Risky Bulletin: Russia's Aeroflot Cancels Flights After Hack Hosted by risky.biz Release Date: July 30, 2025

Introduction

In the latest episode of Risky Bulletin, host Claire Airdrop delivers a comprehensive update on significant cybersecurity incidents worldwide. Prepared by Catalyn Kim Panu and read by Claire, this episode delves into a series of high-profile cyberattacks, law enforcement actions, governmental responses, and notable security developments. Below is a detailed summary capturing all key points, discussions, insights, and conclusions from the episode.

Major Cyberattacks Disrupting Global Services

1. Aeroflot Cyberattack: Over 100 Flights Canceled

At [00:04], Claire Airdrop announces a significant cyberattack on Russia's national airline, Aeroflot:

"Russia's national airline cancels more than 100 flights following a cyber attack."

The attack targeted both international and domestic flights operating out of Moscow's Sheremetyeva Airport. The hack was attributed to the hacktivist groups Cyber Partisans and Silent Crow, who claimed responsibility for the intrusion. They reportedly wiped thousands of servers by overwriting files with anti-Putin messages, simultaneously criticizing Aeroflot for poor security practices, including "storing passwords in text files" and the continued use of "Windows XP" ([00:04]).

2. Luxembourg’s State-Owned Telco and Postal Service Hit

The episode also covers a recent cyberattack on Luxembourg’s state-owned telecommunications and postal services:

"A cyber attack against Luxembourg's state owned telco and postal service has disrupted essential services."

The assault impacted flights, emergency services, Internet, and phone access, forcing residents to physically visit fire and police stations for assistance. The company revealed that hackers exploited a vulnerability in a software component, leading to a large-scale malfunction ([00:04]).

3. French Telco Orange Compromised

French telecommunications company Orange experienced a breach last Friday, disrupting some of its services:

"Orange has said effective services should be restored by today. They're the company is investigating the incident."

While details remain sparse, Orange is actively working to mitigate the effects and restore normal operations ([00:04]).

4. Ransomware Attacks on Broadcasters RTE and Albavision

Irish broadcaster RTE and Latin American broadcaster Albavision have fallen victim to ransomware attacks:

"The global ransomware group has claimed credit for the attack... It also took credit for a separate attack against Latin American broadcaster Albavision."

RTE confirmed that live programming remained unaffected and is collaborating with law enforcement to investigate the incident ([00:04]).

Law Enforcement Actions and Seizures

1. US Government Seizes $2.4 Million from Chaos Ransomware Group

The US authorities have successfully seized $2.4 million in Bitcoin from the Chaos Ransomware Group:

"The US government has seized $2.4 million worth of Bitcoin from the Chaos Ransomware Group."

The funds were traced to a crypto wallet linked to an individual operating under the alias "Hawes." The Chaos Ransomware Group, active since February, is believed to be connected to another ransomware operation known as Blacksuit, whose servers were recently taken down by law enforcement ([00:04]).

2. Arrest in Kazakhstan for Ransomware Activities

A man from Almaty, Kazakhstan, has been arrested for his involvement in ransomware attacks:

"A Kazakhstan man has been arrested in relation to ransomware attacks. He was identified as a resident of the city of Almaty."

Accused of hacking foreign companies' servers, encrypting data, and demanding ransoms, the specifics regarding the issuing country of the arrest warrant remain undisclosed ([00:04]).

Governmental Responses to Cybersecurity Threats

1. Kyrgyzstan Nationalizes Internet Access

In a significant move, Kyrgyzstan has nationalized its Internet infrastructure:

"The Kyrgyzstan government has nationalised access to the Internet for one year."

A presidential decree grants the government complete control over all Internet infrastructure until August 2026. The state-owned telecom company LCAT will exclusively manage international Internet connectivity, mandating other telecom providers to route traffic through LCAT and block access to certain sites. The first action under this decree was the blocking of online pornography ([00:04]).

Security Vulnerabilities and Malware Threats

1. xRed Malware in Gaming Mouse Configuration Tool

A malware strain named xRed was discovered in the configuration tool for a gaming mouse from the German company Endgame Gear:

"The xred malware shipped with the configuration tool for a mouse from German company Endgame Gear."

Active for two weeks starting June 26, the malware was detected after antivirus alerts surfaced on Reddit. Endgame Gear promptly addressed the issue upon learning of the compromise ([00:04]).

2. JSCeal Malware Targets Cryptocurrency Users

A new malware variant, JSCeal, is actively targeting the cryptocurrency community:

"The JSCeal malware is hidden inside malicious clones of more than 50 cryptocurrency trading apps."

Users are deceived into downloading these malicious apps through social media advertisements. Once installed, JSCeal can steal credentials, log keystrokes, and manipulate crypto wallets, posing a severe threat to digital asset security ([00:04]).

Corporate and Platform Security Measures

1. Google's Project Zero Updates Vulnerability Reporting

Google's security team has revamped its vulnerability reporting process:

"The Project Zero team says it will publish the names of vendors and their software a week after they report security flaws."

Additionally, they will disclose the dates when bug reports become public. This initiative aims to close the patch gap, encouraging downstream vendors to prepare and implement security patches more swiftly ([00:04]).

2. Avast Releases Decryptor for FunkSec Ransomware

Avast has introduced a free decryptor tool for victims of the FunkSec ransomware:

"Avast has released a free decryptor for the FunkSec ransomware."

First identified in December, FunkSec affected over 100 victims before becoming inactive in March. Avast attributes the creation of FunkSec to the use of AI coding tools, highlighting the evolving nature of ransomware threats ([00:04]).

Legal Actions and Policy Changes

1. Nuwag Sues Security Group Over Firmware Bypass

Polish trainmaker Nuwag is pursuing legal action against the Dragon Sector security research group and a local repair company:

"NeuVag is seeking 1.37 million euros in reputational damages."

The lawsuit alleges that Dragon Sector bypassed software locks on Nuwag's train firmware, infringing on copyrights by disabling trains when unauthorized repair shops attempted maintenance ([00:04]).

2. Android to Allow Disabling of Security Lock Feature

Android users will soon have the option to disable a security feature that automatically locks devices after multiple failed login attempts:

"Android users will soon be able to turn off a security feature that automatically locks devices after too many failed logins."

Introduced in Android 15 as an anti-theft measure, the feature has inadvertently locked many users out of their devices, prompting the forthcoming change to improve user experience ([00:04]).

Legislative and Institutional Responses

1. US Senator Calls for Starlink Restrictions

US Senator Maggie Hassan has urged SpaceX to block Southeast Asian cyber scam operations from accessing Starlink:

"Senator Maggie Hassan cited a 2024 UN report which found that scam compounds relied on Starlink for Internet connectivity."

The senator highlighted that cyber scam cartels have migrated to Starlink services following the shutdown of their fiber optic connections by local authorities, raising concerns over the platform's misuse for illicit activities ([00:04]).

Conclusion

The episode of Risky Bulletin provides a thorough overview of the current cybersecurity landscape, highlighting the pervasive threat of cyberattacks across various sectors and geographies. From the disruption of major airlines and telecommunications services to the seizure of ransomware funds and the nationalization of Internet infrastructure, the bulletin underscores the escalating challenges in cybersecurity. Furthermore, the discussions on malware threats, corporate security measures, and legislative responses illustrate the multifaceted approach required to combat these evolving threats effectively.

For those seeking to stay informed on the latest in cybersecurity, this episode of Risky Bulletin offers invaluable insights and updates.

Note: This summary excludes advertisements, intros, and outros to focus solely on content-rich sections of the podcast.