“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues.
1. Feature: Agony from crypto hacks
Bybit, one of the world’s largest cryptocurrency exchanges, has been hit by a massive hack resulting in the theft of $1.5 billion in digital assets, primarily Ethereum. The breach occurred when an attacker exploited security vulnerabilities during a routine transfer from Bybit’s offline cold wallet to a warm wallet. While all other wallets remain secure, the incident has sparked a surge in withdrawal requests from concerned users.
Bybit is working with law enforcement and blockchain experts to recover the stolen assets while warning users about scammers posing as exchange officials. The company has also enlisted top cybersecurity experts and crypto analysts to aid in the recovery effort, offering a 10% reward for retrieved funds—potentially up to $140 million. Meanwhile, Bybit CEO Ben Zhou assured customers that their assets are fully backed and that the company remains solvent, having secured a bridge loan to cover any potential losses.
Blockchain analysis firms, including Elliptic and Arkham Intelligence, have been tracking the stolen funds as they were quickly moved across multiple wallets and liquidated through various platforms. While the hacker’s identity remains unconfirmed, analysts have linked the attack to North Korea’s Lazarus Group, a notorious state-sponsored cybercriminal organization. The group has a history of targeting cryptocurrency platforms to fund North Korea’s regime, using sophisticated laundering techniques to obscure stolen assets. READ MORE
- FBI attributed Bybit crypto theft to North Korea – READ ORIGINAL STATEMENT
2. Belgian prosecutor probes alleged Chinese hacking of intelligence service – Reuters
Belgium’s federal prosecutor has launched an investigation into an alleged Chinese cyberattack on the country’s intelligence agency, the VSSE, in November 2023. The probe follows a report by Belgian newspaper Le Soir, which revealed that hackers linked to Chinese espionage had exploited a breach in an American cybersecurity company for two years, gaining access to 10% of the Belgian intelligence service’s emails.
While classified information remained secure, personal data for nearly half of the VSSE’s personnel may have been exposed.
The prosecutor confirmed receiving a formal complaint from the VSSE but said the investigation is still in its early stages, with no further details available. The Belgian intelligence service declined to comment, while China’s embassy in Belgium has yet to respond to the allegations.
3. U.S. soldier charged in AT&T hack searched “Can hacking be treason” – Krebs on Security
U.S. Army soldier Cameron John Wagenius has pleaded guilty to leaking confidential phone records of high-ranking officials, exposing a major security breach. If convicted, Wagenius faces a maximum sentence of 20 years in prison and substantial fines.
As a communications specialist in South Korea, Wagenius operated under the alias “Kiberphant0m” and worked with cybercriminals to extort companies by stealing sensitive data. His possession of more than 17,000 identity-related files underscores the severity of his offenses.
Authorities revealed that Wagenius searched online for non-extradition countries and inquired about whether hacking constitutes treason, suggesting a potential attempt to evade justice. Prosecutors argued that he poses a flight risk, citing evidence that he tried to sell stolen information to a foreign military intelligence service.
His crimes were part of a broader hacking campaign targeting cloud storage vulnerabilities, affecting major corporations, including AT&T, which reportedly paid a $370,000 ransom to prevent further leaks.
Wagenius’s co-conspirators—John Erin Binns and Connor Riley Moucka—are facing U.S. indictments for multiple cyber-related offenses. Binns, previously charged with hacking T-Mobile, was arrested in Turkey after attempting to seek Russian citizenship. Moucka was apprehended in Canada in connection with the extortion scheme.
4. Dragos 2025 OT/ICS Cybersecurity Report – Dragos
The Dragos 2025 OT Cybersecurity Report highlights the increasing complexity and severity of cyber threats targeting Operational Technology (OT) and Industrial Control Systems (ICS).
In 2024, adversaries ranging from state-sponsored actors to hacktivists and ransomware operators showed a growing focus on OT environments. The report notes that cyber operations tied to geopolitical conflicts—such as the Ukraine-Russia war and tensions in Asia and the Middle East—led to a rise in attacks on industrial infrastructure. Dragos identified two new threat groups—GRAPHITE and BAUXITE—alongside established groups like KAMACITE and ELECTRUM, which continue to target critical industries such as energy, manufacturing, and telecommunications. ICS-focused malware, including Fuxnet and FrostyGoop, was deployed in politically motivated attacks, causing operational disruptions in Russia and Ukraine.
Ransomware attacks surged, affecting 1,693 industrial organizations, with the manufacturing sector remaining the top target. Ransomware operators increasingly exploited vulnerabilities in remote services and VPN appliances to gain initial access. New actors, such as CyberVolk, blurred the lines between hacktivism and cybercrime by launching ransomware-as-a-service (RaaS). Meanwhile, legacy vulnerabilities and poor cybersecurity hygiene continued to expose industrial environments to significant risks. Dragos emphasized that many OT vulnerabilities remain deep within networks, making detection and mitigation more challenging. The “Now, Next, Never” framework was introduced to help organizations prioritize vulnerability management more effectively.
The report underscores the importance of network security monitoring, strict access controls, and proactive risk management as key defensive measures. Despite progress in OT security, gaps in visibility and preparedness remain, particularly in less-regulated industries. As cyber threats evolve, defenders must strengthen their incident response capabilities, secure OT architectures, and enforce basic cybersecurity measures to mitigate growing risks in industrial environments. READ ORIGINAL REPORT
5. South Korean researcher sheds light on cloud-based financial software security – The Readable
A groundbreaking study on cloud security has been published in Computer Standards & Interfaces, an SCIE-indexed journal. Authored by Daemin Shin, a senior researcher at the Financial Security Institute (FSI), the paper outlines strategies for financial institutions to strengthen cloud security while maintaining efficiency in software development and operations.
Titled “Enhancing Cloud-Native DevSecOps: A Zero Trust Approach for the Financial Sector,” the paper introduces a new security framework that integrates DevSecOps—combining software development (Dev), security (Sec), and operations (Ops)—with Zero Trust, a model that continuously verifies users and devices rather than assuming trust in cloud environments. READ MORE
Editor’s note: The summaries of articles were initially created by ChatGPT-4o and edited by Dain Oh.
