Newsletters

American and European law enforcement agencies have seized the infrastructure of a residential proxy provider named SocksEscort; the latest of such a crackdown against proxy providers over the past years.

The service had been running since 2021 and rented access to more than 369,000 different IP addresses across its lifetime.

According to the FBI, Europol, and Dutch Police, SocksEscort was a front for a malware operation that infected modems and home routers. Lumen's Black Lotus Labs linked it to a botnet it discovered in 2023, named AVRecon.

President Donald Trump's Cyber Strategy contains an ambitious array of worthwhile goals. The administration's actions over the past year, however, directly undermine many of them, barring one. It raises the question: Can aggressive offensive cyber action compensate for lukewarm defensive efforts?

The strategy, released last Friday, one-ups the Biden era equivalent, at least superficially. Rather than five pillars, this one has six:

The strategy's overall vibe is dominated by that first pillar: "Shape Adversary Behaviour". President Trump's foreword describes using cyber power for "disrupting and disorienting our adversaries". He concludes that "American Power will finally stand up in cyberspace". 

The US Senate has confirmed Army Lt. Gen. Joshua M. Rudd as the next leader of US Cyber Command and the National Security Agency.

Gen. Rudd was confirmed in a 71-29 vote on Tuesday.

He will replace Army Lt. Gen. William Hartman, who is serving as interim chief for both agencies.

US President Donald Trump signed a new executive order on Friday directing federal agencies to prioritize a crackdown against foreign scam operations and predatory forms of cybercrime.

Scam-related crimes, such as business email compromise and investment fraud, have been at the top of the FBI's list of most damaging forms of cybercrime for over half-a-decade.

In 2024 alone, Americans lost $12.5 billion to cyber-enabled fraud schemes, a figure that will likely be surpassed when the 2025 numbers come out in April.

A sudden spike in scanning activity for internet-exposed security cameras has been recorded in Israel and countries across the Middle East. The activity has been traced back to a hacking group with ties to the Iranian government.

The scans spiked on Monday, when Iran launched missile and drone strikes in response to an Israeli and US military operation that bombed and killed its political leadership over the weekend.

Security firm Check Point says the scans targeted Hikvision and Dahua security cameras and included attempts to exploit old vulnerabilities. Scans targeted Israel, Qatar, Bahrain, Kuwait, the UAE, and Cyprus, the exact same countries where Iran carried out kinetic strikes.

The US-Israeli attack on Iran shows how cyber operations help achieve military goals when aggressors have cyber dominance. But it also highlights the small window of opportunity for them to have a significant impact once war kicks off.

At a press briefing on Monday, Joint Chiefs of Staff Chairman Gen. Dan Caine said US Cyber Command was involved in "coordinated space and cyber operations [that] effectively disrupted communications and sensor networks… leaving the adversary without the ability to see, coordinate or respond effectively".

The overall goal, he said, was to "disrupt, disorient and confuse the enemy". 

The Pentagon says that US Cyber Command carried out cyber operations that disrupted Iranian defenses ahead of a joint US-Israeli military operation over the last weekend.

"The first movers were US CyberCom and US SpaceCom, layering non-kinetic effects, disrupting and degrading and blinding Iran's ability to see, communicate, and respond," Joint Chiefs of Staff Chairman Gen. Dan Caine said in a press conference on Monday.

"Coordinated space and cyber operations effectively disrupted communications and sensor networks across the area of responsibility, leaving the adversary without the ability to see, coordinate, or respond effectively," he added.

A team of academics has developed large language models (LLMs) that can deanonymize internet users based on past comments or other digital clues they have left behind.

The new method works even if targets use different pseudonyms across multiple platforms. It can link real identities to hidden accounts and online activity, and vice versa.

The LLMs basically work by analyzing past activity and creating user profiles. Once enough data points are available, connections can be made between similar profiles based on shared vocabulary and other clues revealed online, such as locations, hobbies, age, and so on.

Russian authorities have arrested a Moscow resident for posing as an FSB intelligence officer to extort and demand payments from members of the Conti ransomware group.

Ruslan Satuchin was detained in October of last year and has remained in custody after authorities extended his arrest warrant in December.

According to Russian news outlet RBC, the suspect contacted a Conti member in September of 2022, claiming he could prevent the FSB from investigating them for a bribe.

This week, US Defense Secretary Pete Hegseth delivered an ultimatum to Anthropic that it allow unrestricted military use of its AI models by Friday or face harsh punishments. This begs the question: When it comes to military use of AI, who exactly should be setting the rules?

At issue for the Department of Defense are safeguards intended to prevent accidental or malicious use of AI. The Pentagon argues that AI is no different from any other technology and decisions about how it is used should be left to the military. 

In mid-January, Hegseth spoke about accelerating AI deployment within the War Department and eliminating barriers that prevent deploying the technology to the battlefield. Hegseth railed against "equitable AI, and other DEI and social justice infusions that constrain and confuse our employment of this technology… We will not employ AI models that won't allow you to fight wars."