Risky Bulletin: Russia fines 33 telcos for surveillance non-compliance

Summary5 min read

Risky Business // Episode Released Jan 14, 2026

Host: Amberly Jack
Prepared by: Catalin Cimpanu

Overview

In this episode of Risky Bulletin, Amberly Jack delivers a lightning-round update on major cybersecurity news from around the world. The main theme centers on regulatory crackdowns, significant data breaches, innovative malware, and a startling breakthrough in bypassing voice cloning defenses. The episode has a measured, no-nonsense tone, focusing on the facts and technical implications.

Key Discussion Points & Insights

1. Russia Sanctions 33 Telcos over Surveillance Equipment

[00:08 – 01:00]

Russian authorities have fined 33 telecommunications companies, plus specific staff, for not installing government-mandated traffic inspection devices.
Since the Ukraine invasion, Roskomnadzor requires telcos to monitor user traffic and block banned sites.
The move is part of broader internet surveillance efforts.

2. Crypto KYC Rules in India Get Stricter

[01:00 – 01:16]

India mandates more stringent Know-Your-Customer (KYC) for crypto exchanges.
Platforms must collect government IDs, tax numbers, selfies, geolocation data, and verify bank accounts and emails/phones.

3. Vietnam Fights Fraud with Stricter Mobile Banking App Requirements

[01:17 – 01:38]

Banks must disable apps on phones that are rooted or if a debugger is attached.
Effective March; the goal is to combat fraud and malware.

4. Poland Repels Major Power Grid Cyber Attack

[01:38 – 01:54]

Late December: Attack targeted communications between renewable energy generation and distribution.
Called the "largest cyber attack against its power grid in years" by Energy Minister Milosz Motjeka.
No attribution has been made yet.

“The attack targeted the communications between renewable generation and power distribution operators.” – Amberly Jack, [01:40]

5. Target Investigates Potential Source Code Breach

[01:54 – 02:19]

US retailer Target took its git server offline after hackers claimed access.
Sample data published, attacker seeking a buyer.

6. Data Breach Impacts JP Morgan Chase & Goldman Sachs Customers

[02:20 – 02:37]

Incident at law firm Fried, Frank, Harris, Shriver and Jacobsen: Data for 700 JP Morgan Chase clients exposed.
Goldman Sachs clients already notified of the same breach last month.

7. Indesa, Spain's #2 Power Firm, Discloses Breach

[02:37 – 02:50]

Hackers accessed customer contracts, names, ID, and bank info.

8. Ransomware Hits Korean eLearning Giant Kyowon

[02:50 – 03:09]

Ransomware disrupted the company’s key education portals.
Services shut down for restoration.

9. Coupang CEO Under Scrutiny over Major Data Breach

[03:09 – 03:33]

South Korean authorities may ban travel for Coupang’s CEO after a 33.7-million customer breach.
Leadership shake-up: Harold Rogers steps in after Park Daejun’s resignation.
Rogers failed to appear at a key government hearing.

10. Arrest of Avchek Admin by Dutch Police

[03:33 – 03:56]

33-year-old Dutch national arrested in Amsterdam after flying in from the UAE.
Avchek, seized in May, let criminals test malware against antivirus before deployment.

“Dutch police have arrested the administrator of the Avchek cybercrime service… detained at the airport in Amsterdam.” – Amberly Jack, [03:40]

11. Leak Exposes Stalkware Operator via MSPY Docs

[03:56 – 04:19]

Internal docs show SpyX owner’s info after a transaction attempt, refund, and claim of card fraud, exposing their details in the appeals process.

12. New Malware Targets Linux Cloud Infrastructure

[04:19 – 04:41]

“Void Link” targets Linux cloud/container environments.
Modular plugins: Reconnaissance, credential harvesting, persistence, lateral movement (targeting Docker and Kubernetes).
Check Point says the developers are likely Chinese-speaking.

13. Russia’s Laundry Bear Targets Ukrainian Military via Messaging Apps

[04:41 – 04:54]

Espionage group “Laundry Bear” poses as charities to lure Ukrainian military members to malicious sites (since October).

14. Instagram Password Reset Abuse & Data Leak Denial

[04:54 – 05:07]

Instagram fixed a vulnerability abused to spam users with reset emails.
The company denies any massive API scraping, despite user data surfacing for sale.

15. New Attack Bypasses Voice Cloning Protections

[05:07 – 05:27]

Researchers detail "Vocal Bridge"—an attack that removes ‘protective noise’ from voice clips.
Once noise is removed, standard AI voice cloning tools can create high-quality fakes.

“The Vocal Bridge attack cleans the audio and allows AI voice cloning tools to create high quality impressions.” – Amberly Jack, [05:25]

Notable Quotes & Memorable Moments

"Fines were imposed on the telcos as well as relevant employees."
– Amberly Jack, [00:13]
"Poland says it repelled a cyber attack against its power grid in late December... described as the largest cyber attack against its power grid in years."
– [01:39]
"Dutch police have arrested the administrator of the Avchek cybercrime service. A 33 year old Dutch national was detained at the airport in Amsterdam..."
– [03:33]
"The Vocal Bridge attack cleans the audio and allows AI voice cloning tools to create high quality impressions."
– [05:25]

Key Segment Timestamps

Russia fines telcos over surveillance non-compliance: [00:08–01:00]
India’s new crypto KYC rules: [01:00–01:16]
Vietnam’s app hardening mandate: [01:17–01:38]
Polish power grid attack: [01:38–01:54]
Target git server breach: [01:54–02:19]
JP Morgan Chase / Goldman Sachs breach: [02:20–02:37]
Indesa energy provider breach: [02:37–02:50]
Kyowon ransomware attack: [02:50–03:09]
Coupang breach/CEO fallout: [03:09–03:33]
Avchek admin arrest: [03:33–03:56]
MSPY/Stalkware leak: [03:56–04:19]
Void Link Linux malware: [04:19–04:41]
Laundry Bear espionage: [04:41–04:54]
Instagram bug & data denial: [04:54–05:07]
Vocal Bridge voice clone bypass: [05:07–05:27]

Takeaways

Governmental demands for surveillance and compliance are intensifying, with heavy penalties for tech companies failing to cooperate.
Critical infrastructure remains a top cyber target with escalating attack sophistication.
Next-generation malware is evolving quickly, particularly for cloud/container environments.
Voice privacy faces new threats as academic work tears down last-generation defenses.
Trust in vendors and platforms is under continual strain as breach headlines spread from law firms to retailers to energy providers.

For comprehensive weekly cybersecurity news—delivered concisely and without hype—Risky Bulletin remains essential listening.

Loading summary

Transcript1 lines

[00:04]
A
Russia fines 33 telcos for surveillance, non compliance Avcheck Admin is arrested in Amsterdam Poland repels an attack on its power grid and voice cloning defences can be bypassed. This is the Rescue bulletin prepared by Catalyn Campanu and read by me, Amberly Jack Today is January 14th and this podcast episode is brought to you by cloud security company Prowler. In today's top story, Russia's telecommunications Watchdog has fined 33 telcos for failing to install traffic inspection equipment. Fines were imposed on the telcos as well as relevant employees. After Russia's invasion of Ukraine, the roscomnadzor mandated that telcos install equipment to inspect user traffic and block access to sites the government doesn't like. India has updated its know your customer requirements for cryptocurrency exchanges. Crypto platforms will soon require government IDs, tax numbers, selfies and geolocation data from customers. Platforms will also have to verify bank accounts, email addresses and phone numbers. Vietnam's Central bank will require local banks to disable their mobile apps on rooted devices. Mobile apps will also be disabled if a debugger is attached to the device. The new requirements will go into effect in March. They were imposed to fight the rising number of fraud reports and malware infections. Poland says it repelled a cyber attack against its power grid in late December. The attack targeted the communications between renewable generation and power distribution operators. Polish Energy Minister Milosz Motjeka described it as the largest cyber attack against its power grid in years. Officials have not attributed the attack to any group or country. American retailer Target has taken its git server offline to investigate a possible breach. Hackers claim to have accessed the company's internal code and developer documentation. Sample data has been posted online and the attacker is seeking a buyer. American bank JP Morgan Chase is notifying customers affected by a law firm data breach data from 700 customers was stolen from a shared network drive at the law firm Fried, Frank, Harris, Shriver and Jacobsen Last month. Goldman Sachs notified its customers about the same incident. Spain's second largest energy provider has disclosed a security breach. Indesa says hackers accessed information about customers contracts. The stolen Data included names, ID numbers and bank account information. A ransomware attack has crippled the operations of South Korean elearning company the Kyowon Group. The attack has taken down the company's Kumon and Red Pen education portals. The attack occurred on Monday and the company has shut down the platforms while it restores systems. South Korean authorities may impose a travel ban on the CEO of Coupang after the company suffered a significant data breach last year. Coupang's general counsel, Harold Rogers, was appointed interim CEO after Park Daejun resigned from the position in December. Rogers failed to appear in front of a government committee in January. The Coupang data breach exposed the personal details of 33.7 million customers. Dutch police have arrested the administrator of the Avchek cybercrime service. A 33 year old Dutch national was detained at the airport in Amsterdam after returning from the United Arab Emirates. Dutch police seized Avchek in May. The service was used to test malware against a variety of antivirus software before deploying it in real attacks. Leaked internal documents from Stalkaware maker MSPY have exposed the owner of a rival operation. The documents included details of a transaction by the owner of Spy X Stalkaware. He bought a license for mspy, refunded it and reported it as credit card fraud. The credit card appeal process exposes cardholder data and connection to Spy X. A new malware strain is infecting Linux based cloud environments. The Void Link malware is modern, modular and focused on operating in cloud and container environments. It includes plugins for reconnaissance, credential harvesting, privilege escalation, persistence and lateral movement across Docker and Kubernetes environments. Check Point believes the malware was coded by Chinese speaking developers. Russian cyber espionage group Laundry Bear has launched several campaigns against members of the Ukrainian military. The group poses as charities via messaging apps and lures soldiers to malicious sites. The campaign began in October. Instagram has fixed a vulnerability in its password reset process. The bug has been abused in the wild to spam users with password reset emails. The company also denied recent reports that its API was scraped after user data was put up for sale. And finally, a team of academics has created an attack that bypasses voice cloning defenses. The Vocal Bridge technique can remove noise added to audio tracks by online platforms. The noise is meant to protect a user's voice from being cloned. The Vocal Bridge attack cleans the audio and allows AI voice cloning tools to create high quality impressions. That's all for this podcast edition. Today's show was brought to you by our sponsor Prowler. Find them@prowler.com thanks for your company.