Risky Bulletin: Israel-linked hackers claim Iran bank disruption - Risky Bulletin

Summary6 min read

Risky Bulletin: Israel-Linked Hackers Claim Iran Bank Disruption
Hosted by risky.biz
Release Date: June 18, 2025

Introduction

In the latest episode of Risky Bulletin, host Claire Aird delivers a comprehensive update on pressing cybersecurity events worldwide. From high-profile hacktivist attacks to significant software vulnerabilities, this episode delves into the multifaceted landscape of cybersecurity threats and defenses.

Major Cyberattacks and Security Incidents

Israel-Linked Hacktivist Group Targets Iranian Bank

At [00:04], Claire Aird reports that the hacktivist group Predatory Sparrow, linked to Israel, has claimed responsibility for a devastating cyberattack on the Iranian bank SEPA. This breach has crippled crucial financial infrastructures, including ATMs, payment systems, and employee payroll services.

“Hacktivist group Predatory Sparrow claims to have wiped the servers of Iranian bank SEPA. The attack took down ATMs, payment systems and access to bank accounts.” — Claire Aird [00:04]

The timing of the attack is notably synchronized with Israel's military operations aimed at disrupting Iran's nuclear and military capabilities, highlighting the intersection of cyber warfare and geopolitical strategies.

Faznana: A Century-Old German Company Falls to Ransomware

A historic German napkin manufacturer, Faznana, has filed for insolvency following a crippling ransomware attack in May. Despite a swift three-week operational resumption post-attack, the company faced substantial financial losses due to unfulfilled orders.

“A 100-year-old German napkin company has filed for insolvency following a cyber attack. Fazana was founded in 1919 and has more than 240 employees.” — Claire Aird [00:04]

Data Breach of Kazakh Citizens' Information

Over 16 million Kazakh citizens have had their personal information exposed on Telegram. The leaked data, believed to originate from a government database, includes sensitive details such as full names, phone numbers, home addresses, and national identity numbers.

“The personal information of more than 16 million Kazakh citizens has been leaked on Telegram.” — Claire Aird [00:04]

In response, Kazakh police have detained over 140 individuals involved in selling this data within an underground Telegram community.

Software Updates and Emerging Vulnerabilities

Google Chrome Enhances Security Against Local Network Exploits

Google Chrome is set to introduce a new security feature in Chrome 138, releasing this week, which prompts users before websites attempt to connect to local hosts or networks. This measure aims to thwart exploits used for ad fraud and other malicious activities.

“Google Chrome will now prompt users before websites connect to local hosts or local networks.” — Claire Aird [00:04]

Vulnerabilities in Grafana and Sitecore CMS

Grafana Servers: Approximately one-third of publicly facing Grafana servers are vulnerable to account takeovers. The flaw allows attackers to deploy malicious plugins that can execute unauthorized commands.
Sitecore CMS: A new exploit chain targets Sitecore CMS websites utilizing a hardcoded password (‘B’) to gain unauthorized access and inject malicious code. Sitecore has released patches for three associated bugs, with additional vulnerabilities being addressed.

“A third of all public facing Grafana servers are vulnerable to account takeovers.” — Claire Aird [00:04]

Garrett Code Platform: Tenable identified a vulnerability in Google's internal collaboration platform, Garrett Code, similar to GitHub, which could allow the submission of malicious code to projects like Chromium and Dart.

Meta Introduces Ads to WhatsApp

Meta is expanding its advertising footprint by adding ads and promoted channels to WhatsApp. These ads will be tailored based on users' activities on Facebook and Instagram, ensuring that the privacy of message content remains intact.

“Meta is adding ads and promoted channels to WhatsApp. Users will see ads based on their Facebook and Instagram activity and not the content of the messages.” — Claire Aird [00:04]

Regulatory and Legal Developments

SEC Withdraws Cybersecurity Regulations

The U.S. Securities and Exchange Commission (SEC) has retracted two proposed cybersecurity regulations initially introduced in 2023 under the Biden administration. These regulations targeted investment advisors and companies within securities markets. The SEC has not provided a reason for the withdrawal.

“The U.S. securities and Exchange Commission has withdrawn two proposed cybersecurity regulations.” — Claire Aird [00:04]

Legal Actions Against Cybercriminals

Alexei Andrunyan: A Russian national and former CEO of Gotbit, Andrunyan has been sentenced to eight months in a U.S. prison for manipulating cryptocurrency markets by inflating trading volumes. His arrest followed the FBI's creation of a fake crypto token to expose his illicit activities.
Chinese Nationals in Thailand: Six Chinese individuals have been detained by Thai police for their roles in ransomware attacks against Chinese companies. These suspects are believed to be part of a broader criminal network involved in illegal online gambling.

“A Russian national has been sentenced in the US to eight months in prison for manipulating cryptocurrency markets.” — Claire Aird [00:04]

“Thai police have detained six Chinese nationals over their involvement in ransomware attacks.” — Claire Aird [00:04]

Dark Web and Organized Crime

Europol Dismantles Archetype Dark Web Marketplace

Europol successfully took down the Archetype dark web marketplace in a coordinated operation across six countries. Launched in 2020, Archetype facilitated the sale of fentanyl and amassed over 600,000 registered users, handling illicit transactions worth more than €250 million. The marketplace's servers were seized in the Netherlands, and its alleged administrator, a 30-year-old German national, was apprehended in Spain.

“Europol has dismantled the archetype Dark Web Marketplace in a coordinated takedown spanning six countries.” — Claire Aird [00:04]

Cryptocurrency and Financial Security

FBI Reclaims Stolen Assets from Safemoon

The FBI has recovered $680,000 of the nearly $9 million stolen from the Safemoon cryptocurrency platform. The hacker involved agreed to return $7 million under a "white hat" reward scheme. Despite this, Safemoon reported the incident to authorities, ceased trading, and placed its assets into bankruptcy trust. The FBI has yet to identify the attacker.

“The FBI has recovered $680,000 in assets stolen from the Safemoon cryptocurrency platform.” — Claire Aird [00:04]

Ongoing Cyber Threats and Intelligence

Scattered Spider Targets Insurance Industry

Google Mandiant has identified that the hacking group Scattered Spider is actively targeting the U.S. insurance sector. The campaign, which began over a week ago, has impacted several major U.S. insurance companies, including Co Op and Marks and Spencer. Earlier, the group had focused on the UK retail sector.

“Google Mandiant says that Scattered Spider has begun targeting the insurance industry.” — Claire Aird [00:04]

$10 Million Reward for 'Mr. Soul'

The U.S. State Department is offering a $10 million reward for information leading to the capture of a hacker known as Mr. Soul. This individual is believed to have employed the IO Control malware in attacks against U.S. critical infrastructure and is allegedly part of the Cyber Avengers group, which has ties to Iran's Cyber Electronic Command.

“The U.S. state Department is offering a $10 million reward for information about a hacker known as Mr. Soul.” — Claire Aird [00:04]

Conclusion

The episode of Risky Bulletin underscores the relentless evolution of cyber threats, from state-linked hacktivist groups and ransomware attacks on century-old companies to sophisticated vulnerabilities in widely-used software platforms. As cybercriminals become more entrenched and technologically adept, the importance of robust cybersecurity measures and international cooperation in combating these threats becomes ever more critical.

Stay informed and vigilant with Risky Bulletin as we continue to bring you the latest developments in the cybersecurity realm.

This summary was prepared by Catalyn Kim Pannu and narrated by Claire Aird.

Loading summary

Transcript1 lines

[00:04]
Claire Aird
An Israeli linked hacktivist group claims an attack on an Iranian bank. Chrome gets a new prompt to prevent local network attacks, a century old German napkin company goes under following a ransomware attack and Europol takes down the archetype Dark web market. This is the risky bulletin prepared by Catalyn Kim Pannu and read by me, Claire aird. Today is the 18th of June and this podcast episode is brought to you by island, the enterprise browser company that keeps data inside organisations boundaries across the browser and beyond. Hacktivist group Predatory Sparrow claims to have wiped the servers of Iranian bank SEPA. The attack took down ATMs, payment systems and access to bank accounts. The Iranian government also uses SEPA to pay its employees. The incident took place as Israel launched a military operation targeting Iran's nuclear and military assets. The group behind the attacks has been surprisingly linked to Israel. In other news, Google Chrome will now prompt users before websites connect to local hosts or local networks. Some websites use exploits to hack devices on users local networks and abuse them for ad fraud or other malicious activity. The new feature will ship in Chrome 138, scheduled to be released this week. The U.S. securities and Exchange Commission has withdrawn two proposed cybersecurity regulations. The proposed rules targeted investment advisors and company within securities markets. They were introduced during the Biden administration in 2023. The agency hasn't said why they were withdrawn. A 100-year-old German napkin company has filed for insolvency following a cyber attack. Farzana was a victim of a ransomware attack in May. The company resumed operations three weeks later, but said it lost millions of euros due to unfulfilled orders. Fazana was founded in 1919 in and has more than 240 employees. The personal information of more than 16 million Kazakh citizens has been leaked on Telegram. The data, covering 80% of Kazakhstan's population, appears to originate from a government database. The information includes full names, phone numbers, home addresses and national identity numbers. Earlier this month, Kazakh police detained over 140 people involved in an underground community selling data on Telegram. South Korean mobile operator SK Telecom has resumed new customer sign ups. The company suffered a major breach in April when hackers stole the SIM card data of all its users. SK stopped accepting new customers while it replaced existing SIM cards. Thai police have detained six Chinese nationals over their involvement in ransomware attacks. Officials say the suspects targeted Chinese companies with ransomware. The group operated from the eighth floor of a hotel in Pattaya and was allegedly part of a larger criminal network involved in illegal online gambling. Europol has dismantled the archetype Dark Web Marketplace in a coordinated takedown spanning six countries. Archetype launched in 2020 and was one of the few Dark web markets that allowed the sale of fentanyl. The site had over 600,000 registered users and has been linked to more than 250 million euros in illicit transactions. The market's servers were seized in the Netherlands. Its alleged admin, a 30 year old German national was detained in Spain. The FBI has recovered $680,000 in assets stolen from the Safemoon cryptocurrency platform. A hacker stole almost $9 million in crypto in 2023 but agreed to return 7 million as part of a so called white hat reward. Despite the agreement, Safemoon reported the incident to authorities. The FBI says it's not yet identified the attacker. Safemoon ceased trading months after the attack. The SE have been put into its bankruptcy trust. A Russian national has been sentenced in the US to eight months in prison for manipulating cryptocurrency markets. Alexei Andrunyan was the CEO of Gotbit, a company that boosted the value of cryptocurrency firms by inflating trading volumes. He was arrested in Portugal last year after the FBI set up a fake crypto token to expose his business. Google Mandiant says that Scattered Spider has begun targeting the insurance industry. The attack started more than a week week ago and several US insurance companies have been hit. Earlier this year, individuals linked to the group targeted the UK retail sector. Affected chains included Co Op and Marks and Spencer. The U.S. state Department is offering a $10 million reward for information about a hacker known as Mr. Soul. The individual is believed to have used the IO Control malware in attacks against U.S. critical infrastructure. They're an alleged member of the Cyber Avengers hacking group, which the State Department has linked to Iran's Cy Cyber Electronic command. Last August, the US offered a similar reward for a separate member of the Cyber Avengers group. A third of all public facing Grafana servers are vulnerable to account takeovers. The servers are exposed to a vulnerability allowing attackers to force a Grafana server to use a malicious plugin that can then run commands on their behalf. The vulnerability was disclosed late last month. Sitecore CMS websites are vulnerable to a new exploit chain that abuses a hardcoded password. Password is the letter B. It grants access to an account that can inject malicious code into the site. Sitecore has released security updates for the three bugs that comprise the exploit chain. Watchtower Labs says it discovered seven bugs in total and is working to get the rest patched There are more than 22,000 instances of Sitecore exposed on the Internet. Tenable has discovered a vulnerability in the Garrett Code collaboration platform that allows unauthorized submissions. Garrett is an internal Google platform similar to Gith. Tenable says the vulnerability could have been abused to submit malicious code to Google projects such as Chromium and the Dart programming language. And finally, Meta is adding ads and promoted channels to WhatsApp. Users will see ads based on their Facebook and Instagram activity and not the content of the messages, Meta says. Messages will remain private and separate from its advertising platform. And that is all for this podcast edition. Today's show is brought to you by our sponsor, enterprise browser maker Island. Find them at Island. Thanks for your company.