Connect with us

CyberSecurity

Chinese National Extradited to US Over Silk Typhoon Cyber Campaign Targeting COVID-19 Research

Published

on

Chinese National Extradited to US Over Silk Typhoon Cyber Campaign Targeting COVID-19 Research

A suspected state-linked hacker accused of targeting US organizations and stealing sensitive COVID-19 research has been extradited to the United States, the Department of Justice (DoJ) announced. This Silk Typhoon extradition marks a significant step in holding state-sponsored cybercriminals accountable.

Xu Zewei, a 34-year-old Chinese national, appeared in a federal court in Houston over the weekend. He faces charges tied to a series of intrusions carried out between February 2020 and June 2021, some of which were allegedly tied to the Silk Typhoon campaign.

Prosecutors alleged that Xu acted under the direction of China’s intelligence apparatus, specifically the Ministry of State Security (MSS) and its Shanghai branch. Court filings claimed he worked through a private contractor, Shanghai Powerock Network Co. Ltd., part of a broader ecosystem used to obscure government involvement in cyber operations.

Alleged Role in COVID-19 and Exchange Server Attacks

Investigators said early attacks focused on US universities and researchers working on pandemic-related science. In February 2020, Xu allegedly accessed a university network in Texas and was later instructed to extract emails belonging to virologists and immunologists studying COVID-19.

Authorities claimed that stolen mailbox data included sensitive research into vaccines, treatments, and testing. These activities were reportedly coordinated with MSS officers, who directed targeting priorities and received updates on compromised systems.

Later that year, the operation allegedly expanded into the exploitation of Microsoft Exchange Server vulnerabilities. These attacks formed part of the wider Silk Typhoon (also tracked as Hafnium) campaign, publicly disclosed by the tech giant in March 2021, which impacted thousands of organizations globally.

Impact on Global Organizations

The Silk Typhoon campaign affected more than 12,700 US organizations, according to the FBI. Attackers deployed web shells on compromised servers, allowing persistent remote access and data exfiltration. Even after patches were released, hundreds of systems remained exposed.

Among the alleged victims were another US university and a global law firm. Prosecutors state that attackers searched stolen emails for references to US policymakers and agencies, using terms linked to Chinese intelligence interests.

Building on this, the indictment outlines how contractor networks operated with both state direction and financial incentives. According to US officials, these groups often targeted a broad set of systems, gathering data that could be sold onward if not directly useful to government intelligence.

Legal Proceedings and Charges

Xu faces multiple charges, including wire fraud, unauthorized access to protected computers and identity theft. Each carries a potential prison sentence of 2 to 20 years. His co-defendant, Zhang Yu, remains at large.

US authorities emphasized that the allegations remain unproven, and the defendant is presumed innocent unless found guilty in court. For more on cybersecurity threats, see our guide on understanding modern cyber threat landscapes.

This extradition underscores the ongoing battle against state-sponsored cyber espionage. As a result, organizations are urged to strengthen defenses against similar attacks. Learn how to protect your network with our cybersecurity best practices checklist.

Broader Implications for Cybersecurity

This case highlights the persistent threat of state-linked hackers targeting critical research and infrastructure. The Silk Typhoon campaign serves as a stark reminder of the vulnerabilities in global digital systems.

Furthermore, the involvement of private contractors like Shanghai Powerock Network Co. Ltd. reveals how state actors use commercial entities to mask their activities. This tactic complicates attribution and enforcement efforts.

In conclusion, the Silk Typhoon extradition represents a pivotal moment in international cybercrime prosecution. It sends a clear message that such activities will not go unpunished, even when conducted under state direction.

CyberSecurity

From teen hacker to Iron Dome researcher, Ocean raises $28M to fight AI phishing with agentic email security

Published

on

From teen hacker to Iron Dome researcher, Ocean raises $28M to fight AI phishing with agentic email security

Shay Shwartz knows the dark side of email phishing all too well. As a teenager, he earned money as a hacker, but after getting caught at age 16, he turned his talents toward defense. Now, his startup Ocean has emerged from stealth with $28 million in funding to combat AI phishing using an agentic email security platform.

The round was led by Lightspeed Venture Partners, with participation from Picture Capital and Cerca Partners. High-profile angel investors also joined, including Wiz co-founder and CEO Assaf Rappaport, as well as Yevgeny Dibrov and Nadir Izrael, the co-founders of Armis, which recently sold to ServiceNow for $7.75 billion.

How Ocean tackles AI phishing with agentic security

Ocean claims its AI can thoroughly analyze the context of every incoming email to detect fraud and impersonation attempts. Unlike traditional vendors like Proofpoint and Mimecast, which focus on standard phishing detection, Ocean uses a small language model tailored to quickly analyze emails, understand the sender’s intent, and evaluate it against the user’s specific organizational context.

“This is like having a guard in every door,” Shwartz said. “This is how we make the inbox a safe place with high hygiene.” The platform is already reviewing billions of emails each month for customers, including Kayak, Kingston Technology, and Headspace.

Why AI phishing requires a new defensive approach

In the past, only highly sophisticated hackers could pull off spear-phishing due to the sheer amount of time, research, and manual labor needed to launch targeted attacks. However, AI has changed the game entirely. “AI just made the entire process automatic, so the scale is much, much bigger now,” Shwartz told TechCrunch. “I can instruct LLM to go and understand exactly who you are, harvest large amount of public information, and create those phishing attacks very targeted against you.”

This means that AI-powered attacks are now accessible to a wider range of malicious actors, increasing the urgency for advanced defense mechanisms. Ocean’s approach is designed to counter this new threat landscape by providing real-time, context-aware protection.

From hacker to Iron Dome researcher: Shwartz’s journey

Shwartz’s path to founding Ocean is unconventional. After his teenage hacking stint, he spent about a decade in top-tier cybersecurity roles, leading major projects for Israel’s elite defense and intelligence units, including work connected to the Iron Dome project. He later joined Axis, the startup later acquired by HPE. All along, he had been itching to launch his own startup, and two years ago, he finally took the plunge.

This background gives Ocean a unique edge in understanding both offensive and defensive cybersecurity strategies. The company’s agentic email security platform is built to fight AI phishing attacks that traditional systems might miss.

How Ocean’s technology works

Ocean built a small language model specifically designed for email analysis. It examines the full context of each message, including the sender’s history, the content, and the recipient’s role within the organization. This allows it to detect subtle impersonation attempts and fraudulent requests that might otherwise slip through.

As a result, Ocean provides a layer of protection that adapts to each user’s unique communication patterns. Learn more about email security best practices to complement your defense strategy.

The future of email security in an AI-driven world

With the rise of generative AI, the threat landscape is evolving rapidly. Ocean’s funding round signals strong investor confidence in agentic security solutions. The startup plans to use the capital to expand its team and enhance its AI capabilities.

For businesses, the message is clear: traditional phishing defenses are no longer enough. Explore our guide to AI threat detection to understand how to stay ahead of emerging risks. Ocean’s approach represents a significant step forward in the fight against AI phishing.

In conclusion, Ocean’s emergence from stealth with $28 million marks a pivotal moment in cybersecurity. By combining the founder’s unique background with cutting-edge AI, the platform offers a promising solution to one of the most pressing digital threats today. Contact us to learn how Ocean can protect your organization.

Continue Reading

CyberSecurity

Discord Rolls Out End-to-End Encrypted Voice and Video Calls for All Users

Published

on

Discord Enables End-to-End Encrypted Voice and Video Calls for Every User

In a significant move for user privacy, Discord has now enabled end-to-end encrypted voice and video calls for all its hundreds of millions of users. This means that conversations on the platform are now private, with no one—not even Discord—able to listen in. The update arrives at a time when other major tech companies have been scaling back similar privacy features.

What Is End-to-End Encryption on Discord?

End-to-end encryption ensures that only the participants in a call can access the audio or video data. Even Discord’s servers cannot decrypt the stream. This is a major step up from standard encryption, where the service provider holds the keys. For users, this means their Discord voice call privacy is now significantly stronger.

The feature was first introduced in 2024 but was limited. Now, it’s the default for all one-on-one and group voice and video calls, outside of stage channels. No action is required from users—the encryption is automatically applied.

Why This Matters for Privacy-Conscious Users

This update comes as a welcome contrast to recent decisions by other platforms. For example, Meta discontinued Instagram’s end-to-end encrypted messaging feature earlier this year. Similarly, TikTok announced it would not encrypt user messages after becoming a US-based company. Discord’s move reinforces its commitment to user privacy in an increasingly surveillance-conscious digital landscape.

According to Mark Smith, Discord’s vice president of core technologies, “End-to-end encryption is now standard for every voice and video call on Discord, outside of stage channels. No opt-in required.” This statement highlights the company’s proactive approach to security.

How It Compares to Other Platforms

While platforms like WhatsApp and Signal have long offered end-to-end encryption for calls, Discord’s implementation is notable because it covers a massive user base that includes gamers, communities, and professionals. The shift positions Discord as a leader in private video calls Discord among social and communication apps.

What Users Need to Do

Absolutely nothing. The feature is enabled by default for all voice and video calls. There is no toggle or setting to turn on. This makes it one of the most seamless privacy rollouts in recent memory. For those concerned about end-to-end encryption messaging platform standards, Discord’s move sets a new benchmark.

However, it’s important to note that text messages and stage channels are not yet covered by this encryption. The company has not announced plans to extend it to those areas.

Looking Ahead: The Future of Discord Security

Discord’s decision to enable Discord end-to-end encrypted voice calls for all users is a strong signal that privacy is becoming a core feature rather than an afterthought. As digital communication grows, users are demanding more control over their data. Discord is listening.

For more on how to secure your online communications, check out our guide on best practices for secure messaging. You might also be interested in top privacy tips for gamers.

In conclusion, Discord has taken a bold step forward. By making end-to-end encryption the default, it has raised the bar for Discord security update 2025 and beyond. Users can now talk freely, knowing their conversations are truly private.

Continue Reading

CyberSecurity

Ransomware Turf War Escalates as 0APT and KryBit Groups Trade Blows in Public Feud

Published

on

Ransomware Turf War: 0APT and KryBit Groups Trade Blows in Public Feud

The cybercrime underground is witnessing an unusual spectacle: a ransomware turf war between two rival groups, 0APT and KryBit, who are publicly leaking each other’s operational data. According to a new report from Halcyon, both groups are now scrambling to rebuild their infrastructure after this dramatic exchange of blows.

This clash began when 0APT, a relatively new ransomware group, posted sensitive data on its leak site targeting three rivals: the newcomer KryBit, along with established players RansomHouse and Everest Group. The leak exposed KryBit’s administrator panel, affiliate details, and victim negotiation data. Halcyon noted that the leaked information spanned from March 28 to April 12, 2026, revealing two administrators, five affiliates, and 20 potential victims. Ransom demands ranged from $40,000 to $100,000 per victim, with exfiltrated data volumes between 10GB and 250GB.

However, KryBit did not take this lying down. The group retaliated by hacking back at 0APT, stealing its data and defacing its leak site with a taunting message: “Next time, don’t play with the big boys.” The counter-leak included full access logs, PHP source code, and system files from 0APT’s infrastructure. More importantly, it revealed a stunning deception: the 190+ victims 0APT had claimed since January 2026 were entirely fabricated. No data was ever exfiltrated from any listed victim.

Halcyon’s analysis also uncovered that 0APT’s entire ransomware data leak site was running on an AnLinux-Parrot OS, pushing content via an Android phone’s internal SD card. This amateurish setup has left 0APT unable to recover, while KryBit maintains control over the defaced site.

Why This Ransomware Turf War Matters for Cybersecurity

This ransomware turf war illustrates a growing trend: cybercriminal groups are increasingly targeting each other to gain credibility and market share. Oliver Newbury, former Barclays CISO and chief strategy officer at Halcyon, explained that financial pressure is driving these conflicts. “These groups depend on credibility to survive, so when that starts to crack, rivals move fast to expose it,” he said. “We’re now seeing them disrupt each other’s operations, taking over infrastructure and undermining campaigns in real time.”

As a result, the ecosystem doesn’t shrink—it reshapes, often becoming harder to predict. For defenders, this means that while internal feuds can temporarily weaken certain groups, they also create new, more resilient adversaries.

Interestingly, Everest Group has not retaliated against 0APT despite having its encoded publication and user data leaked. This suggests that not all groups are willing to engage in public warfare, perhaps preferring to rebuild quietly.

How the Feud Exposes Ransomware Group Vulnerabilities

The KryBit leak exposed critical operational components, including administrator panels and affiliate networks. Halcyon warned that such leaks force groups to “rotate leaked operational components to ensure impact on their activities is limited.” This means both 0APT and KryBit will likely need to rebuild, rebrand, and spin up new infrastructure over the coming weeks or months to remain active.

Moreover, the fabricated victim list from 0APT highlights a broader issue: the ransomware economy relies heavily on perceived success. Groups like 0APT may fabricate attacks to attract affiliates, but such deception can backfire spectacularly when exposed.

Data from Chainalysis in 2025 showed that crypto-payments to ransomware actors dropped 8% annually to $820 million, even as attack numbers rose 50%. This financial squeeze likely fuels conflicts like this ransomware turf war, as groups fight for a shrinking pool of ransom payments.

For more on ransomware trends, see our analysis of ransomware attacks in 2026 and how cybercrime groups are evolving their tactics.

What This Means for Businesses and Defenders

While internal feuds may seem like a net positive for cybersecurity, experts caution against complacency. “It creates instability, but not safety,” Newbury added. The disruption caused by this ransomware turf war could lead to unpredictable behavior from both groups, including more aggressive attacks or a shift to new, harder-to-track methods.

Organizations should remain vigilant: patch systems, enforce multi-factor authentication, and maintain offline backups. The chaos among ransomware groups does not eliminate the threat—it merely changes its form.

In conclusion, the 0APT vs. KryBit feud is a stark reminder that the cybercrime landscape is dynamic and ruthless. As these groups trade blows, they reveal not only each other’s weaknesses but also the fragility of the entire ransomware business model.

Continue Reading

Trending