loopscale experienced a substantial breach where hackers exploited a bug in the platform's price control contracts to steal $5.8 million worth of crypto assets. [00:04]

"The stolen assets represent almost 12% of the company's funds."

This incident not only impacts Loopscale financially but also raises concerns about the security of smart contract implementations in DeFi platforms.

Infrastructure and Government Targets

DDoS Attacks Disrupt Dutch Provincial Websites

Several Dutch provinces, including Zealand, Groningen, Nordholland, and Nord Brabant, were victims of Distributed Denial of Service (DDoS) attacks that rendered their websites inaccessible for under five hours. [00:04]

"Russian group Noname was behind the attack."

The group Noname, known for its sophisticated cyber tactics, executed these attacks, demonstrating the persistent threat posed by state-affiliated cybercriminals to governmental infrastructure.

South Korea’s Major Mobile Carrier Responds to Data Breach

South Korea's largest mobile carrier is undertaking a massive SIM card replacement initiative following a recent data breach. [00:04]

"SK has still not provided further details about the attack."

With 23 million customers and only one million new SIM cards available, the company has expedited orders to mitigate the breach's impact, underscoring the challenges large service providers face in safeguarding user data.

Pakistani Hacktivists Target Indian Government Websites

In the aftermath of a terrorist attack that claimed the lives of 26 Hindu tourists in Pahalgam, Pakistani hacktivist groups launched defacements and DDoS attacks against Indian government websites. [00:04]

"Indian authorities have accused the Pakistani government of sponsoring the attack."

This cyber retaliation reflects the intertwining of geopolitical tensions and cyber warfare in South Asia.

Iran Foils Complex Cyberattack on Critical Infrastructure

The Iranian government successfully thwarted a sophisticated cyberattack targeting its critical infrastructure, described as one of the most extensive and complex efforts faced by the nation. [00:04]

"Officials described the attack as one of the most widespread and complex that the country has faced."

This incident occurred shortly after a major explosion at the Bandar Abbas container port, suggesting a possible coordinated effort to destabilize Iran's economic hubs.

Cryptocurrency and Financial Cybercrime

Monero Value Manipulation Through Crypto Laundering

A hacker artificially inflated the value of Monero by 50% by laundering $330 million worth of stolen Bitcoin. [00:04]

"The attacker converted $330 million worth of stolen Bitcoin into Monero."

This manipulation not only affects market dynamics but also highlights the vulnerabilities within cryptocurrency exchange mechanisms.

Crypto Theft from DeFi Platform Loopscale

As previously mentioned, Loopscale's breach resulted in the theft of $5.8 million in crypto assets due to a flaw in their price control contracts. [00:04]

"The attacker exploited a bug of the platform's price control contracts."

This event emphasizes the critical need for rigorous security audits in DeFi platforms to prevent such financial losses.

Vulnerabilities and Exploits

Apple AirPlay Vulnerabilities

Security researchers at Oligo Security uncovered over two dozen vulnerabilities in Apple's AirPlay protocol, collectively termed "Airborne." [00:04]

"Some of the bugs require no user interaction and have potential to be turned into a worm that spreads as users travel between wifi networks."

These vulnerabilities allow attackers on the same Wi-Fi network to execute malicious code on Apple devices, posing significant security risks. Apple has addressed these issues with subsequent security updates.

Juice Jacking Defense Bypass

Academics have developed a new variant of juice jacking attacks that can circumvent existing defenses on modern smartphones. [00:04]

"The researcher’s new choice jacking variant of the attack exploits implementation loopholes in Android and iOS."

Despite prior security updates from Google and Apple, this advancement in attack methodology underscores the ongoing arms race between cyber defenders and attackers.

Commvault Backup Servers Exploited

Hackers are taking advantage of a recently disclosed vulnerability to commandeer Commvault enterprise backup servers without needing authentication. [00:04]

"The bug allows attackers to upload a zip file to the backup server that runs malicious code."

This breach highlights the critical importance of timely patching and monitoring of backup systems to prevent unauthorized access.

Zero-Day Vulnerabilities Surge

Last year saw the exploitation of 75 zero-day vulnerabilities, nearly half targeting enterprise products, with Windows being the most affected platform. [00:04]

"Most 0 days were used individually, except against mobile devices where chains of exploits were necessary, according to Google."

Cyber espionage groups were primarily responsible for these attacks, emphasizing the need for robust vulnerability management in enterprise environments.

Legislation and Law Enforcement

US Bill Targets Deepfakes and Non-Consensual Images

The U.S. House and Senate have passed a landmark bill criminalizing the posting of non-consensual sexual images and deepfakes online. [00:04]

"The bill will require social media platforms to promptly remove such content when they receive a report."

Supported by First Lady Melania Trump, President Trump is expected to sign the legislation, marking a significant step in combating digital abuses.

Delayed Sentencing for Notorious Hacker Cameron Wegenius

U.S. authorities have postponed the sentencing of Cameron Wegenius to incorporate additional charges related to his extensive hacking activities against carriers like AT&T and Verizon. [00:04]

"Wegenius was one of two individuals who hacked cloud storage provider Snowflake, stole its data and then tried extorting its customers last year."

The rescheduled sentencing for September 10 reflects the complexity and severity of his cybercrimes.

French Court Sentences Belarusian Hacker

A Belarusian national, Johan Horbach, has been sentenced to five years in prison by French authorities for orchestrating ransomware attacks against local companies using the AKO ransomware. [00:04]

"He was detained in Georgia in August 2022 and was extradited to France a year later."

This case underscores international cooperation in addressing cybercrime and holding perpetrators accountable.

EDR Access Compromises

Threat actors are increasingly compromising and selling access to administrative interfaces of Endpoint Detection and Response (EDR) systems. [00:04]

"Security firm SentinelOne spotted ads offering to sell access to EDR administration panels for its own products, as well as Microsoft Crowdstrike, Fortinet, and Check Point."

These breaches enable attackers to disable protections, manipulate alerts, and test their attacks, significantly undermining organizational security postures.

Security Updates and Innovations

Google Enhances Android Security in Version 16

Google is set to release Android 16 later this year, featuring a new security enhancement that blocks USB access on locked phones. [00:04]

"The new feature will be part of Advanced Protection Mode, Android's equivalent of Apple's lockdown mode."

This development aims to thwart USB-based exploits that attempt to bypass lock screens and extract sensitive data from compromised devices.

Internet Infrastructure Threats

Cloudflare Mitigates Unprecedented DDoS Attacks

Cloudflare reported mitigating more DDoS attacks in the first quarter of 2025 than in the entirety of the previous year. [00:04]

"One of them was the largest DDoS attack ever recorded, peaking at 5.8 terabytes per second."

The most intricate campaign lasted 18 days, directly targeting Cloudflare's infrastructure, highlighting the escalating scale and persistence of DDoS threats against internet infrastructure providers.

Conclusion

This episode of Risky Bulletin offers a deep dive into the multifaceted landscape of cybersecurity threats and responses. From state-sponsored cyberattacks and significant corporate breaches to legislative advancements and emerging vulnerabilities, Claire Aird provides listeners with a thorough understanding of current challenges and developments in the cybersecurity realm. As cyber threats continue to evolve in complexity and scale, staying informed through updates like these remains crucial for individuals and organizations alike.

Notable Quotes:

• Claire Aird [00:04]: "This is the first time that France has publicly called out Russia's offensive cyber operations."
• Claire Aird [00:04]: "Last year, US Hackers allegedly exploited a zero day in the company's CRM platform to deploy backdoors and steal data."
• Claire Aird [00:04]: "Sources claim a member of the Scattered Spider hacking group deployed the Dragon Force ransomware on the company's network."
• Claire Aird [00:04]: "Some of the bugs require no user interaction and have potential to be turned into a worm that spreads as users travel between wifi networks."

Note: Advertisements, introductions, and outros have been excluded to focus solely on the content-rich segments of the podcast.