Risky Bulletin: Russian Man Extorts Conti Ransomware Group
Podcast: Risky Bulletin by Risky Business Media
Date: February 27, 2026
Host: Claire Airdrop (prepared by Catalyn Kim Panu)
Episode Overview
This episode of Risky Bulletin delivers a tightly packed update on the latest news in cybersecurity. The main headline this week centers on a Russian man charged for the rare crime of extorting the infamous Conti ransomware group. The episode also covers Google and OpenAI cyber disruptions, fresh revelations of government and corporate breaches, AI ethics in military contexts, new hacking tactics, and critical hardware vulnerabilities.
Key Discussion Points & Insights
1. Russian Man Extorts Conti Ransomware Group [00:15]
- Story: Ruslan Satuchin faces up to 10 years in prison after impersonating an FSB officer to extort the Conti ransomware group.
- He was detained in October 2025.
- Exploited leaked internal Conti documents and chats from 2022.
- Conti’s Impact: The group had made approximately $150 million from ransomware.
2. Tech & Government Cyber Incidents
Anthropic Rejects Pentagon Requests [01:00]
- Anthropic refuses to loosen AI safety safeguards for the US military, despite pressure from Defense Secretary Pete Hegseth.
- Anthropic CEO Dario Emedei’s statement:
- “If the Department of War chooses to end its contract with Anthropic, it will help the Pentagon transition to another provider.” [01:21]
- Company policies prohibit use for autonomous weapons and domestic mass surveillance.
Major Mexican Government Breach [01:45]
- Hacker uses Claude AI tool to steal over 150 GB of data from multiple Mexican agencies:
- Victims: Tax authority, National Electoral Institute, state water utilities.
- Compromised data: 195 million taxpayer and voter records, government employee credentials, civil registry files.
3. Hacktivism, Surveillance, and Espionage
Belarusian Hacktivists Hit Russian Military Supplier [02:30]
- Cyber Partisans hacked Kim Volokno, a top supplier of military materials in Russia.
- The attack took less than a day: “Full admin access to destroy service and more than 1,000 workstations.” [02:40]
- Coincided with the fourth anniversary of the Ukraine invasion.
UK’s Rapid Vulnerability Fixing — NCSC Service [03:10]
- UK Cybersecurity Agency: New monitoring service reduced software patch times from nearly two months to eight days for over 6,000 public bodies.
- Now resolving ~400 issues monthly.
Russia Moves to Block Telegram [03:50]
- Russian government will block Telegram traffic beginning April 2026.
- Criminal probe launched against Telegram CEO Pavel Durov, accused of “facilitating terrorist activity.” [04:10]
4. Legal & Policy Developments
Predator Spyware Executives Sentenced in Greece [04:40]
- Four involved in Predator spyware (Intellexa and Krikal) receive sentences totaling 126+ years; each to serve at least eight years, pending appeal.
- Intellexa founder Tal Dillian among those sentenced.
- Notably, “No Greek government officials were on trial despite having purchased the spyware to use against journalists and political opponents.” [05:00]
Finnish Hacker Sentenced Over Psychotherapy Hack [05:25]
- Alexandri Kivimaki’s sentence increased after failed appeal for hacking and extortion of psychotherapy patients.
- Originally sentenced to 8 years, 3 months.
- Currently outside Finland, may return to serve time.
5. Emerging Threats & Exploits
Medical Device Manufacturer Breach [05:50]
- UFP Technologies breached; attackers stole & destroyed company data.
- Company relied on backups for recovery.
- No ransomware group claimed responsibility.
Voice Phishing Methods Evolve [06:10]
- Scattered Lapsus Hunters group recruiting women for voice phishing against corporate helpdesks.
- “Female voices are more likely to convince help desk staff to ignore their security training.” [06:20]
- Recruits offered up to $1,000 per attempt.
Google & OpenAI Disrupt Espionage [06:45]
- Google: Shut down servers & Google Sheets used for command-and-control by Chinese cyber espionage group UNC2814, targeting telcos and governments.
- OpenAI: Deleted ChatGPT accounts tied to Chinese intelligence, online scams, Russian influence in Africa, and a Chinese campaign targeting Japan’s prime minister.
Cisco Zero-Day Patched After 3 Years of Exploits [07:25]
- Flaw: Critical bug in Catalyst SD WAN device peering.
- Severity: CVSS 10.
- Exploited since at least 2023, discovered by Australian Signals Directorate.
- Attackers attributed to group UAT8616.
Telephony & IoT Vulnerabilities [08:05]
- PBX Hacks: Over 900 FreePBX telephony servers infected with Insist PHP web shell, exploiting an admin interface bug patched in November.
- DJI Vacuum Takeover: Flaw allowed takeover of DJI Romo Smart Vacuums and mapping of device locations—“data returned with nothing but a serial number.” [08:35]
Let’s Encrypt Domain Flood Bug [09:10]
- Stopped issuing certificates for long domain names after misconfigured servers caused request flooding via automated internet scans.
WiFi 'Airsnitch' Attack [09:40]
- New attack breaks client isolation on routers from major brands (Netgear, D-Link, Ubiquiti, Cisco).
- Exploits WiFi’s layer 2 topology similar to Ethernet.
Malvertising Campaigns Disrupted [10:00]
- Security firm Confiant accessed a test platform (‘Deshorties’) and warned adtech partners—blocked 59 million+ malicious ads.
6. Policy & Industry Lobbying
U.S. Diplomatic Efforts on Data Sovereignty [10:25]
- State Department instructs diplomats to lobby against foreign data protection laws, citing hindrance to U.S. AI competitiveness.
- “The Trump administration has been vocal about its opposition to data privacy and protection laws.” [10:35]
Notable Quotes & Memorable Moments
- On Anthropic’s Stand:
- "If the Department of War chooses to end its contract with Anthropic, it will help the Pentagon transition to another provider."
(Claire, 01:21, quoting Dario Emedei)
- "If the Department of War chooses to end its contract with Anthropic, it will help the Pentagon transition to another provider."
- On Hacktivist Prowess:
- "It took less than a day to gain full admin access to destroy service and more than 1,000 workstations."
(Claire, 02:40, summarizing Cyber Partisans claim)
- "It took less than a day to gain full admin access to destroy service and more than 1,000 workstations."
- On Social Engineering Trends:
- "Female voices are more likely to convince help desk staff to ignore their security training. Female recruits are being offered up to $1,000 cents. Perhaps I should throw my hat in the ring."
(Claire, 06:20 – lighthearted closing to the segment)
- "Female voices are more likely to convince help desk staff to ignore their security training. Female recruits are being offered up to $1,000 cents. Perhaps I should throw my hat in the ring."
Timestamps for Major Segments
- Russian extortion of Conti – [00:15]
- Anthropic rebuffs Pentagon AI demands – [01:00]
- Mexican government hack – [01:45]
- Cyber Partisans hack Russian defense supplier – [02:30]
- UK NCSC service impacts – [03:10]
- Russia targets Telegram – [03:50]
- Predator spyware sentencing – [04:40]
- Finnish psychotherapy hack sentencing – [05:25]
- UFP Technologies breach – [05:50]
- Voice phishing and Scattered Lapsus Hunters – [06:10]
- Google/OpenAI espionage disruptions – [06:45]
- Cisco zero-day revelation – [07:25]
- PBX and IoT vulnerabilities – [08:05]
- Let’s Encrypt domain abuse – [09:10]
- WiFi Airsnitch attack – [09:40]
- Malvertising test platform blocked – [10:00]
- U.S. data sovereignty lobbying – [10:25]
Episode Tone
Claire maintains a brisk, newsy, occasionally wry tone, injecting moments of dry humor (“Perhaps I should throw my hat in the ring”) while delivering a dense, expertly curated dose of global cybersecurity news.
For listeners and readers alike, this episode delivers succinct and up-to-the-minute reporting on significant breaches, evolving cyber tactics, policy battles, and technology vulnerabilities shaping the landscape in 2026.