News About Cyber Warfare

Berlin (AFP) May 13, 2025 – Three Germans went on trial Tuesday accused of spying for China by supplying it with information on high-tech equipment with military use. The defendants are a married couple identified only as Herwig F. and Ina F., aged 73 and 69, and another man, 60-year-old Thomas R., on trial in the western city of Duesseldorf. The three were arrested in April of last year. The couple were provisionally released in October, while Thomas R. remains in custody. Prosecutors say they collected information on technology including boat engines, sonar systems, propulsion systems for armoured vehicles and military-grade drones. They allegedly gathered the intelligence from February 2017 until their arrest. Prosecutors accuse the three of obtaining the information for the Chinese intelligence agency MSS, with a special focus on intelligence China deemed useful to build up its maritime combat power. The trio allegedly used the couple’s company to build contacts with business enterprises and scientific institutions. The couple also entered a cooperation agreement with a German university on a scientific transfer programme with a study focused on components used in, among other things, ship engines. On behalf of the Chinese intelligence agency, the three defendants also procured three special lasers from Germany and exported them to China in breach of an EU ban on exporting dual-use systems. In addition to working for a foreign intelligence agency, the trio is also accused of violations of the Foreign Trade Act.

Scheveningen, Netherlands (AFP) May 19, 2025 – Gliding through the glistening waters of Scheveningen Harbour near The Hague, a sleek green tube only a few metres (yards) long scans the seabed searching for threats to underwater cables. The vessel is part of an exercise bringing together six countries and more than 20 companies and researchers hoping to stay ahead of the enemy as the danger to Europe’s critical underwater infrastructure rises. From gliders flying low over the sea surface to detect anomalies to a “crawler” deployed on the seabed to remove mines, the vessels are tackling a variety of challenges in a testing seabed measuring 10 square nautical miles. The possible sabotage of undersea cables has hit the headlines in recent years due to a series of incidents, with the finger often pointed at Russia and China. The most recent of these came in December, when the EstLink 2 electricity cable and four telecoms cables that lie on the seafloor linking Finland and Estonia went offline after suspected sabotage. Suspicion fell on the Eagle S, an oil tanker flying the Cook Islands flag but thought to be part of Russia’s so-called “shadow fleet” — ships that carry Russian crude oil and petroleum products embargoed due to Moscow’s invasion of Ukraine. “It’s not a question any more of if it will happen. The question is when the conflict will start,” said Rear Admiral Paul Flos from the Dutch navy. “We have to be ready for it. And that’s what we’re doing here today,” added Flos in an interview with AFP. He said attacks by Russia and China on Europe’s undersea infrastructure were “absolutely increasing” and the lessons learned at the testing centre were helping to counter the threat. The systems were being challenged to detect another vessel snooping around a pipeline, spot a tiny mine laid beside a cable or notice something on the seabed that should not be there. The advantage of the test centre in Scheveningen is that visibility is very poor and the seabed is extremely sandy, meaning the conditions are harsher than in the North Sea. “If it works here, it works everywhere,” said Flos, 58. “At the moment, we’re blind. And with what we’re doing today… we are trying to find out what kind of equipment can best support us and to make sure that we’re not blind any more,” said Flos. – ‘The effect is huge’ – Another high-profile incident came in September 2022 when the Nord Stream natural gas links, which run along the Baltic seabed between Russia and Germany, were partially severed. A field of bubbles formed on the surface above the pipelines as gas flowed out. Seismic records later indicated there had been a series of underwater explosions just before the leak was discovered. European officials declared it an act of sabotage and blamed Russia but more recent media reports have linked the incident to Ukraine — an accusation Kyiv has strenuously denied. In response to the growing threat, NATO hastily pulled together the Baltic Sentry patrol mission early this year. The laying and operation of underwater cables was long the preserve of large telecoms operators but the internet giants have largely taken over in recent years, as they strive to keep up with ballooning flows of data. About 1.4 million kilometres (nearly 900,000 miles) of fibre-optic cables are laid on the ocean floor, enabling the provision of essential services such as trade, financial transactions and public services around the world. The impact of a major attack on Europe’s critical infrastructure could be devastating, said Carine van Bentum, head of the SeaSEC (Seabed security experimentation centre) testing hub. A country could be brought to a “complete standstill”, the 48-year-old told AFP in an interview. “If we do not have power, we as a society are not resilient anymore. We have no idea what to do. If we do not have internet, we cannot pay. So the effect is huge.”

San Francisco (AFP) May 15, 2025 – Coinbase on Thursday said criminals bribed and duped their way to stealing cryptocurrency from its users, then tried to blackmail the exchange to keep the crime quiet. Instead of paying up, Coinbase informed US regulators about the theft and made plans to spend from $180 million to $400 million to reimburse victims and deal with the situation. “Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data to facilitate social engineering attacks,” the leading US cryptocurrency exchange said in a blog post. “These insiders abused their access to customer support systems to steal the account data for a small subset of customers.” Social engineering is a hacker reference to manipulating people into giving up sensitive information, computer access or, in this case, digital money. Criminals got information including phone numbers, email addresses, and partial social security numbers about less than one percent of Coinbase monthly users, the company reported. “Their aim was to gather a customer list they could contact while pretending to be Coinbase – tricking people into handing over their crypto,” Coinbase said in the post. Coinbase told regulators it got an email from an “unknown threat actor” on May 11 showing that inside information had been obtained and demanding $20 million to keep it secret. Coinbase refused, instead going public with an offer of $20 million in reward money for information leading to the arrest and conviction of the attackers. The workers involved with leaking information were fired and fraud-monitoring systems are being ramped up, according to Coinbase. Coinbase shares were down more than six percent in late day trading in New York.

Prague (AFP) May 28, 2025 – The Czech Republic on Wednesday summoned China’s ambassador over a cyberattack targeting Prague’s foreign ministry as the EU and Washington condemned the attack and NATO warned of a growing threat. The Czech foreign ministry said an extensive investigation of the attack “led to a high degree of certainty about the responsible actor”, naming it as China-linked group APT31. “I summoned the Chinese ambassador to make clear that such hostile actions have serious consequences for our bilateral relations,” Foreign Minister Jan Lipavsky said on X. The foreign ministry of the Czech Republic, an EU and NATO member of 10.9 million people, said in a statement the attack started in 2022 and targeted “one of the unclassified networks” of the ministry. “The malicious activity… was perpetrated by the cyberespionage actor APT31 that is publicly associated with the (Chinese) Ministry of State Security,” the ministry added, citing its investigation. “We call on the People’s Republic of China to… refrain from such attacks and to take all appropriate measures to address this situation,” said the ministry. Lipavsky said that “we detected the attackers during the intrusion”. The Chinese embassy in Prague slammed “the unfounded accusations against the Chinese side”. “China absolutely rejects the Czech Republic’s accusations and smears against China under the pretext of cybersecurity without any evidence,” it added. – ‘Growing pattern’ – The Czech Security Information Office (BIS) singled out China as a threat to security in its 2024 annual report. “The Chinese embassy logically focuses on gaining information about the Czech political scene,” the BIS said. EU foreign policy chief Kaja Kallas condemned the cyberattack in a statement. “In 2021, we urged Chinese authorities to take action against malicious cyber activities undertaken from their territory,” Kallas said, adding EU members have nonetheless witnessed attacks from China since then. NATO slammed the attack, saying it observed “with increasing concern the growing pattern of malicious cyber activities stemming from the People’s Republic of China”. Washington also condemned the attack and called on China to “behave responsibly in cyberspace, adhering to its international commitments”. – Taiwan ties – Prague has recently angered Beijing by fostering close ties with Taiwan as high-profile Czech delegations, including the parliament speakers, have visited the island while Taiwanese officials came to Prague several times. China is trying to keep Taipei isolated on the world stage and prevents any sign of international legitimacy for the island. It sees such visits as an infringement of the one-China policy which Prague officially pursues, just like the rest of the EU. In May 2024, Lipavsky summoned the Russian ambassador over repeated cyberattacks targeting several European countries, including the Czech Republic, Germany and Poland. They blamed the attacks on the Russian group APT28, also known as Fancy Bear, which has ties to Russia’s GRU military intelligence service. The BIS then said that Russia was a “permanent security threat” for the Czech Republic, which provides substantial humanitarian and military aid to Ukraine battling a Russian invasion since 2022. It added the Chinese threat was also growing in the context of the Ukraine war as “the North Korea-China axis keeps cultivating relations with Russia that give it a boost in the current conflict”.

Washington DC (UPI) May 28, 2025 – The Czech Republic accused China on Wednesday of being responsible for a “malicious cyber campaign” that targeted an unclassified network of the foreign ministry. Little information about the cyberattack was made public, the Czech government said it began in 2022, affected an institution designated as Czech critical infrastructure and that it was perpetrated by well-known China-backed hackers APT31. “The Government of the Czech Republic strongly condemns this malicious cyber campaign against its critical infrastructure,” the Czech foreign affairs ministry said in a statement. “Such behavior undermines the credibility of the People’s Republic of China and contradicts its public declarations.” APT31, which stands for Advanced Persistent Threat Group 31, is a collection of China state-sponsored intelligence officers, contract hackers and support staff that conduct cyberattacks on behalf of the Chinese government. Seven Chinese nationals were charged in the United States in late March for their involvement in APT31, which federal prosecutors said has targeted U.S. and foreign critics of the Chinese government, business, and political officials over the last 14 years. The Czech government said Wednesday it tied APT31 to the cyberattack through an “extensive investigation,” which “led to a high degree of certainty about the responsible actor.” “The Government of the Czech Republic has identified the People’s Republic of China as being responsible,” it said. NATO and the European Union — both of which Czech is a member of — were quick to condemn China following Prague’s revelation. “We stand in solidarity with the Czech Republic following the malicious cyber campaign against its Ministry of Foreign Affairs,” the security alliance said in a statement. NATO did not blame China but acknowledged the Czechs’ accusation of Beijing for the attack and said that it has observed “with increasing concern the growing pattern of malicious cyber activities stemming from the People’s Republic of China.” Similarly, the EU did not directly point the finger at China for the attack on the Czech Republic, but said there have been cyberattacks linked to Beijing targeting EU and its member stats. “In 2021, we urged Chinese authorities to take action against malicious cyber activities undertaken from their territories. Since then, several Member States have attributed similar activities at their national level,” the EU’s high representative, Kaja Kallas, said in a statement. “We have repeatedly raised our concerns during bilateral engagements and we will continue to do so in the future.”

Washington DC (UPI) Jun 7, 2025 – The Defense Department’s Inspector General is investigating Defense Secretary Pete Hegseth’s March 13 Signal chat ahead of the U.S. military’s extended aerial strikes on Houthi targets in Yemen. The IG’s office initiated the investigation weeks ago and has interviewed current and former Hegseth staffers to learn how the chat and one other that occurred on the Signal encrypted mobile messaging app included civilians, ABC News reported. A DOD IG spokesperson declined to comment on the investigation because it is ongoing. Signal supports encrypted group messaging chats, but at least two chats discussed the onset of U.S. military action against the Houthis that started on March 15. The first erroneously included The Atlantic editor-in-chief Jeffrey Goldberg, while a second Signal chat included Hegseth’s wife and brother. Hegseth in April blamed “disgruntled” former employees and media for the controversy over the Signalchat mishaps that many have dubbed “Signalgate.” “This is what media does,” Hegseth told media during the annual Easter Egg Roll event at the White House on April 21. “They take anonymous sources from disgruntled former employees and they try to slash and burn people and ruin their reputations,” he said. “We’re changing the Defense Department and putting the Pentagon back in the hands of warfighters,” Hegseth said. “Anonymous smears from disgruntled former employees on old news don’t matter.” The aerial attacks continued from March 15 until May 6, when President Donald Trump announced the Houthis agreed to stop attacking U.S.-flagged vessels. The Houthis did not stop attacking Israel or commercial shipping in the Red Sea and the Gulf of Aden.

Tehran (AFP) June 7, 2025 – Iranian state television reported on Saturday that Tehran had obtained a trove of “strategic and sensitive” Israeli intelligence, including files related to Israel’s nuclear facilities and defence plans. “Iran’s intelligence apparatus has obtained a vast quantity of strategic and sensitive information and documents belonging to the Zionist regime (Israel),” the state broadcaster said, citing informed regional sources. The report did not include any details on the documents or how Iran had obtained them. The intelligence reportedly included “thousands of documents related to that regime’s nuclear plans and facilities,” it added. Iranian intelligence agencies and other state media did not immediately comment on the report. According to state television, “the data haul was extracted during a covert operation,” and included a “vast volume of materials — including documents, images, and videos.” The report said the data was thoroughly reviewed by Iranian authorities after being securely transferred to the country. Iran and Israel have waged a years-long campaign of covert and overt operations against each other, ranging from cyberattacks and assassinations to drone strikes and acts of sabotage. Tehran accuses Israel of orchestrating the killings of several of its nuclear scientists, while Israel has blamed Iran for supporting militant groups across the region and targeting Israeli interests abroad. Western countries, led by the United States and Israel, Iran’s sworn enemy and considered by experts to be the only nuclear power in the Middle East, accuse Tehran of wanting to acquire nuclear weapons. Iran denies having such military ambitions but insists on its right to civilian nuclear power under the Non-Proliferation Treaty, to which it is a signatory. The report comes amid ongoing tensions surrounding Iran’s nuclear program, which Israeli leaders view as an existential threat. Israeli Prime Minister Benjamin Netanyahu has consistently expressed support for bombing Iran’s nuclear infrastructure. Last year, tensions between the two foes reached an all-time high as they exchanged direct fire amid Israel’s ongoing war in Gaza. Iran, which has made support for the Palestinian cause a key tenet of its foreign policy since the 1979 revolution, does not recognise Israel.

Washington DC (UPI) Jun 12, 2025 – A former CIA analyst has been sentenced to more than three years in prison for obtaining and sending top secret Defense Department information to unauthorized recipients who then posted it on social media, the Justice Department announced Thursday. Asif William Rahman, 34, of Vienna, had been a CIA employee since 2016 with a top secret security clearance and had access to sensitive information until his termination, a release from the Justice Department said. “For months, this defendant betrayed the American people and the oaths he took upon entering his office by leaking some of our nation’s most closely held secrets,” John Eisenberg, assistant attorney general for national security, said. “As this case demonstrates, the Department of Justice will continue to protect our nation by vigorously investigating and prosecuting leakers who compromise our nation’s security.” Court documents show that Rahman accessed and printed two top secret documents about a foreign ally and its plans against a foreign adversary. “Rahman removed the documents, photographed them, and transmitted them to individuals he knew were not entitled to receive them,” the Justice Department release said. “By Oct. 18, 2024, the documents appeared publicly on multiple social media platforms, complete with the classification markings.” Court records show Rahman continued to access and share top secret information with unauthorized recipients until early November 2024. He then began a “deletion campaign” of work saved on his top secret workstation. Rahman was indicted by a grand jury on Nov. 7, 2024, and was arrested by FBI agents while arriving at work five days later. He pleaded guilty to two counts of willful retention and transmission of classified information related to national defense. He has remained in custody since his arrest.

Hong Kong (AFP) June 11, 2025 – Hong Kong police have warned downloading a mobile game in which players can attempt to overthrow a stand-in for China’s Communist Party could constitute a national security crime, as it vanished from Apple’s local App Store Wednesday. Beijing is extremely sensitive to even subtle hints of dissent, and in 2020 imposed a national security law in Hong Kong that has effectively quashed any political opposition. In “Reversed Front: Bonfire”, developed by a Taiwan-based company, users can “pledge allegiance” to entities including Taiwan, Hong Kong, Tibet and “Uyghur” to “overthrow the communist regime”. Although the game takes place in a historically different universe, the description reads: “This game is a work of NON-FICTION. Any similarity to actual agencies, policies or ethnic groups of the PRC (People’s Republic of China) in this game is INTENTIONAL.” On Tuesday police said “Reversed Front” was “advocating armed revolution” and promoting Taiwan and Hong Kong independence “under the guise of a game”. Downloading the game could see players charged with possessing seditious material, while making in-app purchases could be viewed as providing funding to the developer “for the commission of secession or subversion”. Recommending the game could constitute the offence of “incitement to secession”. Although players can choose to “lead the Communists to defeat all enemies”, the game description makes clear they are meant to be the villains. The Communists are described as “heavy-handed, reckless and inept” and accused of “widespread corruption, embezzlement, exploitation, slaughter and defilement”. Many of the other playing roles correspond to flashpoint issues for Beijing — including self-ruled Taiwan, which China claims as its territory, and Xinjiang, where it has denied accusations of human rights abuses against the minority Muslim Uyghurs. Hong Kong’s vibrant civil society and political opposition have all but vanished since the imposition of the national security law, which was brought in after huge and sometimes violent pro-democracy protests in 2019. On Wednesday Apple appeared to have removed the game from the Hong Kong version of the App Store, after it had been available the day before, an AFP reporter saw. It was not available on Hong Kong’s Google Play on Tuesday, local media reported. But the game’s developer said it had seen a surge in searches since Tuesday’s police announcement, jokingly implying it was thankful to authorities for the visibility boost.

Paris (AFP) June 15, 2025 – Israel’s unprecedented strikes on Iran, which have killed top military leaders and nuclear scientists, required years of meticulous intelligence gathering and infiltration, experts say. Israel said it hit hundreds of targets on Friday alone, and has since continued its attacks, striking a defence facility and fuel depots on Sunday. The fiercest-ever exchange of fire between the arch foes came in the midst of ongoing talks between Tehran and Washington seeking to reach a deal on Iran’s nuclear programme. “Israel has been following the nuclear programme for 15 years,” Israeli analyst Michael Horowitz told AFP. “The strikes we see are the result of years of intelligence gathering and infiltration of the Islamic republic.” Israel has previously carried out more limited attacks against Iranian military sites, including in October last year. “It seems that this week’s operation had been in preparation for months, with an acceleration after the operation last year significantly weakened Iranian air defences,” Horowitz said. The United States and other Western countries, along with Israel, accuse Iran of seeking a nuclear weapon. Tehran denies that, but has gradually broken away from its commitments under a 2015 nuclear deal it struck with world powers, which the United States withdrew from during President Donald Trump’s first term. The landmark accord had provided Iran sanctions relief in exchange for curbs on its atomic programme. – ‘Impressive’ precision – Israel is long believed to have carried out sabotage operations inside Iran through its Mossad espionage agency, but the attacks that started on Friday are by far the broadest in scope. The campaign has shown Israel to be capable of precisely locating and taking out high-ranking Iranian officials and nuclear scientists. A European security source said the strikes showed “an impressive degree of precision and mastery”. Israel says it has killed 20 military and security targets, including the armed forces’ chief of staff and the head of Iran’s Revolutionary Guards, as well as nine nuclear scientists. Danny Citrinowicz, of the Tel Aviv-based Institute for National Security Studies, said the ability to take out high-ranking officials showed “intelligence, but also operational superiority of Israel over Iran”. “It’s highly connected to the ability to collect information, intelligence in Iran for years, excellent intelligence that actually allows you to detect where they’re living, the seniors, also the nuclear scientists,” he told AFP. The latest targeted strikes come after Israel killed Ismail Haniyeh, the political leader of the Palestinian militant group Hamas, in a Tehran guesthouse in July last year. Haniyeh had been in town for the inauguration of Iranian President Masoud Pezeshkian, and was reportedly killed by an explosive device that Israeli operatives had placed in the guesthouse weeks before. Analysts at the time saw the attack as a major intelligence failure by Iran. But “still Iran didn’t learn and didn’t have the ability to lock the holes in their system”, said Citrinowicz. – Smuggled drones – News site Axios reported that Mossad agents inside Iran helped prepare Friday’s strikes, pre-positioning weapon systems near air defence targets, including by hiding them inside vehicles, and launching them when the attack started. An Israeli intelligence official told Axios that Mossad had “established an attack drone base inside Iran with drones that were smuggled in long before the operation”. A former Israeli intelligence official told The Atlantic that “Iranians opposed to the regime make for a ready recruiting pool”, and that “Iranians working for Israel were involved in efforts to build a drone base inside the country”. Alain Chouet, the former number three in the French intelligence, said he was convinced Israel had “half a dozen cells capable of acting at any moment” inside Iran. Iran regularly executes people it accuses of spying for Israel. It is unclear what role, if any, Israel’s key military and diplomatic ally the United States had in the latest strikes. Before the attack early on Friday, Trump publicly urged Israel to allow time for diplomacy, as a sixth round of US-Iranian nuclear talks were set to be held in Oman at the weekend. The US president on Sunday said Washington “had nothing to do” with ally Israel’s campaign. But Iran’s Foreign Minister Abbas Araghchi on Sunday said Tehran had “solid proof of the support of the American forces and American bases in the region” for the attacks. And Israel’s Prime Minister Benjamin Netanyahu said on Saturday his country was acting with “the clear support of the president of the United States”.