Risky Bulletin: Israel-Linked Hackers Claim Iran Bank Disruption
Hosted by risky.biz
Release Date: June 18, 2025

Introduction

In the latest episode of Risky Bulletin, host Claire Aird delivers a comprehensive update on pressing cybersecurity events worldwide. From high-profile hacktivist attacks to significant software vulnerabilities, this episode delves into the multifaceted landscape of cybersecurity threats and defenses.

Major Cyberattacks and Security Incidents

Israel-Linked Hacktivist Group Targets Iranian Bank

At [00:04], Claire Aird reports that the hacktivist group Predatory Sparrow, linked to Israel, has claimed responsibility for a devastating cyberattack on the Iranian bank SEPA. This breach has crippled crucial financial infrastructures, including ATMs, payment systems, and employee payroll services.

“Hacktivist group Predatory Sparrow claims to have wiped the servers of Iranian bank SEPA. The attack took down ATMs, payment systems and access to bank accounts.” — Claire Aird [00:04]

The timing of the attack is notably synchronized with Israel's military operations aimed at disrupting Iran's nuclear and military capabilities, highlighting the intersection of cyber warfare and geopolitical strategies.

Faznana: A Century-Old German Company Falls to Ransomware

A historic German napkin manufacturer, Faznana, has filed for insolvency following a crippling ransomware attack in May. Despite a swift three-week operational resumption post-attack, the company faced substantial financial losses due to unfulfilled orders.

“A 100-year-old German napkin company has filed for insolvency following a cyber attack. Fazana was founded in 1919 and has more than 240 employees.” — Claire Aird [00:04]

Data Breach of Kazakh Citizens' Information

Over 16 million Kazakh citizens have had their personal information exposed on Telegram. The leaked data, believed to originate from a government database, includes sensitive details such as full names, phone numbers, home addresses, and national identity numbers.

“The personal information of more than 16 million Kazakh citizens has been leaked on Telegram.” — Claire Aird [00:04]

In response, Kazakh police have detained over 140 individuals involved in selling this data within an underground Telegram community.

Software Updates and Emerging Vulnerabilities

Google Chrome Enhances Security Against Local Network Exploits

Google Chrome is set to introduce a new security feature in Chrome 138, releasing this week, which prompts users before websites attempt to connect to local hosts or networks. This measure aims to thwart exploits used for ad fraud and other malicious activities.

“Google Chrome will now prompt users before websites connect to local hosts or local networks.” — Claire Aird [00:04]

Vulnerabilities in Grafana and Sitecore CMS

• Grafana Servers: Approximately one-third of publicly facing Grafana servers are vulnerable to account takeovers. The flaw allows attackers to deploy malicious plugins that can execute unauthorized commands.

• Sitecore CMS: A new exploit chain targets Sitecore CMS websites utilizing a hardcoded password (‘B’) to gain unauthorized access and inject malicious code. Sitecore has released patches for three associated bugs, with additional vulnerabilities being addressed.

“A third of all public facing Grafana servers are vulnerable to account takeovers.” — Claire Aird [00:04]

• Garrett Code Platform: Tenable identified a vulnerability in Google's internal collaboration platform, Garrett Code, similar to GitHub, which could allow the submission of malicious code to projects like Chromium and Dart.

Meta Introduces Ads to WhatsApp

Meta is expanding its advertising footprint by adding ads and promoted channels to WhatsApp. These ads will be tailored based on users' activities on Facebook and Instagram, ensuring that the privacy of message content remains intact.

“Meta is adding ads and promoted channels to WhatsApp. Users will see ads based on their Facebook and Instagram activity and not the content of the messages.” — Claire Aird [00:04]

Regulatory and Legal Developments

SEC Withdraws Cybersecurity Regulations

The U.S. Securities and Exchange Commission (SEC) has retracted two proposed cybersecurity regulations initially introduced in 2023 under the Biden administration. These regulations targeted investment advisors and companies within securities markets. The SEC has not provided a reason for the withdrawal.

“The U.S. securities and Exchange Commission has withdrawn two proposed cybersecurity regulations.” — Claire Aird [00:04]

Legal Actions Against Cybercriminals

• Alexei Andrunyan: A Russian national and former CEO of Gotbit, Andrunyan has been sentenced to eight months in a U.S. prison for manipulating cryptocurrency markets by inflating trading volumes. His arrest followed the FBI's creation of a fake crypto token to expose his illicit activities.

• Chinese Nationals in Thailand: Six Chinese individuals have been detained by Thai police for their roles in ransomware attacks against Chinese companies. These suspects are believed to be part of a broader criminal network involved in illegal online gambling.

“A Russian national has been sentenced in the US to eight months in prison for manipulating cryptocurrency markets.” — Claire Aird [00:04]

“Thai police have detained six Chinese nationals over their involvement in ransomware attacks.” — Claire Aird [00:04]

Dark Web and Organized Crime

Europol Dismantles Archetype Dark Web Marketplace

Europol successfully took down the Archetype dark web marketplace in a coordinated operation across six countries. Launched in 2020, Archetype facilitated the sale of fentanyl and amassed over 600,000 registered users, handling illicit transactions worth more than €250 million. The marketplace's servers were seized in the Netherlands, and its alleged administrator, a 30-year-old German national, was apprehended in Spain.

“Europol has dismantled the archetype Dark Web Marketplace in a coordinated takedown spanning six countries.” — Claire Aird [00:04]

Cryptocurrency and Financial Security

FBI Reclaims Stolen Assets from Safemoon

The FBI has recovered $680,000 of the nearly $9 million stolen from the Safemoon cryptocurrency platform. The hacker involved agreed to return $7 million under a "white hat" reward scheme. Despite this, Safemoon reported the incident to authorities, ceased trading, and placed its assets into bankruptcy trust. The FBI has yet to identify the attacker.

“The FBI has recovered $680,000 in assets stolen from the Safemoon cryptocurrency platform.” — Claire Aird [00:04]

Ongoing Cyber Threats and Intelligence

Scattered Spider Targets Insurance Industry

Google Mandiant has identified that the hacking group Scattered Spider is actively targeting the U.S. insurance sector. The campaign, which began over a week ago, has impacted several major U.S. insurance companies, including Co Op and Marks and Spencer. Earlier, the group had focused on the UK retail sector.

“Google Mandiant says that Scattered Spider has begun targeting the insurance industry.” — Claire Aird [00:04]

$10 Million Reward for 'Mr. Soul'

The U.S. State Department is offering a $10 million reward for information leading to the capture of a hacker known as Mr. Soul. This individual is believed to have employed the IO Control malware in attacks against U.S. critical infrastructure and is allegedly part of the Cyber Avengers group, which has ties to Iran's Cyber Electronic Command.

“The U.S. state Department is offering a $10 million reward for information about a hacker known as Mr. Soul.” — Claire Aird [00:04]

Conclusion

The episode of Risky Bulletin underscores the relentless evolution of cyber threats, from state-linked hacktivist groups and ransomware attacks on century-old companies to sophisticated vulnerabilities in widely-used software platforms. As cybercriminals become more entrenched and technologically adept, the importance of robust cybersecurity measures and international cooperation in combating these threats becomes ever more critical.

Stay informed and vigilant with Risky Bulletin as we continue to bring you the latest developments in the cybersecurity realm.

This summary was prepared by Catalyn Kim Pannu and narrated by Claire Aird.