Risky Bulletin: Russia's Aeroflot cancels flights after hack - Risky Bulletin

Summary6 min read

Risky Bulletin: Russia's Aeroflot Cancels Flights After Hack Hosted by risky.biz Release Date: July 30, 2025

Introduction

In the latest episode of Risky Bulletin, host Claire Airdrop delivers a comprehensive update on significant cybersecurity incidents worldwide. Prepared by Catalyn Kim Panu and read by Claire, this episode delves into a series of high-profile cyberattacks, law enforcement actions, governmental responses, and notable security developments. Below is a detailed summary capturing all key points, discussions, insights, and conclusions from the episode.

Major Cyberattacks Disrupting Global Services

1. Aeroflot Cyberattack: Over 100 Flights Canceled

At [00:04], Claire Airdrop announces a significant cyberattack on Russia's national airline, Aeroflot:

"Russia's national airline cancels more than 100 flights following a cyber attack."

The attack targeted both international and domestic flights operating out of Moscow's Sheremetyeva Airport. The hack was attributed to the hacktivist groups Cyber Partisans and Silent Crow, who claimed responsibility for the intrusion. They reportedly wiped thousands of servers by overwriting files with anti-Putin messages, simultaneously criticizing Aeroflot for poor security practices, including "storing passwords in text files" and the continued use of "Windows XP" ([00:04]).

2. Luxembourg’s State-Owned Telco and Postal Service Hit

The episode also covers a recent cyberattack on Luxembourg’s state-owned telecommunications and postal services:

"A cyber attack against Luxembourg's state owned telco and postal service has disrupted essential services."

The assault impacted flights, emergency services, Internet, and phone access, forcing residents to physically visit fire and police stations for assistance. The company revealed that hackers exploited a vulnerability in a software component, leading to a large-scale malfunction ([00:04]).

3. French Telco Orange Compromised

French telecommunications company Orange experienced a breach last Friday, disrupting some of its services:

"Orange has said effective services should be restored by today. They're the company is investigating the incident."

While details remain sparse, Orange is actively working to mitigate the effects and restore normal operations ([00:04]).

4. Ransomware Attacks on Broadcasters RTE and Albavision

Irish broadcaster RTE and Latin American broadcaster Albavision have fallen victim to ransomware attacks:

"The global ransomware group has claimed credit for the attack... It also took credit for a separate attack against Latin American broadcaster Albavision."

RTE confirmed that live programming remained unaffected and is collaborating with law enforcement to investigate the incident ([00:04]).

Law Enforcement Actions and Seizures

1. US Government Seizes $2.4 Million from Chaos Ransomware Group

The US authorities have successfully seized $2.4 million in Bitcoin from the Chaos Ransomware Group:

"The US government has seized $2.4 million worth of Bitcoin from the Chaos Ransomware Group."

The funds were traced to a crypto wallet linked to an individual operating under the alias "Hawes." The Chaos Ransomware Group, active since February, is believed to be connected to another ransomware operation known as Blacksuit, whose servers were recently taken down by law enforcement ([00:04]).

2. Arrest in Kazakhstan for Ransomware Activities

A man from Almaty, Kazakhstan, has been arrested for his involvement in ransomware attacks:

"A Kazakhstan man has been arrested in relation to ransomware attacks. He was identified as a resident of the city of Almaty."

Accused of hacking foreign companies' servers, encrypting data, and demanding ransoms, the specifics regarding the issuing country of the arrest warrant remain undisclosed ([00:04]).

Governmental Responses to Cybersecurity Threats

1. Kyrgyzstan Nationalizes Internet Access

In a significant move, Kyrgyzstan has nationalized its Internet infrastructure:

"The Kyrgyzstan government has nationalised access to the Internet for one year."

A presidential decree grants the government complete control over all Internet infrastructure until August 2026. The state-owned telecom company LCAT will exclusively manage international Internet connectivity, mandating other telecom providers to route traffic through LCAT and block access to certain sites. The first action under this decree was the blocking of online pornography ([00:04]).

Security Vulnerabilities and Malware Threats

1. xRed Malware in Gaming Mouse Configuration Tool

A malware strain named xRed was discovered in the configuration tool for a gaming mouse from the German company Endgame Gear:

"The xred malware shipped with the configuration tool for a mouse from German company Endgame Gear."

Active for two weeks starting June 26, the malware was detected after antivirus alerts surfaced on Reddit. Endgame Gear promptly addressed the issue upon learning of the compromise ([00:04]).

2. JSCeal Malware Targets Cryptocurrency Users

A new malware variant, JSCeal, is actively targeting the cryptocurrency community:

"The JSCeal malware is hidden inside malicious clones of more than 50 cryptocurrency trading apps."

Users are deceived into downloading these malicious apps through social media advertisements. Once installed, JSCeal can steal credentials, log keystrokes, and manipulate crypto wallets, posing a severe threat to digital asset security ([00:04]).

Corporate and Platform Security Measures

1. Google's Project Zero Updates Vulnerability Reporting

Google's security team has revamped its vulnerability reporting process:

"The Project Zero team says it will publish the names of vendors and their software a week after they report security flaws."

Additionally, they will disclose the dates when bug reports become public. This initiative aims to close the patch gap, encouraging downstream vendors to prepare and implement security patches more swiftly ([00:04]).

2. Avast Releases Decryptor for FunkSec Ransomware

Avast has introduced a free decryptor tool for victims of the FunkSec ransomware:

"Avast has released a free decryptor for the FunkSec ransomware."

First identified in December, FunkSec affected over 100 victims before becoming inactive in March. Avast attributes the creation of FunkSec to the use of AI coding tools, highlighting the evolving nature of ransomware threats ([00:04]).

Legal Actions and Policy Changes

1. Nuwag Sues Security Group Over Firmware Bypass

Polish trainmaker Nuwag is pursuing legal action against the Dragon Sector security research group and a local repair company:

"NeuVag is seeking 1.37 million euros in reputational damages."

The lawsuit alleges that Dragon Sector bypassed software locks on Nuwag's train firmware, infringing on copyrights by disabling trains when unauthorized repair shops attempted maintenance ([00:04]).

2. Android to Allow Disabling of Security Lock Feature

Android users will soon have the option to disable a security feature that automatically locks devices after multiple failed login attempts:

"Android users will soon be able to turn off a security feature that automatically locks devices after too many failed logins."

Introduced in Android 15 as an anti-theft measure, the feature has inadvertently locked many users out of their devices, prompting the forthcoming change to improve user experience ([00:04]).

Legislative and Institutional Responses

1. US Senator Calls for Starlink Restrictions

US Senator Maggie Hassan has urged SpaceX to block Southeast Asian cyber scam operations from accessing Starlink:

"Senator Maggie Hassan cited a 2024 UN report which found that scam compounds relied on Starlink for Internet connectivity."

The senator highlighted that cyber scam cartels have migrated to Starlink services following the shutdown of their fiber optic connections by local authorities, raising concerns over the platform's misuse for illicit activities ([00:04]).

Conclusion

The episode of Risky Bulletin provides a thorough overview of the current cybersecurity landscape, highlighting the pervasive threat of cyberattacks across various sectors and geographies. From the disruption of major airlines and telecommunications services to the seizure of ransomware funds and the nationalization of Internet infrastructure, the bulletin underscores the escalating challenges in cybersecurity. Furthermore, the discussions on malware threats, corporate security measures, and legislative responses illustrate the multifaceted approach required to combat these evolving threats effectively.

For those seeking to stay informed on the latest in cybersecurity, this episode of Risky Bulletin offers invaluable insights and updates.

Note: This summary excludes advertisements, intros, and outros to focus solely on content-rich sections of the podcast.

Loading summary

Transcript1 lines

[00:04]
Claire Airdrop
Russia's national airline cancels more than 100 flights following a cyber attack. The FBI seizes $2.4 million from the chaos Ransomware Kazakhstan arrests a ransomware suspect and Kyrgyzstan nationalizes Internet access this is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire Airdrop. Today is the 30th of July and this podcast episode is brought to you by Vulnerability Management and analysis platform Nucleus Security A cyberattack on Russia's national airline Airflot caused the cancellation of more than 100 flights. International and domestic flights in and out of Moscow's Sheremetyeva Airport were impacted. The cyber partisans and Silent Crow hacktivist groups claimed credit for the intrusion, which wiped thousands of servers. They claimed to have wiped systems by overwriting files with anti Putin insults. The groups mocked Airflot employees for storing passwords in text files and the airline for still using Windows xp. In other news, A cyber attack against Luxembourg's state owned telco and postal service has disrupted essential services. Flights, emergency services, Internet and phone access were impacted during last week's attack against Post Luxembourg. Residents had to physically visit fire and police stations to request assistance. Downed airport systems caused flight delays with airline staff having to manually check baggage. Internet and phone connectivity was also impacted. On Friday, the company said hackers exploited a vulnerability in a software component and caused a large scale malfunction. Hackers have breached major French telco Orange the hack last Friday disrupted some services to the company's clients. Orange has said effective services should be restored by today. They're the company is investigating the incident. Irish broadcaster RTE has fallen victim to a ransomware attack. The broadcaster says it's working with law enforcement to investigate the incident. Live programming was not disrupted. The global ransomware group has claimed credit for the attack. It also took credit for a separate attack against Latin American broadcaster Albavision. The US government has seized $2.4 million worth of Bitcoin from the Chaos Ransomware Group. The funds were taken from a crypto wallet owned by a member using the name Hawes. The Chaos Ransomware Group launched in February this year. Its members are believed to be connected to Blacksuit, a ransomware operation whose servers were seized by law enforcement last week. A Kazakhstan man has been arrested in relation to ransomware attacks. He was identified as a resident of the city of Almaty. He's accused of hacking the servers of foreign companies, encrypting data and requesting ransoms, and officials didn't specify which country issued the arrest warrant. The Kyrgyzstan government has nationalised access to the Internet for one year. A presidential decree has given the government full control of all Internet infrastructure until August 2026. State owned telecom company LCAT will be the sole supplier of international Internet connectivity. Other telecoms will have to route traffic through LCAT and block access to certain sites, according to government orders. As its first move, Kyrgyzstan has blocked access to online Pornograph. The configuration tool for a popular gaming mouse, has infected users with malware. The xred malware shipped with the configuration tool for a mouse from German company Endgame Gear. The malware was live for two weeks from June 26. The company learned of the compromise after reports of antivirus alerts on Reddit. The women only TAPP has disabled its direct messaging feature following a recent security breach. Initial reporting indicated that thousands of ID photos and selfies had been compromised. The company has since said some private messages were also accessed following last week's hack. The data was later leaked on 4chan. The tapp allows women to post anonymous reviews of men and their dates. A US senator has urged SpaceX to block southeast Asian cybersecam compounds from using Starlink. Senator Maggie Hassan cited a 2024 UN report which found that scam compounds relied on Starlink for Internet connectivity. Cyberscam cartels migrated to Starlink after local authorities cut off their fibre optic connections. Google's security team has updated its vulnerability reporting rules. The Project Zero team says it will publish the names of vendors and their software a week after they report security flaws. The team will also publish the dates that bug reports will be made public. Google says the new rules are to help close the patch gap. Downstream vendors are expected to prepare for incoming security patches and incorporate them faster. Antivirus company Avast has released a free decryptor for the FunkSec ransomware. The ransomware was first spotted in December. IT listed over 100 victims on its leak site before becoming inactive in March. Avast believes Funk SEC was created with the help of AI coding tools. Polish trainmaker Nuwag is suing a local security research group and a repair company. Neuvag claims its copyright was infringed when the Dragon Sector security group bypassed software locks on train firmware. The group found that Neuvag included code that disabled trains if they were fixed by unauthorised repair shops. NeuVag is seeking 1.37 million euros in reputational damages. A threat actor is targeting the cryptocurrency community with a new malware strain. The JSCeal malware is hidden inside malicious clones of more than 50 cryptocurrency trading apps. Users are lured to the apps through social media ads. The malware can steal credentials, log keystrokes and manipulate crypto wallets. And finally, Android users will soon be able to turn off a security feature that automatically locks devices after too many failed logins. The failed authentication lock was added in Android 15 and turned on by default. It was advertised as an anti theft protection system. However, many users have locked themselves out of their own devices and that is all for this podcast edition. Today's show was brought to you by our sponsor, Nucleus Security. Find them@nucleussec.com thanks to your company.