Summary6 min read

Risky Bulletin: Russia Suspected of US Courts Hack

Host: Claire Aird
Release Date: August 13, 2025
Podcast: Risky Bulletin by risky.biz

In the August 13, 2025 episode of Risky Bulletin, host Claire Aird delivers a comprehensive overview of significant cybersecurity incidents and developments. Prepared by Catalyn Kim Panu, the bulletin covers a spectrum of topics, from state-sponsored hacks to critical vulnerabilities affecting various industries. Below is a detailed summary of the episode's key points, enriched with notable quotes and structured for clarity.

1. Russian Hackers Suspected in US Federal Court System Breach

At the outset, Aird reports alarming news about a potential breach of the US Federal court filing system.

"Russian hackers are suspected of being behind a recent breach of the US Federal court filing system," Claire Aird states [00:04].

Details:

Targets: Criminal cases with Russian and Eastern European surnames.
Systems Compromised: PACER and CM ECF.
Timing: Occurred around the July 4th US holiday.
Suspects: Unclear whether state cyber units or cybercrime groups are responsible.

2. Interlock Ransomware Gang Targets St. Paul

The Interlock ransomware gang has escalated its activities by releasing over 43 gigabytes of stolen data from St. Paul, Minnesota.

Key Points:

Response: City officials refused to pay the ransom.
Action: National Guard's cyber units were deployed to recover and secure the network.
Impact: Operations were set up at Roy Wilkins Auditorium; majority of city employees had to reset passwords and secure their devices promptly.

3. Significant Data Breaches in Healthcare and Corporate Sectors

a. Dutch Cancer Testing Program Breach

Personal data of nearly 500,000 women tested for cervical cancer was compromised.

Source: Third-party testing laboratory.
Impact: Sensitive health information exposed.
Attribution: The threat actor remains unidentified.

b. McDonald's Poland Faces GDPR Fine

McDonald's Poland has been fined nearly €4 million for a data breach involving employee information.

Details: Data included names, passport numbers, positions, and work schedules.
Cause: Data was left publicly accessible on a partner company's web server.
Significance: Second-largest GDPR fine in Poland, following a €6.3 million penalty to the national postal service.

4. Ransomware Attack Disrupts South Korean Platform Yes24

Yes24, a major online bookstore and ticketing platform in South Korea, experienced downtime due to a ransomware attack.

Highlights:

Duration: Services were down from Monday morning until afternoon.
History: Similar attack occurred in early June.
Recovery: Systems were restored by the afternoon of the attack day.

5. University of Western Australia (UWA) Security Breach

A security breach at UWA resulted in staff and students being locked out of their accounts.

Response:

Action Taken: All account passwords were reset on Monday.
Impact: Only passwords were affected; no other information was accessed.

6. Expansion of Russia's SORM Traffic Interception to 5G

The Russian government is set to extend its SORM (System for Operative Investigative Activities) to encompass 5G satellite communications.

Implications:

Requirements: Operators must install interception equipment at ground stations in Russia.
Timeline: Legislation expected to take effect in March next year.
Objective: Enhance state surveillance capabilities over 5G communications.

7. Russian Telcos Petition to Ban Foreign Instant Messenger Voice Calls

Four of Russia's largest telecommunications companies have requested a ban on voice calls via foreign instant messengers.

Reasons:

Revenue: Shift back to traditional phone networks would increase their earnings.
Infrastructure Costs: Additional revenue needed to support rising maintenance expenses.
Surveillance: Improved state interception capabilities through traditional systems.

8. First BEC Lawsuit in the Netherlands Rules in Favor of Victim

A landmark Business Email Compromise (BEC) lawsuit concluded with a victory for the victim.

Case Details:

Victim: An Australian man who paid €27,000 for a car in 2022.
Offender: A local car company whose email was hacked.
Outcome: Scammers redirected the payment to their own accounts; the court ordered the company to reimburse the victim.
Significance: Sets a precedent for future BEC-related legal actions in the Netherlands.

9. Rise in Physical Attacks on Cryptocurrency Holders

Physical assaults targeting cryptocurrency owners have surged, posing severe risks to digital asset security.

Statistics:

Frequency: At least one Bitcoin owner is kidnapped weekly.
Tactics: Victims are tortured to gain access to their cryptocurrency wallets.
Facilitators: Data leaks from cryptocurrency exchanges aid attackers in targeting individuals.

"Many are tortured for access to their wallets," Aird emphasizes [00:04].

10. Brute Force Campaign Targets Fortinet Devices

A widespread brute force attack has been directed at Fortinet devices since August 3.

Attack Details:

Initial Targets: Fortinet VPNs.
Shifted Targets: FORTIManager devices.
Scale: Approximately 800 unique IPs attacked in a single day.
Impact: Heightened risk of unauthorized access and system compromise.

11. Profero Develops Decryptor for Darkbit Ransomware

Israeli security firm Profero has created a decryptor to counteract the Darkbit ransomware.

Technical Insights:

Exploitation: Utilizes a weak key generation algorithm employed by Darkbit.
Background: Darkbit group emerged in 2023 and is linked to the Iranian espionage operation Muddy Water.
Availability: Decryptor not publicly released; Profero offers assistance to victims.

12. Leak of Files from North Korean Hacking Group Kimsuki

Two hackers have exposed files from Kimsuki, a North Korean state-sponsored espionage group.

Leaked Content:

Includes: Phishing kits and stolen data.
Additional Claims: Suggests collaboration with Chinese entities and possible Chinese-speaking members.
Future Analysis: A more detailed examination will be published in Frac magazine.

13. Emergence of Kirli Comrades: A New Russian Cyber Espionage Group

Kirli Comrades, a novel Russian cyber espionage faction, has been identified targeting Georgia and Moldova.

Operational Focus:

Georgia: Judicial and government bodies.
Moldova: Energy distribution company.
Strategic Alignment: Aligns with broader Russian influence operations aiming for pro-Kremlin geopolitical shifts.

14. Chinese Government Utilizes AI for Social Media Manipulation

The Chinese government is leveraging AI to monitor and sway public opinion on social platforms.

Mechanism:

Company Involved: Golaxy.
Tool Used: GoPro to build psychological profiles of users.
Tactics: Deployment of bot networks to influence opinions in Hong Kong and Taiwan.
Response: Golaxy removed blog posts detailing its activities after attracting Western scrutiny.

15. Critical Vulnerabilities in Automotive and Smart Bus Systems

a. Automotive Dealership Portal Vulnerabilities

Security researcher Eaton Zvere uncovered severe bugs in a major car manufacturer's online dealership portal.

Risks: Potential for attackers to create unauthorized admin accounts.
Status: Vulnerabilities were patched in February; however, the company remains unnamed.

b. Smart Bus Systems at Risk in Taiwan

An unpatched vulnerability in VEE Technologies routers threatens smart bus systems.

Exploitable Features: Bypass authentication to access router's management panel.
Consequences: Potential control over critical systems like collision detection and GPS tracking.
Response: Despite notification, VEE Technologies has not replied.

16. Heracles Attack Exploits AMD's SEV SNP Technology

Researchers have identified the Heracles attack, which compromises AMD’s Secure Encrypted Virtualization Secure Nested Paging (SEV SNP) technology.

Attack Mechanics:

Method: Exploits data relocation processes to leak sensitive information.
Data at Risk: Kernel memory, cryptographic keys, user passwords, and web sessions.
Mitigation: AMD has released patches to address the vulnerability.

17. GitHub Funds 71 Open Source Projects to Enhance Security

In a positive development, GitHub has allocated funds to bolster the security of open-source projects.

Program Details:

Fund Established: November of the previous year.
Funding Amount: Each of the 71 projects received $10,000.
Achievements: Fixed over 1,100 vulnerabilities and prevented the leakage of more than 90 secrets and tokens.
Notable Projects Funded: Node.js, Next.js, Bootstrap, Log4j, and Jupyter.

This episode of Risky Bulletin underscores the evolving landscape of cybersecurity threats, highlighting both the sophistication of attacks and the proactive measures being undertaken to mitigate risks. From state-sponsored hacks to vulnerabilities in critical infrastructure, the bulletin provides valuable insights for cybersecurity professionals and enthusiasts alike.

Sponsor: This episode was brought to you by Yubico, the inventor of the YubiKey. For more information, visit yubico.com.

Loading summary

Transcript1 lines

[00:04]
Claire Aird
Russia suspected of hacking a US court system Researchers break the Darkbit ransomware's encryption, A new attack can leak sensitive data from AMD processors and a brute force campaign targets fortinet devices. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 13th of August and this podcast episode is brought to you by Yubico, the inventor of the Yubikey. Russian hackers are suspected of being behind a recent breach of the US Federal court filing system. The hackers allegedly search for criminal cases featuring Russian and Eastern European surnames. It's unclear if the hack is the work of state cyber units or cybercrime groups. The hack occurred around the July 4th US holiday. Hackers accessed the PACER and CM ECF systems. In other news, the Interlock ransomware gang has published more than 43 gigabytes of files from the Minnesota city of St. Paul. The group published the data after officials refused to pay the ransom. The city called in the National Guard's cyber units to assist with recovering and securing its network. It set up operations at the Roy Wilkins Auditorium and urged employees to visit and secure their accounts. More than half of the city's employees reset passwords, entered and updated devices on Monday. The personal Data of almost 500,000 women has been stolen from a Dutch cancer testing program. The data was stolen from a third party testing laboratory. It impacted women who were tested for cervical cancer. The Dutch government has not identified the threat actor responsible. A ransomware attack has once again disrupted the operations of South Korean online bookstore and ticketing platform Yes24. The company's apps and websites were down on Monday morning but were restored by the afternoon. Yes24 suffered a similar ransomware attack in early June. McDonald's Poland has been fined almost 4 million euros for leaking employee personal data. The leak occurred at a partner company that managed employee work schedules. The data included names, passport numbers, positions and work schedules. It was left in a publicly accessible location on a web server. This is the second largest GDPR fine handed out by Polish authorities. The largest was a 6.3 million euro fine handed to the country's postal service earlier this year. Staff and students at the University of Western Australia were locked out of their accounts following a security breach. UWA reset passwords for all accounts on Monday, the university said. No information other than passwords appears to have been accessed. The Russian government is extending its SORM traffic interception system to 5G satellite communications. Operators will have to install interception equipment at ground stations located in Russ. The new legislation is expected to go into effect next March. Four of Russia's largest telcos have petitioned the government to ban voice calls using foreign instant messengers. They argue that a ban would return traffic to the phone networks and increase their revenue. The telco said they need the revenue to support rising infrastructure maintenance costs. Returning voice calls to traditional systems would also improve the state's interception capabilities. The Netherlands first BEC related lawsuit has been ruled in favour of the victim. A local car company was ordered to reimburse €27,000 to an Australian man who paid for a car in 2022. The company's email was hacked and scammers redirected payment to their own bank accounts. The customer sued after the company refused to deliver the car or provide a refund. Physical attacks on cryptocurrency holders have significantly increased this year and according to crypto tech firm Satoshi Labs, at least one bitcoin owner gets kidnapped each week. Many are tortured for access to their wallets. The company says the attacks are often aided by data leaks from cryptocurrency exchanges. A brute force campaign is targeting Fortinet devices. The campaign started on Aug. 3. It first targeted Fortinet VPNs and shifted to 40 manager devices, Greynoys said. In a single day, almost 800 unique IPs were involved in the attacks. Israeli security firm Profero has developed a decryptor for the Darkbit ransomware. The decryptor exploits a weak key generation algorithm used by the Darkbit group. The group launched in 2023 and is believed to be associated with the muddy water Iranian espionage operation. Profero has not publicly released the decryptor but has offered to help victims. Two hackers have leaked files from the back end of a state sponsored hacking group. The files contain phishing kits, stolen data and the hackers claim the data belongs to the North Korean state sponsored espionage group Kimsuki. They claim the data suggests Kimsuki may also operate on behalf of China and might have Chinese speaking members. A more complete analysis of the data will be published in the Frac magazine this week. A new Russian cyber espionage group has been spotted targeting Georgia and Moldova. Attacks from the Kirli Comrades group coincided with Russian influence operations pushing pro Kremlin geopolitical shifts in both countries. The attacks targeted judicial and government bodies in Georgia and an energy distribution company in Moldova. The Chinese government is using AI companies to monitor and manipulate public opinion on social media. A company named Golaxy has used AI tools to run influence operations targeting users in Hong Kong and Taiwan. Golaxi used a tool named GoPro to build psychological profiles of social media users. The company then deployed bot networks to sway public opinions. The company allegedly removed blog posts mentioning its work with the Chinese government after it gained Western attention. Severe vulnerabilities have been found in a major car manufacturer's online dealership portal. Security researcher Eaton Zvere said the bugs could have allowed attackers to create their own admin accounts. The vulnerabilities resided in the portal's login system and were patched in February. Zwehr has not named the company. Meantime, an unpatched vulnerability could allow attackers to hijack smart bus systems. The vulnerabilities impact routers from VEE technologies that are commonly installed on smart buses in Taiwan. Attackers can bypass authentication and access the router's management panel. Trend Micro says attackers can easily escalate access from the router to the critical systems that manage collision detection, traffic sign recognition and GPS tracking. Researchers said they notified the router maker, but the company failed to reply. A new attack can leak sensitive data from confidential virtual machines that rely on AMD's SEV SNP technology. The new Heracles attack exploits the process of moving confidential data to a new memory location. It was developed by academics and has been successfully used to leak kernel memory, cryptographic keys, user passwords and web sessions. AMD released patches this week. And finally, 71 open source projects have received funding from GitHub to improve their security. The company established its GitHub Secure Open Source Fund last November. Each project received $10,000 to allocated to fixing security flaws. According to GitHub, projects fixed more than 1,100 vulnerabilities and prevented the leak of over 90 secrets and tokens. Projects that received the funding include Node JS, Next JS, Bootstrap, Log4j, and Jupyter. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Yubico. Find them@yubico.com Thanksg Company.