Risky Bulletin: The US Sanctions Another Russian Bulletproof Hosting Provider
Hosted by risky.biz | Released on July 2, 2025

1. Introduction

In the latest episode of Risky Bulletin, host Claire Airdrop delivers a comprehensive update on significant cybersecurity events shaping the global landscape. From international sanctions to sophisticated cyberattacks, the episode covers a spectrum of issues pertinent to cybersecurity professionals and enthusiasts alike.

2. US Sanctions on ASA Group: Russian Bulletproof Hosting

At the outset, Claire announces, “[00:04]... the US Treasury Department has sanctioned the Russian bulletproof web hosting provider ASA Group.” This action targets ASA Group and its subsidiaries, including three owners and a fourth executive. The group stands accused of facilitating various cybercrimes, such as hosting infostealers, ransomware operations, disinformation campaigns, and dark web marketplaces.

Key Points:

• Sanction Details: The sanctions aim to cripple ASA Group's operations by targeting its leadership and financial networks.
• Criminal Activities: ASA Group is implicated in supporting cybercriminal activities, making it a significant target for international law enforcement.
• Context: This marks the third Russian bulletproof hosting provider sanctioned in 2025, following Z Service and Stark Industries.

3. International Criminal Court (ICC) Security Breach

Claire updates listeners on a recent security incident at the International Criminal Court (ICC): “[00:04]... the International Criminal Court discloses a security breach.” The breach, detected last week, is described as sophisticated, although specific details remain undisclosed. Notably, the ICC experienced a similar breach in September 2023.

Consequences:

• Data Compromised: A ransomware gang named Sacom has stolen over one terabyte of sensitive data related to the Swiss government.
• Leakage: Following the refusal to pay a ransom, Sacom leaked the data on the Dark Web, emphasizing the increasing boldness of such groups.

4. Iranian Hackers and the Trump Campaign Emails

A significant threat emerges from Iranian hackers who are threatening to sell emails purportedly stolen from Donald Trump’s election campaign in May [00:04]. The compromised emails reportedly include sensitive communications from key figures such as White House Chief of Staff Susie Wiles, lawyer Lindsay Halligan, and advisor Roger Stone.

Details:

• Volume of Data: The hackers claim possession of over 100 gigabytes of emails.
• Threat: If a ransom isn't paid, the files may be released publicly.
• Legal Action: The US has charged three Iranian intelligence agents in connection with the hack, signaling a robust response to cyber threats targeting political entities.

5. Mobile Device Security: Senator Wyden’s Recommendations

Senator Ron Wyden has called for an urgent update to the FBI's mobile device security guidelines for government officials [00:04]. He critiques the current recommendations as outdated and inadequate for the evolving threat landscape.

Recommendations Include:

• Ad Blocking: Enabling ad-blocking features to prevent malicious advertisements from compromising devices.
• Disabling Ad Tracking IDs: Reducing the risk of tracking and data leakage.
• Enhanced Security Modes: Utilizing advanced security settings available in modern mobile operating systems to bolster defenses against potential attacks.

6. Europol’s Crackdown on Crypto Investment Scam Ring

Europol has successfully arrested five members of a crypto investment scam ring responsible for defrauding over £460 million from approximately 5,000 victims [00:04]. The operation involved a global network of money mules who facilitated the withdrawal of funds from ATMs and the transfer of funds between bank and cryptocurrency accounts.

Operational Insights:

• Scope: The arrests were made in Spain last week, indicating the international reach of the scam.
• Modus Operandi: The use of money mules highlights the sophisticated methods employed to launder and obscure illicit funds.

7. FBI Dismantles North Korean Laptop Farms

In a significant move against North Korean cyber operations, the FBI has dismantled 29 laptop farms used to host over 200 laptops [00:04]. These farms were part of remote IT worker schemes that allowed North Korean operatives to appear as legitimate employees within the United States.

Implications:

• Identity Theft: Workers used stolen identities to secure positions at more than 100 U.S. companies, facilitating espionage and cyber theft.
• Legal Actions: The Justice Department has charged eight individuals responsible for operating the laptop farms, along with four North Korean workers involved in stealing cryptocurrency assets from their employers.

8. Chinese Student Jailed for SMS Blasting in the UK

Rui Chen Xeon, a Chinese national, has been sentenced to one year in prison in the UK for deploying an SMS Blaster to send phishing texts [00:04]. Operating from a vehicle, Chen sent tens of thousands of fraudulent messages over the span of a week.

Investigation Highlights:

• Detection: The operation was uncovered in March through a joint investigation between UK police forces and mobile operators.
• Impact: The phishing texts were designed to deceive recipients into divulging sensitive information, demonstrating the persistent threat of SMS-based cyberattacks.

9. Pakistani Web Developers’ Malware-Infested Network

A group of Pakistani web developers has constructed a network of websites advertising cracked software, which is embedded with malware disseminating infostealers [00:04]. Over four years, hundreds of such websites were developed, likely for a third-party operative.

Security Firm Insights:

• Malware Functionality: The infostealers target users to exfiltrate sensitive data, posing significant risks to individuals and organizations alike.
• Operational Scale: The extensive number of websites indicates a well-coordinated and sustained effort to distribute malicious software.

10. Chinese Hacking Group and Avanti Zero-Days

France's cybersecurity agency has attributed three Avanti zero-day exploits used last year to a suspected Chinese hacking group [00:04]. This group operates as an initial access broker within a larger Advanced Persistent Threat (APT) network.

Agency Findings:

• Linkages: The group, identified as Hukin, is associated with UNC5174, known as a cyber contractor for China’s Ministry of State Security, as described by Google.
• Exploitation: The zero-days were actively exploited in the wild, underscoring the sophistication and reach of the attackers.

11. Vulnerabilities in Wind FTP Server and Chrome Zero-Day

Wind FTP Server Vulnerabilities:

• Risk: Attackers can bypass authentication on the web interface by appending a null byte to the username, a flaw that can be chained with two others to gain root access [00:04].
• Patch Status: Wind has addressed only two of the three identified vulnerabilities, leaving one critical issue unresolved.

Chrome Zero-Day Exploit:

• Nature: A type confusion vulnerability in Chrome's V8 JavaScript engine.
• Discovery: Identified by Google’s security team.
• Resolution: This marks the fourth Chrome zero-day patch in the current year, highlighting ongoing challenges in securing widely used software.

12. AT&T Launches SIM Swapping Prevention Feature

To combat SIM swapping attacks, AT&T has introduced a new wireless account lock feature [00:04]. This feature prevents unauthorized number porting and changes to billing details and can be activated through the AT&T app.

Industry Context:

• Adoption: Similar protective measures have been implemented by other major carriers, including T-Mobile, Verizon, and Google Fi.
• User Empowerment: By providing users with direct control over account modifications, carriers are enhancing security and reducing the risk of unauthorized access.

13. Advancements in Post-Quantum Cryptography

Apple's Initiative:

• Support: Upcoming versions of iOS and macOS will incorporate the MLChem algorithm.
• Purpose: To safeguard TLS connections against future quantum computing attacks capable of breaking current encryption standards [00:04].

Microsoft's Commitment:

• Announcement: In May, Microsoft revealed its integration of post-quantum cryptographic support for Windows, aligning with industry-wide efforts to future-proof cybersecurity measures.

Ubuntu's Performance Enhancement:

• Driver Adjustments: Developers have disabled side-channel attack protections in Intel’s graphics drivers, opting instead for protections at the Linux kernel and GPU driver levels.
• Outcome: This modification is expected to boost graphics performance by approximately 20%, balancing security with functionality.

Conclusion

Claire Airdrop wraps up the Risky Bulletin by highlighting the multifaceted nature of current cybersecurity challenges, from state-sponsored cyber threats and sophisticated malware operations to advancements in security technologies. The episode underscores the critical need for continuous vigilance, updated security protocols, and international cooperation in combating ever-evolving cyber threats.

For more detailed insights and updates, subscribe to Risky Bulletin on your preferred podcast platform.