Risky Bulletin: TeleMessage Data Published by DDoSecrets
Hosted by risky.biz (Caitlin Sory)
Release Date: May 21, 2025

1. Massive TeleMessage Data Breach

The episode opens with alarming news about a significant data breach involving TeleMessage. Over 400 gigabytes of stolen data, including memory dumps of a TeleMessage server, have been exposed online. Caitlin Sory reports:

"[00:00] ...More than 400 gigabytes of stolen Telemessage data has been made available online."

This breach was executed by exploiting a security misconfiguration, potentially compromising conversations among senior U.S. government officials. Notably, two separate hackers infiltrated TeleMessage after a high-ranking U.S. official was observed using the app. One of these hackers partnered with the Distributed Denial of Secrets (DDoSecrets) project, pledging to limit data access to journalists and researchers only.

2. FBI Disbands Pfizer Watchdog Office

The Federal Bureau of Investigation (FBI) has undergone significant restructuring, leading to the disbandment of its Office of Internal Auditing, which was responsible for reviewing the agency's use of Pfizer surveillance powers. Caitlin highlights:

"[00:00] The FBI has disbanded a team responsible for reviewing the agency's use of Pfizer surveillance powers."

This move comes amidst congressional scrutiny over the FBI's misuse of FISA's Section 702 surveillance powers. Last year, Congress had both questioned the FBI's practices and extended the surveillance program until April next year, indicating ongoing tension between oversight bodies and the agency.

3. EU Imposes Sanctions on Russian Disinformation Networks

The European Union has taken a firm stance against Russian disinformation by targeting organizations operating within Africa. Caitlin reports:

"[00:00] The European Union imposed new sanctions on organizations associated with Russia's disinformation networks in Africa."

Sanctions were specifically levied against Voice of Europe, a Kremlin propaganda outlet based in the Czech Republic, as well as against Stark Industries and the Nekuliti Brothers, who run bulletproof hosting services aiding Russian Advanced Persistent Threats (APTs), cybercrime, and disinformation groups.

4. Coordinated DDoS Attacks Disrupt Russian Government Portals

A series of Distributed Denial of Service (DDoS) attacks have recently targeted multiple Russian government websites, causing significant outages. Caitlin details:

"[00:00] A coordinated DDoS attack has disrupted multiple Russian government Web portals... Russia's digital key signing service Gossky, and document exchange system Sabi."

Additional disruptions affected services managing medical records and alcohol sales. Russian authorities are actively investigating these assaults, which underscore the ongoing cyber tensions between Russia and external threat actors.

5. UK Legal Aid Agency Suffers Data Theft

A decade's worth of data from the UK Legal Aid Agency has been compromised in a suspected ransomware attack. The breach, disclosed by the agency on a Monday, potentially includes personal information of individuals who applied for legal aid since 2010:

"[00:00] Hackers have stolen more than a decade's worth of data from the UK Legal aid agency."

The incident, which began in late April, was initially underestimated in scope, revealing the persistent vulnerabilities within governmental data protections.

6. Australian Tax Accounts Compromised

Cybercriminals have infiltrated Australian tax accounts, filing fraudulent returns and rerouting refunds to their own bank accounts. Caitlin explains:

"[00:00] Hackers have infiltrated Australian tax accounts, filed fake tax returns and redirected refunds to their own bank accounts."

The Australian Tax Office has yet to disclose the number of affected accounts or the total amount stolen. However, they assert that their systems remain secure, highlighting that identity theft was the primary vector of attack.

7. Cellcom Faces Cyber Attack-Induced Outages

American wireless provider Cellcom has experienced significant service disruptions following a cyberattack. Caitlin notes:

"[00:00] American wireless provider Cellcom has suffered outages following a cyber attack... voice and SMS services have affected across Wisconsin and Upper Michigan."

Despite the outages, Cellcom's CEO has confirmed that there is no evidence suggesting customer data was compromised during the attack.

8. Shutdown of Stalkerware Apps

Three spyware applications—Cocoa Spy, Spy Inc., and Spy Z—have been shut down after being hacked. These apps, known as stalkerware, were used to monitor the devices of employees or family members. Caitlin reports:

"[00:00] Three spyware apps have shut down after being hacked... The data of more than 3 million users of the apps was exposed by the hacks."

The exposure of such extensive user data raises significant privacy and security concerns, especially considering the intrusive nature of these applications.

9. Greek Lawsuit Against Intellexa Adjourned

A lawsuit against spyware provider Intellexa has been postponed by a Greek court. Caitlin states:

"[00:00] A Greek court has adjourned a lawsuit against spyware provider Intellexa... two of the four appointed interpreters refused to work on the case."

The delay was due to the interpreters' inability to translate the substantial volume of Intellexa's documents into English within the required timeframe, impacting the judicial process severely.

10. New Orleans Police Department's Misuse of Facial Recognition

The New Orleans Police Department (NOPD) has come under fire for improperly utilizing facial recognition technology to scan CCTV footage and identify suspects. Caitlin elaborates:

"[00:00] The New Orleans Police Department improperly used facial recognition to scan CCTV footage and identify potential suspects... the project ran despite a local moratorium on using facial recognition for police work."

This misuse occurred by accessing over 200 private security cameras, raising significant ethical and legal concerns about surveillance practices and privacy infringement.

11. UK National Health System Cyber Attacks

The UK government has reported that two cyberattacks against the National Health System (NHS) in 2024 posed risks of clinical harm—defined as the worsening of a patient's condition due to delays in care. Caitlin highlights:

"[00:00] The UK government says that two cyber attacks against the national health system in 2024 put patients at risk of clinical harm."

However, official records indicate that there were no cybersecurity incidents that directly led to excess deaths, alleviating some immediate concerns about patient safety.

12. Seizure of Assets from Australian Hacker

Australian authorities have confiscated the assets of Shane Duffy, a 32-year-old previously convicted for hacking Riot Games in 2018. According to Caitlin:

"[00:00] Australian authorities have seized assets from an Australian man, Shane Duffy, 32... Authorities have seized his house, his car and cryptocurrency believed to have been stolen from a French crypto exchange in 2013."

The French exchange suffered a loss of 950 bitcoins in the 2013 incident, now valued at approximately $100 million. Duffy has not faced charges related to the bitcoin theft.

13. Arrest of Indian Teenager Linked to Hacktivist Group

An 18-year-old in India has been arrested on suspicion of membership in the hacktivist group AnonSec, which orchestrated DDoS attacks on over 20 Indian government websites. Caitlin reports:

"[00:00] Indian authorities have arrested an 18 year old on suspicion of being a hacktivist group member... the attacks took place on May 7, the same day India launched military strikes in Pakistan."

This timing suggests a potential motive linked to geopolitical tensions between India and Pakistan.

14. Van Helsing Ransomware Gang Shuts Down

The operators behind the Van Helsing ransomware have ceased their operations, shutting down their servers and releasing their source code. Caitlin explains:

"[00:00] The operators of the Van Helsing ransomware have shut down their servers and published their source code... The Van Helsing gang has been active for almost two months."

Interestingly, the shutdown followed an attempt by one of their customers to sell the source code on a hacking forum, indicating possible internal fractures or strategic retreats within the group.

15. Microsoft Integrates Post-Quantum Cryptography

In a significant move towards future-proofing cybersecurity, Microsoft is incorporating post-quantum cryptography support into Windows. Caitlin details:

"[00:00] Microsoft is adding post quantum cryptography support to Windows. New algorithms such as MLChem and MLDSA will be tested in Windows Insider builds."

Additionally, some updated libraries will extend support to the Linux ecosystem, ensuring broader adoption and enhanced security across major operating systems.

16. CISA and NIST Introduce New Security Metric

The Cybersecurity and Infrastructure Security Agency (CISA) alongside the National Institute of Standards and Technology (NIST) have proposed a novel security metric aimed at assessing the likelihood of a vulnerability being exploited in the wild, even without concrete evidence. Caitlin notes:

"[00:00] CISA and NIST have proposed a new security metric to describe the likelihood that a vulnerability has been exploited in the wild even without tangible evidence."

This likely exploited vulnerabilities metric is intended to bolster CISA's existing Kev system and is currently undergoing standardization at NIST, promising enhanced predictive capabilities in vulnerability management.

17. Formation of the Strategic Cybersecurity Coalition

A new industry group, the Strategic Cybersecurity Coalition, has been formed by several U.S. cybersecurity companies to advocate for government reforms in cyber aid to allied nations and promote the global adoption of U.S. cybersecurity products. Caitlin concludes:

"[00:00] Several US Cybersecurity companies have formed the Strategic Cybersecurity Coalition, a new industry group that will lobby the U.S. government."

Founding members include prominent companies such as Kairosoft, Dell Technologies, Forescout, Google Cloud, Trellix, and Velos, indicating a strong unified front aiming to influence cybersecurity policy and international collaboration.

This episode of Risky Bulletin provides a comprehensive overview of recent cybersecurity incidents, policy changes, and industry movements. From massive data breaches affecting government and private sectors to significant policy shifts and the formation of influential coalitions, the episode underscores the dynamic and critical nature of cybersecurity in today's digital landscape.