Risky Bulletin: Russia to Use Custom Crypto-Algorithm for its 5G Network

Podcast: Risky Bulletin (Risky Business Media)
Date: March 27, 2026
Read by: Claire Airdrie
Prepared by: Catalyn Kim Panu

Episode Overview

This episode delivers concise, authoritative updates on the latest in global cybersecurity, focusing on Russia's decision to require a domestic cryptographic algorithm for all 5G phones, as well as notable incidents spanning government surveillance, critical infrastructure attacks, malware campaigns, and developments in encryption.

Main Discussion Points & Insights

1. Russia’s 5G Encryption Mandate

[00:10] Key Story: The Russian government is mandating a custom cryptographic algorithm, NEA 7, for all mobile phones connected to its 5G network.
- By 2032, foreign algorithms such as AES will be unsupported.
- Devices not compatible with NEA 7 will be locked out of the network.
Quote:
- “Phones sold in the country will have to support the NEA 7 encryption algorithm. Foreign algorithms such as AES will not be supported after 2032.” [00:14]
Russia is also expanding the capacity of its national firewall to 954 Tbps by 2030, more than doubling its ability to censor content and block attacks.

2. Spyware Allegations in Hungary

[01:10] Hungarian opposition leader Peter Magyar accused PM Viktor Orban of using Candiru spyware against the Tisa party, poised to challenge Orban’s long-standing government.
Quote:
- “Magyar claims the country's intelligence services used Candiru to spy on the Conservative Party.” [01:20]
The Tisa party may oust Orban for the first time in two decades.

3. Tighter National Security in Hong Kong

[01:45] New national security laws enable police to demand access to suspects’ phone and computer passwords.
- Refusals can lead to one year in prison and fines; misleading information brings up to three years.

4. India Launches CCTV Audit

[02:10] After uncovering a Pakistani spy ring hacking Indian CCTV networks, the Indian government orders a nationwide audit to check camera security and network controls.

5. Wave of Cyberattacks on Infrastructure

Israel [02:31]: Data-wiping attacks hit at least 50 companies; 20 groups are active amid ongoing military tensions with Iran.
- Officials warn attacks will likely persist post-hostilities.
Netherlands [02:55]: Dutch police probe their own breach after a phishing incident, which was quickly contained.
Luxembourg [03:12]: Over 4,850 government mobile devices infected via compromised MDM; all devices now secured.
- Quote:
  - “Hackers have deployed malware to Luxembourg government mobile devices using the government's own MDM Solution.” [03:12]
Spain [03:30]: Ransomware hits Vigo cargo port; manual operations continue, cargo flow unaffected, and no group claimed responsibility.
Puerto Rico [03:45]: Cyberattack disrupts the Department of Transportation; all driver's license and registration appointments cancelled pending investigation.

6. Data Breach at Ajax Amsterdam

[04:10] A hacker breached the Ajax soccer club’s management system, leaked banned supporters’ list, and accessed ticket and personal information.

7. Post-Quantum Cryptography Push by Google

[04:30] Google estimates quantum computers could break classical encryption by decade's end.
- Sets a 2029 deadline for post-quantum cryptography across its products.
- Chrome and Google Cloud are already post-quantum secure; Android to follow this year.

8. Legal and Policy Updates

[05:05] US courts dismiss ex-Meta head of security’s wrongful termination lawsuit.
[05:15] UK sanctions Chinese marketplace Shinbi, which sold data/satellite gear to scammers, helping circumvent law enforcement.
[05:40] US extradites Redline infostealer developer Hambad Zaminozyan; Redline was run as malware-as-a-service.

9. Criminal Investigations and Arrests

[06:05] Russian authorities arrest leakbase forum admin following coordinated site takedown by Western law enforcement.
[06:19] Threat intelligence links the arrest to a Taganrog resident.

10. Advanced Malware in Telcos

[06:30] Chinese APT "Red Mention" deploys new, more sophisticated BPFdoor malware versions targeting telecoms.
- Rapid7 terms these “some of the most advanced malware its team has seen.”

11. Kaspersky Links Karuna to Triangulation iOS Exploits

[06:55] Kaspersky identifies code similarities between the Karuna iOS exploit chain and components used in the Triangulation campaign.
- Attacks used 0-days present in both frameworks.

Notable Quotes

On Russia’s 5G Policy:
- “Devices that do not support the local encryption setup will be unable to connect to Russia's 5G mobile network.” [00:21]
On Data-Wiping Attacks in Israel:
- “Israeli officials have warned that wiper attacks are likely to continue even after military action ends.” [02:47]
On Google’s Quantum Readiness:
- “Google expects quantum computers to be able to break classic encryption by the end of the decade. The company has set a 2029 deadline to secure its products with post quantum cryptography.” [04:32]
On Chinese APT Malware:
- “Rapid7 described them as some of the most advanced malware its team has seen.” [06:40]

Timeline of Key Segments

| Time | Topic | |----------|------------------------------------------------------| | 00:10 | Russia’s custom 5G encryption, firewall expansion | | 01:10 | Hungarian spyware accusations | | 01:45 | Hong Kong password demand law | | 02:10 | Indian CCTV audit | | 02:31 | Israeli data-wiping attacks | | 02:55 | Dutch police breach | | 03:12 | Luxembourg government malware incident | | 03:30 | Spanish cargo port ransomware | | 03:45 | Puerto Rico DOT cyberattack | | 04:10 | Ajax Amsterdam data breach | | 04:30 | Google post-quantum cryptography rollout | | 05:05 | Meta lawsuit dismissal | | 05:15 | UK sanctions Chinese scam marketplace | | 05:40 | Redline infostealer extradition | | 06:05 | Leakbase admin arrest | | 06:30 | Chinese APT BPFdoor malware | | 06:55 | Kaspersky on Karuna and triangulation |

Memorable Moments

The scale and timeline of the Russian encryption mandate reflect major geopolitical tensions and tech decoupling.
The Hungarian opposition’s spyware claim signals high-stakes political drama ahead of a pivotal election.
Google's explicit quantum computing deadline is a rare, forward-looking statement from a Big Tech company.

Tone & Style

The bulletin retains a brisk, matter-of-fact tone that prioritizes accuracy and clarity—delivering headline-focused, actionable information for cybersecurity professionals and informed listeners.

For more details or previous episodes, visit Risky Business Media.

Risky Bulletin: Russia to Use Custom Crypto-Algorithm for its 5G Network

Podcast: Risky Bulletin (Risky Business Media)
Date: March 27, 2026
Read by: Claire Airdrie
Prepared by: Catalyn Kim Panu

Episode Overview

Main Discussion Points & Insights

1. Russia’s 5G Encryption Mandate

[00:10] Key Story: The Russian government is mandating a custom cryptographic algorithm, NEA 7, for all mobile phones connected to its 5G network.
- By 2032, foreign algorithms such as AES will be unsupported.
- Devices not compatible with NEA 7 will be locked out of the network.
Quote:
- “Phones sold in the country will have to support the NEA 7 encryption algorithm. Foreign algorithms such as AES will not be supported after 2032.” [00:14]
Russia is also expanding the capacity of its national firewall to 954 Tbps by 2030, more than doubling its ability to censor content and block attacks.

2. Spyware Allegations in Hungary

[01:10] Hungarian opposition leader Peter Magyar accused PM Viktor Orban of using Candiru spyware against the Tisa party, poised to challenge Orban’s long-standing government.
Quote:
- “Magyar claims the country's intelligence services used Candiru to spy on the Conservative Party.” [01:20]
The Tisa party may oust Orban for the first time in two decades.

3. Tighter National Security in Hong Kong

[01:45] New national security laws enable police to demand access to suspects’ phone and computer passwords.
- Refusals can lead to one year in prison and fines; misleading information brings up to three years.

4. India Launches CCTV Audit

[02:10] After uncovering a Pakistani spy ring hacking Indian CCTV networks, the Indian government orders a nationwide audit to check camera security and network controls.

5. Wave of Cyberattacks on Infrastructure

Israel [02:31]: Data-wiping attacks hit at least 50 companies; 20 groups are active amid ongoing military tensions with Iran.
- Officials warn attacks will likely persist post-hostilities.
Netherlands [02:55]: Dutch police probe their own breach after a phishing incident, which was quickly contained.
Luxembourg [03:12]: Over 4,850 government mobile devices infected via compromised MDM; all devices now secured.
- Quote:
  - “Hackers have deployed malware to Luxembourg government mobile devices using the government's own MDM Solution.” [03:12]
Spain [03:30]: Ransomware hits Vigo cargo port; manual operations continue, cargo flow unaffected, and no group claimed responsibility.
Puerto Rico [03:45]: Cyberattack disrupts the Department of Transportation; all driver's license and registration appointments cancelled pending investigation.

6. Data Breach at Ajax Amsterdam

[04:10] A hacker breached the Ajax soccer club’s management system, leaked banned supporters’ list, and accessed ticket and personal information.

7. Post-Quantum Cryptography Push by Google

[04:30] Google estimates quantum computers could break classical encryption by decade's end.
- Sets a 2029 deadline for post-quantum cryptography across its products.
- Chrome and Google Cloud are already post-quantum secure; Android to follow this year.

8. Legal and Policy Updates

[05:05] US courts dismiss ex-Meta head of security’s wrongful termination lawsuit.
[05:15] UK sanctions Chinese marketplace Shinbi, which sold data/satellite gear to scammers, helping circumvent law enforcement.
[05:40] US extradites Redline infostealer developer Hambad Zaminozyan; Redline was run as malware-as-a-service.

9. Criminal Investigations and Arrests

[06:05] Russian authorities arrest leakbase forum admin following coordinated site takedown by Western law enforcement.
[06:19] Threat intelligence links the arrest to a Taganrog resident.

10. Advanced Malware in Telcos

[06:30] Chinese APT "Red Mention" deploys new, more sophisticated BPFdoor malware versions targeting telecoms.
- Rapid7 terms these “some of the most advanced malware its team has seen.”

11. Kaspersky Links Karuna to Triangulation iOS Exploits

[06:55] Kaspersky identifies code similarities between the Karuna iOS exploit chain and components used in the Triangulation campaign.
- Attacks used 0-days present in both frameworks.

Notable Quotes

On Russia’s 5G Policy:
- “Devices that do not support the local encryption setup will be unable to connect to Russia's 5G mobile network.” [00:21]
On Data-Wiping Attacks in Israel:
- “Israeli officials have warned that wiper attacks are likely to continue even after military action ends.” [02:47]
On Google’s Quantum Readiness:
- “Google expects quantum computers to be able to break classic encryption by the end of the decade. The company has set a 2029 deadline to secure its products with post quantum cryptography.” [04:32]
On Chinese APT Malware:
- “Rapid7 described them as some of the most advanced malware its team has seen.” [06:40]

Timeline of Key Segments

Memorable Moments

The scale and timeline of the Russian encryption mandate reflect major geopolitical tensions and tech decoupling.
The Hungarian opposition’s spyware claim signals high-stakes political drama ahead of a pivotal election.
Google's explicit quantum computing deadline is a rare, forward-looking statement from a Big Tech company.

Tone & Style

The bulletin retains a brisk, matter-of-fact tone that prioritizes accuracy and clarity—delivering headline-focused, actionable information for cybersecurity professionals and informed listeners.

For more details or previous episodes, visit Risky Business Media.

wavePod

Risky Bulletin: Russia to use custom crypto-algorithm for its 5G network

Summary

Risky Bulletin: Russia to Use Custom Crypto-Algorithm for its 5G Network

Episode Overview

Main Discussion Points & Insights

1. Russia’s 5G Encryption Mandate

2. Spyware Allegations in Hungary

3. Tighter National Security in Hong Kong

4. India Launches CCTV Audit

5. Wave of Cyberattacks on Infrastructure

6. Data Breach at Ajax Amsterdam

7. Post-Quantum Cryptography Push by Google

8. Legal and Policy Updates

9. Criminal Investigations and Arrests

10. Advanced Malware in Telcos

11. Kaspersky Links Karuna to Triangulation iOS Exploits

Notable Quotes

Timeline of Key Segments

Memorable Moments

Tone & Style

Summary

Risky Bulletin: Russia to Use Custom Crypto-Algorithm for its 5G Network

Episode Overview

Main Discussion Points & Insights

1. Russia’s 5G Encryption Mandate

2. Spyware Allegations in Hungary

3. Tighter National Security in Hong Kong

4. India Launches CCTV Audit

5. Wave of Cyberattacks on Infrastructure

6. Data Breach at Ajax Amsterdam

7. Post-Quantum Cryptography Push by Google

8. Legal and Policy Updates

9. Criminal Investigations and Arrests

10. Advanced Malware in Telcos

11. Kaspersky Links Karuna to Triangulation iOS Exploits

Notable Quotes

Timeline of Key Segments

Memorable Moments

Tone & Style