“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues.
For a journalist, nothing is more important than visiting the field in person. I had the chance to do just that last week at a cyber exercise hosted by the British military in South Korea. The event brought together cyber specialists from 27 countries, offering a chance to strengthen cyber capabilities across sectors and borders. More details are in the first story.
Laurent Garrigues takes a deep dive into the European Union’s Digital Operational Resilience Act (DORA), helping our international readers understand the latest regulations shaping the global economy. Additionally, the United States and South Korea made key announcements, including the indictment of 10 Chinese nationals linked to i-Soon. I’ve also included an article from last year by Sylvie Truong, a past contributor to The Readable known for her sharp analytical eye on this issue.
Next week, The Readable will cover the Billington Cyber Security Summit in Washington, D.C.
This is Dain Oh reporting from South Korea, and here is your weekend briefing.
1. UK builds army of the future through ‘Defence Cyber Marvel’
Goyang, South Korea ― Defence Cyber Marvel 4 — Last week, soldiers from 27 countries simultaneously logged into a simulated world designed to mirror real-world societal structures, threats, and media environments. Divided into teams, the warriors competed to test their cyber capabilities in an international exercise led by the United Kingdom’s Ministry of Defence. The event took place Feb. 24-28 in Goyang, a satellite city of Seoul.
The Defence Cyber Marvel (DCM), organized by the British Army Cyber Association, began as a domestic training event in 2022 before expanding internationally the following year. As an annual competition, DCM brings together teams from government agencies, defense, and industry partners to compete their ability to counter cyberattacks against allied forces in real-world scenarios. While last year’s exercise included participants from 17 countries, this year’s DCM4 featured 36 teams from 27 countries, with more than 1,000 personnel taking part. The Readable visited the exercise and spoke with participants on site.
“DCM4 is a key pillar of the UK’s multilateral approach to cyber cooperation, enhancing understanding of cyber threats and strengthening national defense capabilities,” the U.K. government wrote in a statement. READ MORE
2. The Digital Operational Resilience Act (DORA): Strengthening cybersecurity in the European financial sector and beyond
On Jan. 17, 2025, the European Union’s Digital Operational Resilience Act (DORA) took effect, marking a significant shift in the cybersecurity landscape for the financial sector. Designed to strengthen cyber resilience, DORA imposes strict regulations requiring financial institutions and their critical third-party service providers to implement robust cybersecurity measures.
In effect, DORA requires financial entities across the EU to develop comprehensive information and communications technology (ICT) risk management frameworks, conduct regular resilience testing, and report significant cyber incidents to regulators. The regulation aims to harmonize financial cybersecurity standards across EU member states, ensuring that banks, insurance firms, and emerging crypto-asset service providers can withstand and recover from operational disruptions.
The European Insurance and Occupational Pensions Authority (EIOPA) announced that DORA aims to “strengthen the IT security of financial entities,” making the EU’s financial sector more resilient to serious operational challenges. Adding to this, the European Union Agency for Cybersecurity (ENISA) emphasized that DORA is now binding for all financial institutions, highlighting the regulation’s immediate and widespread impact. READ MORE
3. South Korean spy agency warns of North Korean cyberattacks on software supply chains
South Korea’s National Intelligence Service (NIS) has recently detected advanced hacking attempts by North Korean cyber groups targeting critical government agencies and high-tech enterprises to steal confidential data and core technologies. In response, the NIS has urged affected industries to strengthen their cybersecurity measures.
According to a press release on Tuesday, North Korean hacking groups primarily use three key attack methods to infiltrate software supply chains: breaching IT service providers to bypass security measures of government agencies and corporations, exploiting vulnerabilities in IT solutions and software, and taking advantage of security mismanagement in organizations and businesses. These tactics enable unauthorized access to sensitive information, resulting in major security breaches.
A notable example of this attack methodology occurred in October 2024 when a North Korean cyber group hacked the email account of an employee at Company A, an IT maintenance provider for a local government network. The attackers extracted stored login credentials from the email and used them to gain unauthorized remote access to the local government’s network management server. Their goal was to steal administrative documents, but the intrusion was detected and blocked before data could be exfiltrated. READ MORE
4. U.S. charges 10 Chinese nationals for large-scale cyberattacks on behalf of China – US Justice Department
On Mar. 4, 2025, the U.S. Department of Justice announced charges against 10 Chinese nationals for their roles in extensive hacking operations targeting U.S. and international entities on behalf of the Chinese government. Eight of the defendants worked for i-Soon, a Chinese company that carried out cyberattacks under government direction. The remaining two managed infrastructure and provided logistical support for the operations.
The indictment reveals that from 2009 to 2022, the defendants carried out cyber intrusions across multiple sectors, including aviation, defense, education, government, healthcare, biopharmaceuticals, and maritime industries. Their activities involved stealing sensitive data, intellectual property, and confidential business information, undermining the security and competitiveness of targeted organizations.
The defendants face multiple charges, including conspiracy to commit computer intrusion, conspiracy to commit economic espionage, and aggravated identity theft. If convicted, they face significant penalties and could receive lengthy prison sentences. The case highlights the U.S. government’s commitment to countering state-sponsored cyber threats and protecting national security.
- Related articles: The I-Soon data leak, Chinese APTs, and implications for Southeast Asia – The Readable (Feb. 29, 2024)
5. OFAC sanctions Iran-based darknet market administrator for facilitating fentanyl sales – Chainalysis
On Mar. 4, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Behrouz Parsarad, an Iran-based administrator of the darknet marketplace Nemesis, for facilitating the global sale of fentanyl and other illicit drugs, including in the United States. The designation covers 44 Bitcoin addresses and five Monero addresses linked to Parsarad.
Established in 2021, Nemesis served over 30,000 active users and 1,000 vendors before its servers were seized in March 2024 by U.S., German, and Lithuanian authorities. The platform facilitated nearly $30 million in drug sales, including fentanyl, and offered services such as false identification documents and professional hacking.
Parsarad’s on-chain activity shows transactions exceeding $1.6 million, with links to other darknet markets, including ASAP Market, Incognito Market, and Next Generation. Notably, he avoided on-chain exposure to Iranian services, likely due to Iran’s severe penalties for drug-related offenses. The designation underscores OFAC’s commitment to disrupting the global fentanyl trade and highlights the growing scope of illicit on-chain activities linked to Iran.
