Summary5 min read

Risky Bulletin: Russian Man Extorts Conti Ransomware Group

Podcast: Risky Bulletin by Risky Business Media
Date: February 27, 2026
Host: Claire Airdrop (prepared by Catalyn Kim Panu)

Episode Overview

This episode of Risky Bulletin delivers a tightly packed update on the latest news in cybersecurity. The main headline this week centers on a Russian man charged for the rare crime of extorting the infamous Conti ransomware group. The episode also covers Google and OpenAI cyber disruptions, fresh revelations of government and corporate breaches, AI ethics in military contexts, new hacking tactics, and critical hardware vulnerabilities.

Key Discussion Points & Insights

1. Russian Man Extorts Conti Ransomware Group [00:15]

Story: Ruslan Satuchin faces up to 10 years in prison after impersonating an FSB officer to extort the Conti ransomware group.
- He was detained in October 2025.
- Exploited leaked internal Conti documents and chats from 2022.
- Conti’s Impact: The group had made approximately $150 million from ransomware.

2. Tech & Government Cyber Incidents

Anthropic Rejects Pentagon Requests [01:00]

Anthropic refuses to loosen AI safety safeguards for the US military, despite pressure from Defense Secretary Pete Hegseth.
Anthropic CEO Dario Emedei’s statement:
- “If the Department of War chooses to end its contract with Anthropic, it will help the Pentagon transition to another provider.” [01:21]
- Company policies prohibit use for autonomous weapons and domestic mass surveillance.

Major Mexican Government Breach [01:45]

Hacker uses Claude AI tool to steal over 150 GB of data from multiple Mexican agencies:
- Victims: Tax authority, National Electoral Institute, state water utilities.
- Compromised data: 195 million taxpayer and voter records, government employee credentials, civil registry files.

3. Hacktivism, Surveillance, and Espionage

Belarusian Hacktivists Hit Russian Military Supplier [02:30]

Cyber Partisans hacked Kim Volokno, a top supplier of military materials in Russia.
- The attack took less than a day: “Full admin access to destroy service and more than 1,000 workstations.” [02:40]
- Coincided with the fourth anniversary of the Ukraine invasion.

UK’s Rapid Vulnerability Fixing — NCSC Service [03:10]

UK Cybersecurity Agency: New monitoring service reduced software patch times from nearly two months to eight days for over 6,000 public bodies.
- Now resolving ~400 issues monthly.

Russia Moves to Block Telegram [03:50]

Russian government will block Telegram traffic beginning April 2026.
- Criminal probe launched against Telegram CEO Pavel Durov, accused of “facilitating terrorist activity.” [04:10]

4. Legal & Policy Developments

Predator Spyware Executives Sentenced in Greece [04:40]

Four involved in Predator spyware (Intellexa and Krikal) receive sentences totaling 126+ years; each to serve at least eight years, pending appeal.
- Intellexa founder Tal Dillian among those sentenced.
- Notably, “No Greek government officials were on trial despite having purchased the spyware to use against journalists and political opponents.” [05:00]

Finnish Hacker Sentenced Over Psychotherapy Hack [05:25]

Alexandri Kivimaki’s sentence increased after failed appeal for hacking and extortion of psychotherapy patients.
- Originally sentenced to 8 years, 3 months.
- Currently outside Finland, may return to serve time.

5. Emerging Threats & Exploits

Medical Device Manufacturer Breach [05:50]

UFP Technologies breached; attackers stole & destroyed company data.
- Company relied on backups for recovery.
- No ransomware group claimed responsibility.

Voice Phishing Methods Evolve [06:10]

Scattered Lapsus Hunters group recruiting women for voice phishing against corporate helpdesks.
- “Female voices are more likely to convince help desk staff to ignore their security training.” [06:20]
- Recruits offered up to $1,000 per attempt.

Google & OpenAI Disrupt Espionage [06:45]

Google: Shut down servers & Google Sheets used for command-and-control by Chinese cyber espionage group UNC2814, targeting telcos and governments.
OpenAI: Deleted ChatGPT accounts tied to Chinese intelligence, online scams, Russian influence in Africa, and a Chinese campaign targeting Japan’s prime minister.

Cisco Zero-Day Patched After 3 Years of Exploits [07:25]

Flaw: Critical bug in Catalyst SD WAN device peering.
- Severity: CVSS 10.
- Exploited since at least 2023, discovered by Australian Signals Directorate.
- Attackers attributed to group UAT8616.

Telephony & IoT Vulnerabilities [08:05]

PBX Hacks: Over 900 FreePBX telephony servers infected with Insist PHP web shell, exploiting an admin interface bug patched in November.
DJI Vacuum Takeover: Flaw allowed takeover of DJI Romo Smart Vacuums and mapping of device locations—“data returned with nothing but a serial number.” [08:35]

Let’s Encrypt Domain Flood Bug [09:10]

Stopped issuing certificates for long domain names after misconfigured servers caused request flooding via automated internet scans.

WiFi 'Airsnitch' Attack [09:40]

New attack breaks client isolation on routers from major brands (Netgear, D-Link, Ubiquiti, Cisco).
- Exploits WiFi’s layer 2 topology similar to Ethernet.

Malvertising Campaigns Disrupted [10:00]

Security firm Confiant accessed a test platform (‘Deshorties’) and warned adtech partners—blocked 59 million+ malicious ads.

6. Policy & Industry Lobbying

U.S. Diplomatic Efforts on Data Sovereignty [10:25]

State Department instructs diplomats to lobby against foreign data protection laws, citing hindrance to U.S. AI competitiveness.
- “The Trump administration has been vocal about its opposition to data privacy and protection laws.” [10:35]

Notable Quotes & Memorable Moments

On Anthropic’s Stand:
- "If the Department of War chooses to end its contract with Anthropic, it will help the Pentagon transition to another provider."
  (Claire, 01:21, quoting Dario Emedei)
On Hacktivist Prowess:
- "It took less than a day to gain full admin access to destroy service and more than 1,000 workstations."
  (Claire, 02:40, summarizing Cyber Partisans claim)
On Social Engineering Trends:
- "Female voices are more likely to convince help desk staff to ignore their security training. Female recruits are being offered up to $1,000 cents. Perhaps I should throw my hat in the ring."
  (Claire, 06:20 – lighthearted closing to the segment)

Timestamps for Major Segments

Russian extortion of Conti – [00:15]
Anthropic rebuffs Pentagon AI demands – [01:00]
Mexican government hack – [01:45]
Cyber Partisans hack Russian defense supplier – [02:30]
UK NCSC service impacts – [03:10]
Russia targets Telegram – [03:50]
Predator spyware sentencing – [04:40]
Finnish psychotherapy hack sentencing – [05:25]
UFP Technologies breach – [05:50]
Voice phishing and Scattered Lapsus Hunters – [06:10]
Google/OpenAI espionage disruptions – [06:45]
Cisco zero-day revelation – [07:25]
PBX and IoT vulnerabilities – [08:05]
Let’s Encrypt domain abuse – [09:10]
WiFi Airsnitch attack – [09:40]
Malvertising test platform blocked – [10:00]
U.S. data sovereignty lobbying – [10:25]

Episode Tone

Claire maintains a brisk, newsy, occasionally wry tone, injecting moments of dry humor (“Perhaps I should throw my hat in the ring”) while delivering a dense, expertly curated dose of global cybersecurity news.

For listeners and readers alike, this episode delivers succinct and up-to-the-minute reporting on significant breaches, evolving cyber tactics, policy battles, and technology vulnerabilities shaping the landscape in 2026.

Loading summary

Transcript1 lines

[00:04]
A
A Russian man prosecuted for extorting the Conti ransomware group. Google takes down a Chinese cyber espionage operation, Anthropic tells Department of War to pound sand over AI restrictions and a Cisco Zero day was exploited in the wild for three years. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire airdrop. Today is the 27th of February and this podcast episode is brought to you by Socket Security, a developer first security platform that prevents vulnerable and malicious open source dependencies from infiltrating software supply chains. In today's top story, a Russian man is facing up to 10 years in prison for impersonating an FSB officer to extort the Conti ransomware group. Ruslan Satuchin was detained in October last year. His scheme began after internal Conti documents and chats were leaked online. In 2022. The Contigroup made an estimated $150 million from its ransomware attacks. In other news, Anthropic has told the Pentagon it will not alter its AI model's safeguards. Earlier this year, Defence Secretary Pete Hegseth demanded that the company remove its restrictions for the Department of Defence. Anthropic does not allow its agent to be used by the military for autonomous weapons or or domestic mass surveillance. In a statement today, CEO Dario Emedei said the company would not change its position. He continued that if the Department of War chooses to end its contract with Antropic, it will help the Pentagon transition to another provider. A hacker has stolen more than 150 gigabytes of data from Mexican government agencies. The attacker allegedly used the Claude AI tool to assist with the hacking, according to Bloomberg. He breached Mexico's tax authority, the the National Electoral Institute and several state water utilities. The stolen data includes 195 million taxpayer and voter records, government employee credentials and civil registry files. Belarusian hacktivist group the Cyber Partisans claims to have hacked local industrial giant Kim Volokno. The company is Russia's largest supplier of nylon thread for military helmets and body armour. The Cyber Partisans say they hacked Kim Volokno on the fourth anniversary of Russia's invasion of Ukraine. The group said it took less than a day to gain full admin access to destroy service and more than 1,000 workstations. The UK Cybersecurity Agency says its vulnerability monitoring service has led to bugs being fixed six times faster data since the service launched in January last year says bugs and misconfigurations are now being patched in eight days, down from the previous average of almost two months. The NCSC vulnerability monitoring service works by continuously scanning the networks of more than 6,000 UK public sector bodies. It currently processes and resolves around 400 issues a month. The Russian government is planning to block all Telegram traffic from April, according to local media. The country's Internet watchdog has been blocking some Telegram features and throttling traffic since August last year. Earlier this week, the country also launched a criminal probe of Telegram founder and CEO Pavel Durov. He's accused of facilitating terrorist activity on the platform. Four individuals have been sentenced to prison over the use of the Predator's spyware in Greece. Three executives from Predator's developer Intellexa and one from local reseller Krikal have collectively been sentenced to more than 126 years in prison. They'll each serve at least eight years pending an appeal. Amongst those sentenced is Intellexa founder Tal Dillian. No Greek government officials were on trial despite having purchased the spyware to use against journalists and political opponents. Finnish hacker Alexandri Kivimaki has had his sentence increased by eight months after losing an appeal in 2024. Kivimaki was originally sentenced to eight years and three months for hacking the Vastamo psychotherapy chain and extorting patients. Last year, he was released as part of the appeal process. Kivamaki's lawyer says he's left the country but plans to return to Finland to complete his sentence. Medical device manufacturer UFP Technologies has confirmed a recent breach. The company investors it deployed its backups after attackers stole and destroyed some of its data in February. No ransomware group has taken credit for the attack. The Scattered Lapsus Hunters hacking group is recruiting women to carry out voice phishing attacks against corporate help desks, according to threat intelligence firm Dataminer. Female voices are more likely to convince help desk staff to ignore their security training. Female recruits are being offered up to $1,000 cents. Perhaps I should throw my hat in the ring. Google has taken down infrastructure that was used by a Chinese cyber espionage group to attack telcos and governments. The company disabled cloud servers and Google sheets that were used as command and control for the grid tied backdoor. Google says the malware is the work of a group IT tracks as UNC2814. OpenAI has taken down ChatGPT accounts linked to a Chinese intelligence operation. The AI agent was used to compose emails and perform reconnaissance. The attackers pretended to be a corporation, but chatbot interactions were focused on geopolitical topics. OpenAI also took down clusters running online scams, Russian influence operations in Africa and a Chinese disinformation campaign targeting Japan's prime minister. Cisco has patched an actively exploited zero day in Catalyst SD WAN devices. Attackers are exploiting a flaw in the peering authentication system to obtain admin privileges. It has a CVSS severity rating of 10. The attacks were discovered by the Australian Signals Directorate. Cisco attributed the attacks to a group it tracks as UAT8616 and found evidence that the campaign began at least three years ago. More than 900 free PBX telephony servers have been infected with the Insist PHP web shell. The attacks are exploiting a vulnerability that was patched in November. It allows attackers to inject commands in the server's administrative interface. Almost half of the infected servers are located in the US Chinese drone manufacturer DJI has patched a flaw that could have allowed attackers to take over its Romo Smart Vacuums. Security researcher Sami Azdouful said DJI's cloud service returned data without any authentication beyond a serial number, as Doofel was able to map the locations of more than 7,000 Romo Smart vacuums and as well as 3,000 portable power stations sharing the same server. The let's Encrypt Free certificate Authority has stopped issuing certificates for excessively long domain names. The project said the issue was a result of misconfigured servers. Some web servers can be configured to automatically request new certificates on demand. Internet scans hitting the servers were triggering this process and flooding. Let's Encrypt academics have developed a new attack that breaks WI FI client isolation. The airsnitch attack exploits the normal functioning of WiFi's layer 2 network topology that it inherited from traditional wired Ethernet. It was successfully tested against routers from Netgear, D Link, Ubiquiti and Cisco. A security firm has gained access to a malvertising test platform and helped block more than 59 million malicious ads. Confiant says the test platform was operated by the Malvertizer group Deshorties. The platform allowed Confiant researchers to get a preview of upcoming campaigns, which they shared with the adtech industry. And finally, US Diplomats have been instructed to lobby against restrictions on American tech companies processing of foreign data. The State Department says data sovereignty laws will hinder America's AI sector The Trump administration has been vocal about its opposition to data privacy and protection laws, and that is all for this podcast edition. Today's show was brought to you by our sponsor, Socket Security. Find them at socket.dev thanks to your company.