Blog

PRAGUE — The Czech government has identified China as being “responsible” for cyberattacks against a a communication network of the Czech Foreign Ministry, officials said on Wednesday.

The Foreign Ministry said the malicious activities started in 2022 and targeted the country’s critical infrastructure. The ministry said it believed the Advanced Persistent Threat 31, or APT31 group, associated with the Chinese Ministry of State Security was behind the campaign.

It was not immediately clear what specific information were seized or what damage was caused by the attacks. The Czech ministry said a new communication system has already been put in place.

Foreign Minister Jan Lipavský said in a separate statement that his ministry summoned the Chinese ambassador to Prague to make it clear to the Chinese side “that such activities have serious impacts on mutual relations.”

“The government of the Czech Republic strongly condemns this malicious cyber campaign against its critical infrastructure,” the statement said. “Such behavior undermines the credibility of the People´s Republic of China and contradicts its public declarations.”

NATO and the European Union condemned the attack and expressed solidarity with the Czechs.

“We observe with increasing concern the growing pattern of malicious cyber activities stemming from the People’s Republic of China,” NATO said.

“This attack is an unacceptable breach of international norms,” EU top diplomat Kaja Kallas said. “The EU will not tolerate hostile cyber actions.”

___

Sam McNeil contributed to this report from Paris.

CAPE CANAVERAL, Fla. — Astronomers have discovered a strange new object in our Milky Way galaxy.

An international team reported Wednesday that this celestial object — perhaps a star, pair of stars or something else entirely — is emitting X-rays around the same time it’s shooting out radio waves. What’s more, the cycle repeats every 44 minutes, at least during periods of extreme activity.

Located 15,000 light-years away in a region of the Milky Way brimming with stars, gas and dust, this object could be a highly magnetized dead star like a neutron or white dwarf, Curtin University’s Ziteng Andy Wang said in an email from Australia.

Or it could be “something exotic” and unknown, said Wang, lead author of the study published in the journal Nature.

NASA’s Chandra X-ray Observatory spotted the X-ray emissions by chance last year while focusing on a supernova remnant, or the remains of an exploded star. Wang said it was the first time X-rays had been seen coming from a so-called long-period radio transient, a rare object that cycles through radio signals over tens of minutes.

Given the uncertain distance, astronomers can’t tell if the weird object is associated with the supernova remnant or not. A single light-year is 5.8 trillion miles.

The hyperactive phase of this object — designated ASKAP J1832−091 — appeared to last about a month. Outside of that period, the star did not emit any noticeable X-rays. That could mean more of these objects may be out there, scientists said.

“While our discovery doesn’t yet solve the mystery of what these objects are and may even deepen it, studying them brings us closer to two possibilities,” Wang said. “Either we are uncovering something entirely new, or we’re seeing a known type of object emitting radio and X-ray waves in a way we’ve never observed before.”

Launched in 1999, Chandra orbits tens of thousands of miles (kilometers) above Earth, observing some of the hottest, high-energy objects in the universe.

___

The Associated Press Health and Science Department receives support from the Howard Hughes Medical Institute’s Science and Educational Media Group and the Robert Wood Johnson Foundation. The AP is solely responsible for all content.

CAPE CANAVERAL, Fla. — Astronomers have discovered a strange new object in our Milky Way galaxy.

An international team reported Wednesday that this celestial object — perhaps a star, pair of stars or something else entirely — is emitting X-rays around the same time it’s shooting out radio waves. What’s more, the cycle repeats every 44 minutes, at least during periods of extreme activity.

Located 15,000 light-years away in a region of the Milky Way brimming with stars, gas and dust, this object could be a highly magnetized dead star like a neutron or white dwarf, Curtin University’s Ziteng Andy Wang said in an email from Australia.

Or it could be “something exotic” and unknown, said Wang, lead author of the study published in the journal Nature.

NASA’s Chandra X-ray Observatory spotted the X-ray emissions by chance last year while focusing on a supernova remnant, or the remains of an exploded star. Wang said it was the first time X-rays had been seen coming from a so-called long-period radio transient, a rare object that cycles through radio signals over tens of minutes.

Given the uncertain distance, astronomers can’t tell if the weird object is associated with the supernova remnant or not. A single light-year is 5.8 trillion miles.

The hyperactive phase of this object — designated ASKAP J1832−091 — appeared to last about a month. Outside of that period, the star did not emit any noticeable X-rays. That could mean more of these objects may be out there, scientists said.

“While our discovery doesn’t yet solve the mystery of what these objects are and may even deepen it, studying them brings us closer to two possibilities,” Wang said. “Either we are uncovering something entirely new, or we’re seeing a known type of object emitting radio and X-ray waves in a way we’ve never observed before.”

Launched in 1999, Chandra orbits tens of thousands of miles (kilometers) above Earth, observing some of the hottest, high-energy objects in the universe.

___

The Associated Press Health and Science Department receives support from the Howard Hughes Medical Institute’s Science and Educational Media Group and the Robert Wood Johnson Foundation. The AP is solely responsible for all content.

CAPE CANAVERAL, Fla. — Astronomers have discovered a strange new object in our Milky Way galaxy.

An international team reported Wednesday that this celestial object — perhaps a star, pair of stars or something else entirely — is emitting X-rays around the same time it’s shooting out radio waves. What’s more, the cycle repeats every 44 minutes, at least during periods of extreme activity.

Located 15,000 light-years away in a region of the Milky Way brimming with stars, gas and dust, this object could be a highly magnetized dead star like a neutron or white dwarf, Curtin University’s Ziteng Andy Wang said in an email from Australia.

Or it could be “something exotic” and unknown, said Wang, lead author of the study published in the journal Nature.

NASA’s Chandra X-ray Observatory spotted the X-ray emissions by chance last year while focusing on a supernova remnant, or the remains of an exploded star. Wang said it was the first time X-rays had been seen coming from a so-called long-period radio transient, a rare object that cycles through radio signals over tens of minutes.

Given the uncertain distance, astronomers can’t tell if the weird object is associated with the supernova remnant or not. A single light-year is 5.8 trillion miles.

The hyperactive phase of this object — designated ASKAP J1832−091 — appeared to last about a month. Outside of that period, the star did not emit any noticeable X-rays. That could mean more of these objects may be out there, scientists said.

“While our discovery doesn’t yet solve the mystery of what these objects are and may even deepen it, studying them brings us closer to two possibilities,” Wang said. “Either we are uncovering something entirely new, or we’re seeing a known type of object emitting radio and X-ray waves in a way we’ve never observed before.”

Launched in 1999, Chandra orbits tens of thousands of miles (kilometers) above Earth, observing some of the hottest, high-energy objects in the universe.

___

The Associated Press Health and Science Department receives support from the Howard Hughes Medical Institute’s Science and Educational Media Group and the Robert Wood Johnson Foundation. The AP is solely responsible for all content.

The headline-grabbing tale of an Italian man who said he was kidnapped and tortured for weeks inside an upscale Manhattan townhouse by captors seeking his bitcoin highlights a dark corner of the cryptocurrency world: the threat of violence by thieves seeking digital assets.

The alleged attempted robbery is known as a “wrench attack.” It’s a name popularized by an online comic that mocked how easily high-tech security can be undone by hitting someone with a wrench until they give up passwords.

Wrench attacks are on the rise thanks in part to cryptocurrency’s move into mainstream finance, Phil Ariss of the crypto tracing firm TRM Labs said in a recent blog post.

“Criminal groups already comfortable with using violence to achieve their goals were always likely to migrate to crypto,” Ariss said.

Some of the crypto’s key characteristics help explain why wealthy individuals who hold a lot of digital assets can be ripe targets for such attacks.

Cryptocurrencies like bitcoin offer traders full control of their funds without the need for a bank or permission from a government to buy, sell or hold it. The trade-off is that if funds are lost or stolen, there can be no way to get them back.

Self-reliance is a key ethos of crypto. Securing and controlling one’s private keys, which are like passwords used to access one’s crypto holdings, is viewed as sacrosanct among many in the crypto community. A popular motto is “not your keys, not your coins.”

Transactions on the blockchain, the technology that powers cryptocurrencies, are permanent. And unlike cash, jewelry, gold or other items of value, thieves don’t need to carry around stolen crypto. With a few clicks, huge amounts of wealth can be transferred from one address to another.

In the case in New York, where two people have been charged, a lot of details have yet to come out, including the value of the bitcoin the victim possessed.

Stealing cryptocurrency is almost as old as cryptocurrency itself, but it’s usually done by hacking. North Korean state hackers alone are believed to have stolen billions of dollars’ worth of crypto in recent years.

In response to the threat of hacking, holders of a large amount of crypto often try and keep their private keys off the internet and stored in what are called “cold wallets.” Used properly, such wallets can defeat even the most sophisticated and determined hackers.

But they can’t defeat thieves who force a victim to give up their password to access their wallets and move money.

The case in New York is the latest in a string of high-profile wrench attacks. Several have taken place in France, where thieves cut off a crypto executive’s finger.

Experts suggest several ways to mitigate the threats of wrench attacks, including using wallets that require multiple approvals before any transactions.

Perhaps the most common way crypto-wealthy individuals try to prevent wrench attacks is by trying to stay anonymous. Using nicknames and cartoon avatars in social media accounts is common in the crypto community, even among top executives at popular companies.

Shouldn’t a robust IT system be able to withstand the odd “human error”, such as somebody at a third-party supplier being hoodwinked by devious cybercriminals? Isn’t £300m at the expensive end for these events? And should it really take four-and-a-half weeks, and counting, for one of the UK’s biggest and well-resourced retailers to restore its website to working order?

The response of Marks & Spencer’s chief executive, Stuart Machin, to such questions ran along these lines: the incident had nothing to do with underinvestment in IT; everyone is vulnerable; M&S was unlucky; the “moment in time” will pass and everything will be back to normal by July at the latest.

Too complacent? Marking his own homework? Well, before joining the chorus that says M&S should have been better prepared, one should probably say that assessing corporate responses to these cyber-attacks is impossible from the outside. M&S can’t share the full details of what happened, just as nobody ever does. One suspects its reaction was better than most, but there isn’t a league table to consult. We will have to wait to see what, if any, fine is dished out by the Information Commissioner’s Office for breaches of customers’ data.

But Machin is probably on safe ground with his “bump in the road” financial thesis. If the top-line hit of £300m can be whittled down to £150m-ish after the arm-wrestle with the insurers plus management of costs “and other trading actions”, one is looking at a number that, while large, is a long way from upsetting M&S’s broader revival.

This is a group that has just reported a 22% jump in underlying pre-tax profits to £876m, its best result in 17 years, and the balance sheet these days is a model of conservatism, showing year-end net cash of £438m ignoring lease liabilities. As long as the IT/cyber issues are contained and fixable, M&S can handle the financial blow. The website, which is where the crisis was concentrated (and still is), accounts for only a tenth of sales. Ensuring it comes back reliably, as opposed to prioritising absolute speed, sounds sensible.

It is hard to know how customers will react, of course. Machin probably shouldn’t place too much weight on the fact that many are telling him they’re terribly supportive; the ones to worry about are the non-communicative sort. “We are nervous that customers will have their long-term habits changed,” says Jonathan Pritchard at the broker Peel Hunt. It’s a legitimate concern but, equally, it’s entirely possible that customers take a sanguine view and carry on as before. Most of us, let’s be honest, aren’t making amateur IT appraisals when we shop.

The show of corporate confidence – plus the forecast-beating pre-attack profit numbers – were enough to repair some of the damage to the share price. It rose by 2.5% on Wednesday, meaning it’s down a net 8% since the Easter cyber villainy. That reaction feels roughly right. This was a severe incident, it’s embarrassing and it’s not yet over. But if £150m is the ultimate one-off net cost to M&S – and, crucially, if there is no repetition – the roof has not fallen in.

The owner of OnlyFans, the subscription platform used by millions for its adult content, is in talks to sell the UK-based business for $8bn (£5.9bn).

The site’s owner, Fenix International, is in discussions with a consortium led by the US investment firm Forest Road Company (FRC), whose board members include Kevin Mayer, who was an executive at Disney for nearly 15 years and also briefly ran TikTok.

Fenix is owned by Leonid Radvinsky, a 43-year-old Ukrainian-American entrepreneur, who has received dividends of just under $1.3bn from the highly profitable site since 2020.

OnlyFans has more than 4m accounts registered to creators who charge subscribers for access to their content, with the proceeds split 80/20 with the platform. The site has 305m fan accounts, enabling users to buy videos from, and send messages to, their favourite performers.

Although OnlyFans points to a breadth of content that includes comedy, lifestyle and celebrity material, it is synonymous with pornography and has a strict 18+ age limit.

In its most recent accounts, OnlyFans posted revenues of $1.3bn in the year to 30 November 2023, an increase of 20% on the previous year, while its pre-tax profit rose by a quarter to $658m.

The number of creator accounts and fan accounts each grew by nearly 30% and content creators received $6.6bn in 2023.

At the time, Keily Blair, the chief executive of OnlyFans, said the company had cemented its place as a “leading digital entertainment company and a UK tech success story”.

OnlyFans declined to comment and FRC has been contacted for comment.

Fenix is also in talks with other suitors, according to Reuters, which first revealed the takeover talks. It is also understood that a flotation of the platform is an unlikely option.

skip past newsletter promotion

after newsletter promotion

OnlyFans was founded in 2016 by Tim Stokely, backed by a loan from his investment banker father, and Radvinsky bought the company in 2018. Little is known about Odesa-born Radvinsky, although his personal website states that he holds a degree in economics from Northwestern University in the US and he lives in Florida. Before acquiring OnlyFans he owned an adult webcam business.

In March the UK communications regulator fined Fenix £1m for failing to accurately respond to requests for information about age-checking measures on the platform, specifically facial estimation technology that gauges a user’s age via a selfie.

Ofcom said Fenix was a large, well-resourced company that was “well aware of its regulatory obligations” and should have avoided its failings.

An Indian company that operates Marks & Spencer’s IT helpdesk is reportedly investigating whether it was used by cybercriminals to gain access to systems at the retailer, which is battling a devastating hack.

M&S said this week that “threat actors” had gained access to the retailer’s systems through one of its contractors – understood to be Tata Consultancy Services (TCS).

The clothing, food and homeware retailer confirmed the hackers used “social engineering” techniques to attack them, such as posing as a staff member to fool a helpdesk into giving away passwords.

TCS, which has worked with M&S for more than a decade, has been helping the retailer with its inquiries into the cyber-attack, which began over the Easter weekend. The retailer said the attack could cost it up to £300m in profit.

The Mumbai-based group is conducting an internal inquiry, expected to conclude this month, into whether its employees or systems were linked to the attack, according to the Financial Times.

Discerning the exact route the hackers took could be important for M&S and TCS as the Information Commissioner’s Office (ICO), the UK’s data watchdog, will examine who might face a fine for any loss of customer and staff data as a result of the hack.

The ICO can impose a fine of up to £17.5m, or 4%, of worldwide annual turnover, whichever is greater, and will take into account the nature and seriousness of a failure, how individuals have been affected, and whether other regulatory authorities are already taking action.

British Airways faced a £20m fine from the ICO in 2018 after hackers diverted traffic to a fake website allowing them to access personal data while Tesco Bank was hit with a £16.4m fine after hackers stole customer card details.

M&S has been battling to recover for a month. The attack forced M&S to stop orders via its website, while deliveries of food and fashion into stores and some deliveries to its online food partner, Ocado, have also been disrupted.

M&S has admitted that some personal information relating to thousands of customers – including names, addresses, dates of birth and order histories – was taken.

skip past newsletter promotion

after newsletter promotion

The TCS investigation comes as M&S’s operations continue to be disrupted by the hack, with stock levels in stores affected. Its website is not expected to be fully functioning again until July.

The attack, which has been attributed to the hacking collective Scattered Spider, emerged days before similar cyber-attacks were reported against the Co-op and Harrods.

Staff at some of the Co-op’s grocery stores are still struggling to keep shelves fully stocked this week.

TCS was approached for comment.

An Indigenous tribe from the Brazilian Amazon has sued the New York Times, saying the newspaper’s reporting on the tribe’s first exposure to the internet led to its members being widely portrayed as technology-addled and addicted to pornography.

The Marubo tribe of the remote Javari valley, a community of about 2,000 people, filed the defamation lawsuit seeking hundreds of millions of dollars in damages this week in a court in Los Angeles.

It also names TMZ and Yahoo as defendants, alleging that their stories amplified and sensationalized the Times’s reporting and smeared the tribe in the process.

The suit says the Times’s June 2024 story by reporter Jack Nicas on how the group was handling the introduction of satellite service through Elon Musk’s Starlink “portrayed the Marubo people as a community unable to handle basic exposure to the internet, highlighting allegations that their youth had become consumed by pornography”.

“These statements were not only inflammatory but conveyed to the average reader that the Marubo people had descended into moral and social decline as a direct result of internet access,” an amended version of the lawsuit filed on Thursday says. “Such portrayals go far beyond cultural commentary; they directly attack the character, morality, and social standing of an entire people, suggesting they lack the discipline or values to function in the modern world.”

In a statement to the Associated Press, a Times spokesperson said: “Any fair reading of this piece shows a sensitive and nuanced exploration of the benefits and complications of new technology in a remote Indigenous village with a proud history and preserved culture. We intend to vigorously defend against the lawsuit.”

The theme of Nicas’s story was that after less than a year of service, the community was now facing the same kinds of struggles with the pervasive effects of the internet and the proliferation of smartphones that much of the world has dealt with for years.

Nicas listed a broad range of those challenges: “teenagers glued to phones; group chats full of gossip; addictive social networks; online strangers; violent video games; scams; misinformation; and minors watching pornography”.

He later wrote that a tribal leader “is most unsettled by the pornography. He said young men were sharing explicit videos in group chats, a stunning development for a culture that frowns on kissing in public.”

The piece makes no other mention of porn, but that aspect of the story was amplified and aggregated by other outlets including TMZ, which ran a story and accompanying video headlined “Elon Musk’s Starlink Hookup Leaves A Remote Tribe Addicted To Porn.”

The suit says the video segment “falsely framed the Marubo Tribe as having descended into moral collapse”.

Messages seeking comment from TMZ and Yahoo were not immediately answered.

The misperceptions brought on by the aggregation and repackaging of the story led the Times to publish a follow-up.

“The Marubo people are not addicted to pornography,” Nicas wrote in the second story. “There was no hint of this in the forest, and there was no suggestion of it in The New York Times’s article.”

That did not satisfy the tribe, which says in the lawsuit that the story “failed to acknowledge the role the NYT itself played in fueling the defamatory narrative. Rather than issuing a retraction or apology, the follow-up downplayed the original article’s emphasis on pornography by shifting blame to third-party aggregators.”

Nicas wrote that he spent a week with the Marubo tribe. The lawsuit says that while he was invited for a week, he spent less than 48 hours in the village, “barely enough time to observe, understand, or respectfully engage with the community”.

The lawsuit was first reported by Courthouse News.

The plaintiffs also include the community leader Enoque Marubo and Brazilian journalist and sociologist Flora Dutra, both of whom appeared in the story.

Both were instrumental in bringing the tribe the internet connection, which they said has had many positive effects including facilitating emergency medicine and the education of children.

They cited the TMZ video, which shows them setting up antennas for the connection, as creating the “unmistakable impression” that the two “had introduced harmful, sexually explicit material into the community and facilitated the alleged moral and social decay”.

The lawsuit seeks at least $180m, including both general and punitive damages, from each of the defendants.

“The fallout from the publication was not limited to public perception,” the suit says, “it destroyed lives, institutions, and culturally significant projects.”

European and North American cybercrime investigators say they have dismantled the heart of a malware operation directed by Russian criminals after a global operation involving British, Canadian, Danish, Dutch, French, German and US police.

International arrest warrants have been issued for 20 suspects, most of them living in Russia, by European investigators while indictments were unsealed in the US against 16 individuals.

Those charged include the alleged leaders of the Qakbot and Danabot malware operations, including Rustam Rafailevich Gallyamov, 48, who lives in Moscow and Aleksandr Stepanov, 39, AKA JimmBee and Artem Aleksandrovich Kalinkin, 34, AKA Onix, both of Novosibirsk, Russia, the US Department of Justice said.

Cyber-attacks aimed at destabilising governments or simple theft and blackmail are becoming increasingly pernicious. The high-street retailer Marks & Spencer is one of the most high-profile and recent victims in the UK this month.

The Europeans led by the German crime agency, Bundeskriminalamt (BKA) released public appeals in its attempts to track down 18 suspects believed to be involved in the Qakbot malware family along with a third malware known as Trickbot.

BKA and its international counterparts said the majority of the suspects were Russian citizens. The Russian national Vitalii Nikolayevich Kovalev36, already wanted in the US, is one of BKA’s most wanted.

He is allegedly behind Conti, considered to be the most professional and best-organised ransomware blackmail group in the world with Kovalev described as one of the “most successful blackmailers in the history of cybercrime” by German investigators.

Using the pseudonyms Stern and Ben, BKA allege he is claimed to have attacked hundreds of companies worldwide and extracted large ransom payments from them.

Kovolev, 36, from Volgorod, is believed to be living in Moscow, where several firms are registered in his name. He was identified by US investigators in 2023 as having been a member of Trickbot.

Investigators now also believe he was at the helm of Conti and other blackmail groups, such as Royal and Blacksuit (founded in 2022). His own cryptowallet is said to be worth about €1bn.

BKA said, along with international partners, of the 37 perpetrators they identified they had enough evidence to issue 20 arrest warrants.

The US attorney’s office in California at the same time unsealed the details of charges against 16 defendants who allegedly “developed and deployed the DanaBot malware”.

The criminal infiltrations into victims’ computers were “controlled and deployed” by a Russia-based cybercrime organisation that has infected more than 300,000 computers around the world particularly in the US, Australia, Poland, India and Italy.

It was advertised on Russian-language criminal forums and also had an “espionage variant used to target military, diplomatic, government and non-governmental organisations” the indictment states.

“For this variant, separate servers were established, such that data stolen from these victims was ultimately stored in the Russian federation.”

Also on the Europe most-wanted list as a result of the German operation is a 36-year-old Russian-speaking Ukrainian, Roman Mikhailovich Prokop, a suspected member of Qakbot, according to BKA.

Operation Endgame was instigated by the German authorities in 2022. The BKA president, Holger Münch, said Germany was a particular focus of cybercriminals.

BKA in particular is investigating the suspected perpetrators’ involvement in gang-related activities and commercial extortion as well as membership of an overseas-based criminal organisation.

Between 2010 and 2022 the Conti group focused specifically on US hospitals, increasing its attacks during the Covid pandemic. US authorities had offered a $10m reward to anyone who would lead them to its figureheads.

Most suspects are operating in Russia, some also in Dubai. Their extradition to Europe or the US was unlikely, Münch said, but their identification was significant and damaging to them.

“With Operation Endgame 2.0, we have once again demonstrated that our strategies work – even in the supposedly anonymous darknet.”