“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.
It has been a bizarre week in South Korea since President Yoon Suk-yeol unexpectedly declared martial law. As the National Assembly prepares to vote on his impeachment on Saturday, the fallout from the president’s controversial decision is becoming clear, including international travel alerts and a sharp decline in the stock market.
Kim Byoung-hwan, chairman of the Financial Services Commission, issued a directive to strengthen preparedness for potential cybersecurity incidents in the financial sector, citing heightened market volatility following the declaration and subsequent lifting of martial law. He stressed the need for robust internal controls to prevent financial mishaps, hacking, and data breaches, and called for a comprehensive review of IT security systems across the industry.
Despite the political turbulence, people are doing what they can in their current circumstances. I believe this resilience is what keeps the nation moving forward. In that spirit, The Readable focused on what we do best this week: reporting on cybersecurity news.
This is Dain Oh reporting from South Korea, and here is your weekend briefing.
1. Russian hackers exploit rival group’s systems to spy on Afghanistan and India – The Readable
In a bold display of cyberespionage, a prolific Russian hacking group has been spotted infiltrating and hijacking the systems of a rival Pakistani cyber collective.
The revelations, detailed in a report released Wednesday by Lumen’s Black Lotus Labs, highlight a campaign spanning more than two years carried out by Turla—also known as Secret Blizzard, as named by Lumen—a well-known Russia-aligned hacker group likely linked to Moscow’s Federal Security Service, or FSB.
The strategy allowed Secret Blizzard to steal information, deploy their own malware, and use the rival Pakistani malware for intelligence gathering—all while evading detection. It marks the fourth recorded instance of the group embedding themselves in another cyber gang’s operations since 2019, according to Lumen.
The report states that Secret Blizzard began infiltrating the Pakistan-aligned entity, known as Storm-0156, in late 2022. The Russian operatives breached servers managing the Pakistani group’s malware infections, using them as springboards to target Afghan and government organizations in 2023. READ MORE
2. Chinese hackers stole large amounts of Americans’ phone data from eight telecoms, officials say – NBC News
A Chinese hacking campaign targeting U.S. telecommunications companies has compromised the texts and calls of American citizens on a far larger scale than previously disclosed, according to White House cyber official Anne Neuberger. At least eight major telecom providers, including AT&T, Verizon, and Lumen Technologies, were breached, with hackers gaining access to sensitive data such as call records and systems linked to law enforcement operations. Dubbed “Salt Typhoon” by Microsoft, the campaign has impacted dozens of countries worldwide and is seen by the U.S. as a significant escalation in China’s cyberespionage activities over the past two years.
The hackers remain entrenched in the systems of affected companies, and Neuberger warned of ongoing risks until these cybersecurity vulnerabilities are resolved. Notably, the attackers appeared to focus on individuals in the Washington, D.C., area, potentially targeting high-profile figures and organizations for more invasive surveillance. While the FBI is working to notify those directly impacted, it does not plan to inform all Americans whose data may have been compromised.
China has denied the allegations, dismissing them as baseless, while U.S. agencies and allies have issued guidelines to help telecom companies bolster defenses against such threats. Despite years of warnings about China’s focus on telecommunications, this campaign highlights the sophistication and persistence of cyberattacks targeting critical infrastructure, leaving U.S. communications networks exposed to significant vulnerabilities.
3. Chinese lidar sensors pose hacking risk to US defense equipment, report says – Reuters
A report from the Foundation for Defense of Democracies warns that Chinese-made lidar sensors present a serious cybersecurity threat to U.S. military and critical infrastructure. Lidar sensors, which use lasers to create 3D maps, are widely deployed in automotive and industrial applications, including ports and autonomous military vehicles. The report emphasizes that these sensors, often internet-connected and equipped with advanced processors, could be compromised through hidden malware or hardware backdoors. Such vulnerabilities could be exploited by the Chinese government, which can compel companies to comply with state security directives. The report also cautions that satellite-based attacks could disable these sensors, potentially endangering U.S. operations.
The think tank is urging U.S. lawmakers to ban the use of Chinese lidar technology in defense and critical infrastructure, arguing that the long-term risks of sabotage and surveillance far outweigh any short-term cost savings. The report also calls for collaboration with allies, including Germany, Canada, South Korea, Israel, and Japan, to develop a secure and diversified supply chain for lidar systems. Prominent non-Chinese lidar suppliers, such as Valeo, Luminar Technologies, and Aeva Technologies, are highlighted as viable alternatives.
China’s expanding presence in the lidar industry, including companies like Hesai Group, has raised additional concerns. The U.S. Department of Defense recently signaled plans to relist Hesai as a company with ties to the Chinese military. This move is part of broader efforts to reduce reliance on Chinese technology in sensitive applications.
4. Operation Destabilise: NCA disrupts $multi-billion Russian money laundering networks with links to, drugs, ransomware and espionage, resulting in 84 arrests – UK’s National Crime Agency
Operation Destabilise, a global investigation led by the UK’s National Crime Agency (NCA), has disrupted Russian money laundering networks that support organized crime worldwide. Two major groups, Smart and TGR, were identified as central to laundering billions for criminal syndicates, Russian elites, and cybercriminals. These networks facilitated financial crimes across 30 countries, enabling drug cartels, bypassing sanctions, and laundering ransomware payments. The operation uncovered their use of cryptocurrency to obscure funds, allowing reinvestment in criminal activities and posing a threat to global economic stability.
The investigation led to significant outcomes, including 84 arrests, the seizure of more than £20 million in assets, and U.S. sanctions on key players within the networks. High-profile figures, such as Ekaterina Zhdanova of Smart and George Rossi of TGR, were linked to laundering cash and cryptocurrency for drug trafficking, ransomware operations, and Russian espionage. The networks also facilitated transactions for sanctioned entities and supported Russian efforts in Ukraine. Their operations often exploited low commission rates to move vast sums, further enabling serious crimes.
This multi-agency effort, involving partners such as OFAC, the FBI, and European law enforcement, has significantly disrupted the networks’ activities, particularly in the UK. Increased collaboration and enforcement pressure have made London a less viable hub for laundering operations. Officials emphasized the significance of this crackdown, noting its impact on global organized crime and stressing the importance of continued international cooperation to combat illicit finance.
5. 2025 Predictions Report – Armis
Here’s a summary of the critical points:
Increased Sophistication of Threats: The report predicts a rise in AI-driven cyberattacks, including malware with adaptive behaviors and targeted ransomware attacks on critical infrastructure and healthcare. The weaponization of IoT devices and state-sponsored cyber warfare will escalate, threatening both civilian and military assets. These trends highlight the growing complexity of cyber threats, underscoring the need for advanced and integrated defensive strategies.
Unified Cybersecurity Platforms: Organizations will increasingly adopt comprehensive security solutions to address fragmented systems and streamline threat management. Unified platforms that integrate AI-driven threat detection, real-time monitoring, and vulnerability management will become central, offering cost-effective, holistic security across IT, OT, and IoT environments. The focus will shift from reactive to proactive strategies, prioritizing resilience and rapid incident recovery.
Regulatory Pressures and Collaboration: As global regulations tighten, particularly in healthcare, manufacturing, and infrastructure, organizations will need to enhance compliance measures. The report emphasizes the importance of collaboration between governments, the private sector, and security vendors to tackle the growing complexity of cyber threats. Public-private partnerships, intelligence sharing, and the adoption of standardized frameworks will be crucial in mitigating risks and protecting critical infrastructure.
Editor’s note: The summaries of each article were created by ChatGPT 4o and reviewed by Dain Oh.
