Following years of Russian cyber hostility towards the United States and its longstanding allies—marked by persistent election interference, hacking and leaking operations, disinformation initiatives, sophisticated espionage, and overt, disruptive cyberattacks—numerous recent actions from the Trump administration have shifted the US perspective on the cybersecurity dangers presented by the Kremlin, minimizing the threats from Russian hackers portrayed as US adversaries. This shift in stance coincides with the strengthening relationship between Donald Trump and Russian president Vladimir Putin. However, consistent evaluations from the US intelligence community regarding Russia’s activities in the cyber realm and the risks it poses to the US suggest that this new approach might endanger the US.
This de-emphasis on the threat from Russia has manifested in various ways. Liesyl Franz, the US State Department’s deputy assistant secretary for international cybersecurity, stated at a United Nations working group last week that the US has concerns over digital incursions from China and Iran but did not reference Russia. A recent memorandum circulated at the Cybersecurity and Infrastructure Security Agency outlined the agency’s priorities, highlighting concerns about China and the protection of US systems while omitting any mention of Russia. Additionally, last week, Defense Secretary Pete Hegseth instructed US Cyber Command to cease all operational planning against Russia, including offensive cyber operations, as reported by the cybersecurity news outlet The Record.
A race is underway to identify and freeze $1.4 billion that was stolen from the cryptocurrency exchange ByBit
Eight days have elapsed since ByBit announced that hackers took $1.4 billion worth of Ethereum-based assets from the company, an event regarded as one of the largest crypto thefts in history. Now, efforts are being made to trace the stolen funds across various blockchains, avert their liquidation, or even recover them, spurred by the $140 million in bounties set forth by ByBit. Earlier this week, ByBit launched a dedicated website inviting crypto investigators to share tips regarding the whereabouts of its stolen Ethereum and offering a reward of 5% of the value of any assets they manage to identify and assist in freezing or seizing. An additional 5% of the value is available as a distinct reward for any cryptocurrency exchange or platform that retrieves the funds.
As of Friday, the website reported that a dozen bounty hunters are actively participating in this crypto-tracing initiative, with total rewards paid out amounting to approximately $4.3 million. The site also features a leaderboard of tracers who have successfully tracked portions of the funds across blockchains or frozen assets, alongside a list of crypto exchanges that have, conversely, liquidated the stolen sums on behalf of the criminals. Thus far, only one exchange, eXch, has been singled out for liquidating $94 million of the stolen assets. ByBit pointed out that eXch has not responded to its communications, and the exchange did not reply to a request for comment from the BBC.
Recently, the FBI publicly identified the hackers involved in the massive ByBit breach as TraderTraitor, a group of state-backed cybercriminals operating on behalf of North Korea. The FBI urged the cryptocurrency sector not to launder funds connected to these hackers, part of the larger collective known as Lazarus which has long troubled the cryptocurrency ecosystem and has stolen billions in assets, both crypto and otherwise. In its warning, the bureau also released a list of Ethereum addresses tied to the stolen funds to assist the cryptocurrency industry in recognizing and seizing any portion of the $1.4 billion before it can be converted to cash. A post by crypto tracing firm TRM Labs indicated that approximately $400 million of the funds have already been transferred and may have been successfully liquidated.
In July, a group calling itself “NullBulge” released a 1.1-TB cache of information obtained from Disney’s internal Slack archive, prompting an urgent cleanup effort as Disney sought to manage leaked financial figures, employee details such as passport numbers, and confidential customer data. The breach happened when a Disney staff member, Matthew Van Andel, unknowingly downloaded malware onto his personal device that captured his login information for several services, including the essential password to his 1Password vault. “It’s impossible to convey the sense of violation,” he expressed to The Wall Street Journal. Van Andel also had his credit card information and other personal details compromised, and he subsequently lost his job when Disney conducted an audit of his work device, claiming that he had accessed inappropriate content from it, an accusation he refutes. This incident is part of a broader trend where malware infecting an employee’s personal computer can significantly impact the organization they work for.
An Italian priest associated with the Pope had his phone compromised by hackers
Mattia Ferrari, who collaborates with a migrant-rescue organization and has a close bond with the Pope, disclosed this week that he received a notification from Meta indicating that his phone had been infiltrated with advanced spyware from the Israeli company Paragon. This development follows reports that Luca Casarini, the founder of the NGO Mediterranea Saving Humans, where Ferrari has worked as a chaplain, also had his phone hacked by spyware, as did Italian journalist Francesco Cancellato. The series of spyware attacks on Italian activists and reporters raises questions about who may be behind these hacking efforts, leading opposition figures to urge the administration of Italian Prime Minister Giorgia Meloni to take action. The Meloni government has denied any involvement in the hacking incidents. Pope Francis, currently in critical condition due to pneumonia, previously mentioned speaking with Ferrari during a television interview in January, raising concerns about whether the spies who breached Ferrari’s phone could have listened in on a conversation with the Pope.
