“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.
In February 2018, as I began my second year as a cybersecurity reporter, I wrote a story about the term “ransomware.” The word had gained global attention following the notorious WannaCry ransomware attack the previous year. In response to the heightened awareness, Oxford added “ransomware” to its dictionary, which was the focus of my story at the time.
More than six years have passed since that article was published, but ransomware continues to inflict persistent and devastating damage. This week, South Korea revealed that its drone technology had been compromised in ransomware attacks targeting smaller firms with weaker cybersecurity defenses. Meanwhile, across the globe in Mexico, the government is investigating a reported ransomware attack on its presidential legal affairs office.
There is also some good news. A Russian national accused of running a ransomware-as-a-service operation was extradited from South Korea and is now in U.S. custody, facing criminal charges. David DiMolfetta reviewed the indictment, detailing how the U.S. Justice Department is addressing these crimes and the impact the Phobos ransomware has had on its victims.
This is Dain Oh reporting from South Korea, and here is your weekend briefing.
1. Critical drone technology compromised in ransomware attack, South Korean intelligence agency investigates
A ransomware attack has targeted South Korean drone companies, compromising sensitive technologies, according to the National Intelligence Service (NIS). The breach impacted a research institute working on military projects, including the development of unmanned aerial vehicle (UAV) components. Attackers used phishing emails disguised as official messages to infiltrate smaller firms with weaker cybersecurity defenses. While major defense contractors like LIG Nex1 and Hanwha Systems successfully blocked the attack, smaller companies suffered significant breaches. The NIS is investigating the origins of the incident. READ MORE
2. Mexico’s president says government is investigating reported ransomware hack of legal affairs office
The Mexican government is investigating a reported ransomware attack on its presidential legal affairs office. The hacking group Ransomhub claims to have stolen 313 gigabytes of sensitive files, including personal data from a government employee database. The group is allegedly demanding a ransom within 10 days to avoid publicly releasing the information. Leaked samples reportedly include contracts, insurance records, and financial documents. READ MORE
3. Alleged Phobos ransomware coordinator extradited to U.S. from South Korea
A Russian national accused of masterminding a notorious ransomware-as-a-service operation has been extradited from South Korea and is now in American custody facing criminal charges for his cybercrime activities, the United States Department of Justice announced Monday.
Evgenii Ptitsyn was extradited by South Korean authorities and appeared in a U.S. court in Maryland on Nov. 4. He faces 13 charges related to the sale, operation, and distribution of the Phobos ransomware service, the Department of Justice said.
The indictment against Ptitsyn includes charges of wire fraud, conspiracy to commit wire and computer fraud, four counts of hacking-related extortion, and four counts of intentionally damaging protected computers. READ MORE
4. US charges five in ‘Scattered Spider’ hacking scheme
U.S. prosecutors have charged five alleged members of the hacking group Scattered Spider, accused of targeting dozens of companies and individuals across industries such as gaming, telecommunications, and cryptocurrency. The suspects, who were in their teens or early 20s at the time, are accused of using phishing attacks to steal login credentials and millions of dollars in cryptocurrency between 2021 and 2023. Victims include at least 12 major corporations and hundreds of thousands of individuals, though specific names have not been disclosed. READ MORE
5. Library of Congress email systems hacked earlier this year by ‘foreign adversary’
The Library of Congress experienced a major cyber breach from January to September 2024, reportedly orchestrated by a foreign adversary. Hackers accessed email communications between Library staff and Congressional offices, possibly to gain insights into legislative inquiries and lawmakers’ responses. Both Republican and Democratic offices were informed, and the U.S. Capitol Police referred the matter to the FBI, which is investigating in coordination with the Library’s internal team. READ MORE
6. Deepfake extortion: A growing threat targeting male politicians in South Korea
A new wave of deepfake-based extortion is targeting male local council members in major South Korean cities, including Seoul, Busan, and Daegu. Criminals are using artificial intelligence technology to superimpose victims’ faces onto explicit images, then emailing these doctored photos to demand about $50,000 in cryptocurrency to keep them private. READ MORE
7. South Korea’s judiciary boosts cybersecurity budget following major hacking and DDoS attacks
The South Korean judiciary has significantly boosted its cybersecurity budget for 2024 following major cyberattacks, including incidents linked to North Korea’s Lazarus hacking group and a large-scale DDoS (Distributed Denial of Service) attack. The proposed budget totals 141.5 billion won (approximately $106 million), a 43.56% increase from this year’s 98.5 billion won (approximately $73 million). Key allocations include 98.36 billion won (approximately $73.6 million) for upgraded security equipment and antivirus software—a 58% rise—and 2.32 billion won (approximately $1.74 million) for an Intelligent Security Operations System (ISP) to bolster defenses against hacking and malware. READ MORE
8. Indian and Nigerian leaders pledge stronger security ties and support for Global South
During Indian Prime Minister Narendra Modi’s first visit to Nigeria, he and Nigerian President Bola Tinubu pledged to strengthen cooperation in maritime security, counterterrorism, and intelligence sharing, with a focus on threats in the Indian Ocean and the piracy-prone Gulf of Guinea. Both leaders emphasized their commitment to advancing the priorities of the Global South, a coalition of mainly developing nations, including Nigeria and India, that advocates for equitable global representation. READ MORE