Cybersecurity

Moscow is accused of running sabotage and espionage operations across Europe, targeting nations supporting Ukraine.

Authorities in Poland have arrested eight individuals across the country on suspicion of espionage and sabotage.

In a brief statement on social media, Polish Prime Minister Donald Tusk said on Tuesday that the case is developing and that “further operational activities are ongoing” without providing further details.

The detentions come amid accusations that Russia is operating a network of spies and saboteurs across Europe.

Referring to the prime minister’s post, the coordinator of Poland’s special services, Tomasz Siemoniak, said that the detained people are suspected of engaging in espionage and planning attacks.

They were arrested due to “conducting reconnaissance of military facilities and critical infrastructure, preparing resources for sabotage, and directly carrying out attacks”, he said.

While Warsaw has not directly linked the arrests, officials have said previously that Poland has been targeted with such attacks in a “hybrid war” waged by Russia to destabilise nations supporting Ukraine.

Several other European countries have also pointed the finger at Moscow as they have suffered similar attacks since Russia launched its full-scale invasion of Ukraine in February 2022.

Polish authorities have detained dozens of people over suspected sabotage and espionage over the past three years or so.

Moscow denies the accusations, insisting that they are the result of “Russophobia”.

In May last year, Polish authorities arrested three men for an arson attack. In September, Lithuanian prosecutors broke up a network that they said planned arson and explosive attacks in several European Union states.

The same month, Latvia’s security service announced the detention of a man suspected of passing military intelligence to Russia, and British police arrested three people suspected of running sabotage and espionage operations for Russia.

The United Kingdom has also repeatedly accused Russia of orchestrating sabotage and spy operations on its soil and beyond. The Kremlin has accused London of blaming Moscow for “anything bad that happens”.

Drones increasing concern

This autumn, drone incursions have added to the European security concerns, with Belgium, Denmark and Germany among several countries reporting sightings.

The incursions provoked airport closures in both Germany and Denmark.

“We are at the beginning of a hybrid war against Europe,” Danish Prime Minister Mette Frederiksen said. “I think we are going to see more of it … We see the pattern, and it does not look good,” she added.

Tusk pledged to urgently upgrade Poland’s air defences after NATO forces shot down several drones over his country last month.

The European Union, recognising the inefficiency of using multimillion-euro weapons to battle cheap drones, has reacted to the incursions with proposals to develop a “drone wall” on its eastern borders.

The judge ruled NSO caused ‘irreparable harm’ to Meta, but said an earlier award of $168m in damages was ‘excessive’.

A United States judge has granted an injunction barring Israeli spyware maker the NSO Group from targeting WhatsApp users, saying the firm’s software causes “direct harm” but slashed an earlier damages award of $168m to just $4m.

In a ruling on Friday granting WhatsApp owner Meta an injunction to stop NSO’s spyware from being used in the messaging service, district judge Phyllis Hamilton said the Israeli firm’s “conduct causes irreparable harm”, adding that there was “no dispute that the conduct is ongoing”.

Hamilton said NSO’s conduct “serves to defeat” one of the key purposes of the service offered by WhatsApp: privacy.

“Part of what companies such as WhatsApp are ‘selling’ is informational privacy, and any unauthorised access is an interference with that sale,” she said.

In her ruling, Hamilton said that evidence at trial showed that NSO reverse-engineered WhatsApp code to stealthily install its spyware Pegasus on users’ phones, and repeatedly redesigned it to escape detection and bypass security fixes.

NSO was founded in 2010 and is based in the Israeli seaside tech hub of Herzliya, near Tel Aviv.

Pegasus – a highly invasive software marketed as a tool for law enforcement to fight crime and terrorism – allows operators to remotely embed spyware in devices.

NSO says it only sells the spyware to vetted and legitimate government law enforcement and intelligence agencies. But Meta, which owns WhatsApp, filed a lawsuit in California federal court in late 2019, accusing NSO of exploiting its encrypted messaging service to target journalists, lawyers and human rights activists with its spyware.

Independent experts have also said NSO’s software has been used by nation states, some with poor human rights records, to target critics.

Judge Hamilton said her broad injunction was appropriate given NSO’s “multiple design-arounds” to infect WhatsApp users – including missed phone calls and “zero-click” attacks – as well as the “covert nature” of the firm’s work more generally.

Will Cathcart, the head of WhatsApp, said in a statement that the “ruling bans spyware maker NSO from ever targeting WhatsApp and our global users again”.

“We applaud this decision that comes after six years of litigation to hold NSO accountable for targeting members of civil society. It sets an important precedent that there are serious consequences to attacking an American company,” he said.

Meta had asked Hamilton to extend the injunction to its other products – including Facebook, Instagram and Threads – but the judge ruled there was no way for her to determine if similar harms were being done on the other platforms without more evidence.

Hamilton also ruled that an initial award of $168m against NSO for damages to Meta in May this year was excessive, determining that the court did not have “sufficient basis” to support the jury’s initial calculation.

“There have simply not yet been enough cases involving unlawful electronic surveillance in the smartphone era for the court to be able to conclude that defendants’ conduct was ‘particularly egregious’,” Hamilton wrote.

The judge ruled that the punitive damages ratio should therefore be “capped at 9/1”, reducing the initial sum by about $164m to just $4m.

Moldova’s ruling pro-West governing party won a majority in the country’s tense Sunday elections, beating pro-Russian parties by a wide margin amid reported attempts to violently disrupt the vote and allegations of interference by Russia.

Results from more than 99 percent of the polling stations counted by Monday noon showed the Party of Action and Solidarity (PAS) clearly in the lead, despite analysis and opinion polls before the vote suggesting that pro-Russian parties would come close and possibly upset the ruling party’s parliamentary majority.

The small country is located between Ukraine and Romania. One of Europe’s poorest states, it was part of the Soviet Republic until 1991. The breakaway, semi-autonomous region of Transnistria, which lies along the border with Ukraine, has traditionally supported ties with Russia.

As a result, in recent years, Moldova has emerged as a battleground for influence between Russia and the West.

In a September 9 speech at the European Parliament, Moldovan President Maia Sandu, founder of PAS, declared that this election would be “the most consequential” in the country’s history.

For Moldovans, the elections represented a crucial turning point. The small country with Russia’s war in Ukraine on its doorstep could either continue on its current path towards European Union membership, or it could fall back into the old fold of Russian influence.

Ultimately, despite reports of pro-Russian groups threatening violence, with at least three people arrested in Moldova, and several bomb scares reported at polling booths abroad, the Moldovan diaspora played a key role in delivering a pro-EU victory.

What was the outcome of Moldova’s election?

Nearly all votes cast at polling stations had been counted by Monday. Some 1.6 million people cast their votes, making about 52.2 percent of eligible voters, which is higher than in previous elections.

The ruling pro-EU PAS, led by parliament president and PAS cofounder, Igor Grosu, won 50.16 percent of the vote and about 55 of the 101 seats in parliament, translating to a comfortable majority government, according to the country’s election agency.

The current prime minister, Dorin Recean, appointed by Sandu in February 2023, is expected to retain his position.

The pro-Russian Patriotic Electoral Bloc (BEP), an alliance of four parties led by former president and Russian ally Igor Dodon, came in a far second with 24.19 percent of the vote. The party won 26 seats in parliament. Two parties within the bloc, Heart of Moldova and Moldova Mare, were banned from participating in the election amid allegations they had received illicit funding from Russia.

In third place was the Alternative Party, which is also pro-EU with 7.97 percent of the vote, securing eight parliamentary seats.

Our Party, a populist group, and the conservative Democracy at Home party, respectively, won just more than 6 percent and 5 percent of the vote. That allowed them entry into parliament for the first time with 6 seats each.

What had polls predicted?

Opinion polls had suggested a much tighter race between the ruling PAS and the BEP, which was predicted to come a close second. That scenario would have disrupted PAS’s present control of parliament, potentially forcing it into an uncomfortable coalition with the BEP, and slowing down pro-EU reforms.

Before the Sunday polls, politicians and their supporters on both sides of the debate campaigned intensely on the streets and on TV, but also on online platforms such as TikTok, in an attempt to reach young people who make up about a quarter of the population.

What were the key issues?

EU accession was the single most important issue on the ballot this election. Under President Sandu, Moldova applied to join the EU in early 2022, just after Russia’s February invasion of Ukraine. Chisinau’s goal, alongside a better economy, has been to obtain security guarantees like its neighbour, Romania, which is a member of the EU and of the North Atlantic Treaty Alliance (NATO).

In July 2022, the EU granted Moldova – as well as Ukraine – candidate status, on the condition that democracy, human and minority rights, and rule of law reforms are made. European Commission President Ursula von der Leyen at the time declared that the future of Moldova was in the EU.

However, while President Sandu’s PAS is eager to achieve Moldova’s EU membership by 2028 when her term expires, she has accused Moscow of attempting to scupper this plan in order to continue wielding influence over a country it once controlled.

Russia has considerable support in Moldova, and backs a breakaway, autonomous enclave – Transnistria, located along its border with Ukraine. About 1,500 Russian troops are present there, and the enclave’s government has requested Russian annexation several times.

In a referendum vote last October, just more than 50 percent of Moldovans voted “yes” to joining the EU, a tight margin of victory that was seen as a predictor of this week’s parliamentary elections.

At the time, President Sandu blamed “dirty interference” from Russia for her camp’s thin victory.

Did Russia interfere in these elections?

During the run-up to Moldova’s election, the authorities have repeatedly accused Moscow of conducting a “hybrid war” – offline and online – to help pro-Russian parties to win the vote. Moscow denies meddling in Moldovan politics.

Russia is specifically accused of being behind a widespread “voter-buying” operation – through which voters are bribed to vote for particular parties – and of launching cyberattacks on Moldovan government networks throughout the year.

The authorities have also claimed that Moscow illicitly funds pro-Russia political parties. Two pro-Russia parties – Heart of Moldova and Moldova Mare – were barred from the vote on Friday over allegations of illegal financing and vote buying.

According to researchers and online monitoring groups, Moldova was flooded with online disinformation and propaganda in the months leading up to the vote that attempted to tarnish PAS and raise doubts and concerns about the EU. Researchers found that these campaigns were powered by artificial intelligence (AI), with bots deployed in comment sections on social media or fake websites posting AI-generated content deriding the EU.

International security professor Stefan Wolff, from the University of Birmingham, told Al Jazeera that Russia had indeed tried to influence Sunday’s elections to bring Moldova back under its influence.

“There is very little doubt in my mind and quite convincing evidence that Russia has done basically two things: Tried to bribe Moldovans literally with cash to vote for anti-European parties, and it has exerted massive campaigns of disinformation about what a pro-European choice would mean,” he said.

Wolff added that Russia also attempted to “discredit” President Sandu and PAS’s parliamentary candidates. “This really was a massive Russian operation, but it also, I think, shows the limits of how far Russia can push its influence in the post-Soviet space,” he said.

Google, in a press statement last week, said it had noticed coordinated campaigns targeting the Moldovan elections on YouTube. “We have terminated more than 1,000 channels since June 2024 for being part of coordinated influence operations targeting Moldova.”

What other disruptions to the election were there?

Two brothers and a third man had been arrested in Chisinau on suspicion of planning riots during the election on Sunday, Moldovan police said. According to local media, the police found flammable material in the possession of the suspects.

Last week, police arrested 74 people during 250 raids of groups linked to alleged Russian plans to instigate riots during the vote. Authorities said the suspects, who were between 19 and 49, had “systematically travelled” to Serbia, where they received training for “disorder and destabilisation”.

How did the Moldovan diaspora vote?

Some 17.5 percent of the votes – 288,000 – were cast by Moldovans living abroad, mostly in Europe and the US.

Bomb scares were reported at polling units in Italy, Romania, Spain and the US. Some polling units in Moldova also reported similar scares. The elections agency did not break down how the diaspora voted.

Voters in the enclave of Transnistria – where many people hold dual citizenship with Russia – faced logistical challenges, as they had to travel to polling stations 20km (12 miles) outside Transnistria. Media reports noted long car queues at Moldovan checkpoints on Sunday morning.

Some pro-Russian voters from the enclave told reporters they had been sent back and forth between polling stations because of bomb scares.

How has PAS reacted to the election result?

Speaking to reporters at the PAS headquarters in Chisinau on Monday after the party’s win, PAS leader Grosu reiterated the allegations against Russia.

“It was not only PAS that won these elections, it was the people who won,” Grosu said.

“The Russian Federation threw into battle everything it had that was most vile – mountains of money, mountains of lies, mountains of illegalities. It used criminals to try to turn our entire country into a haven for crime. It filled everything with hatred.”

Prime Minister Dorin Recean also said Moldovans “demonstrated that their freedom is priceless and their freedom cannot be bought, their freedom cannot be influenced by Russia’s propaganda and scaremongering”.

“This is a huge win for the people of Moldova, considering the fully-fledged hybrid war that Russia waged in Moldova,” Recean added. “The major task right now is to bring back the society together, because what Russia achieved is to produce a lot of tension and division in society.”

Last November, Romania cancelled its own presidential elections after authorities alleged that Russian interference had helped a far-right leader win the polls. A second election was held in May this year, which was won by the centrist and pro-EU candidate Nicusor Dan.

What happens next?

The election result was immediately denied by BEP leader Dodon, who called for protests at the parliament building in Chisinau after claiming – without providing evidence – that PAS had meddled with the vote.

In an address on national TV late on Sunday before the results were declared, Dodon claimed his party had won the vote. He called on the PAS government to resign, and asked supporters to take to the streets.

“We will not allow destabilisation,” the politician said. “The citizens have voted. Their vote must be respected even if you don’t like it”.

On Monday, dozens of people gathered to protest the results. It is unclear if the politician will launch a legal challenge.

Meanwhile, President Sandu will now have to nominate a prime minister who will form a new government. Analysts say the president will likely opt for continuity with Prime Minister Recean, who is pro-EU and previously served as Sandu’s defence and security adviser.

Murdoch will be part of a group of US investors – including Trump allies – trying to take over TikTok’s US operations.

United States President Donald Trump has said media executive Lachlan Murdoch will join a group of American investors seeking to take control of TikTok’s operations in the United States.

In an interview on the Fox News programme Sunday Briefing, Trump said the proposed deal would transfer TikTok’s American assets from Chinese parent company ByteDance to US ownership. He described those involved as prominent people and “American patriots”.

“I think they’re going to do a really good job,” Trump said, adding that TikTok had helped him expand support among young voters during the 2024 election campaign.

One of the proposed investors – Larry Ellison, the co-founder of the tech firm Oracle – is a prominent Republican donor. Lachlan Murdoch’s father Rupert has backed right-wing causes and parties for decades, but has a complicated relationship with Trump, who is currently suing him.

The initiative would give Trump’s allies in corporate America influence over a platform with about 170 million US users, one of the most widely used apps shaping political and cultural debate.

Lachlan Murdoch, the chief executive of Fox Corp, recently consolidated control of his family’s media empire, which includes Fox News and the Wall Street Journal, after settling a long-running legal dispute with his siblings. Trump said the 94-year-old Rupert Murdoch may himself also be involved in the deal.

Murdoch’s media outlets attract right-leaning audiences, but they have occasionally clashed with Trump. The US president’s lawsuit against Rupert Murdoch and the Wall Street Journal is for defamation over a July report linking him to the late financier and convicted sex offender Jeffrey Epstein. The newspaper has defended its reporting.

Other business figures named by Trump include Dell Technologies CEO Michael Dell, who, along with Ellison, has previously been connected to discussions on TikTok’s future.

US law passed under the administration of former US President Joe Biden requires ByteDance to divest its TikTok operations, with both Democrats and Republicans supporting the legislation due to security concerns that Beijing could have access to American users’ data.

However, the spotlight on TikTok has also been linked to growing support for Palestinians and opposition to Israel among young Americans, with many pro-Israeli politicians blaming the popular app for the shifting tide.

Trump’s Secretary of State Marco Rubio called for a ban on TikTok soon after the beginning of Israel’s war on Gaza, calling the app biased towards anti-Israel content.

Trump had proposed to ban TikTok during his first term as US president, signing two executive orders in August 2020 that were aimed at restricting the app. However, the US president did a U-turn, pledging to “save” the popular app during his 2024 re-election campaign.

The Trump administration has since tied negotiations over TikTok to wider trade talks with China.

China has consistently denied claims by US lawmakers that Beijing pressures apps like TikTok to collect personal information for the state.

DEVELOPING STORYDEVELOPING STORY,

Heathrow, Brussels and Berlin airports among major European hubs confirming disruptions as a result of the attack.

A cyberattack targeting check-in and boarding systems has disrupted air traffic and caused delays at major airports across Europe.

Some operations at a number of airports, including London’s Heathrow, were taken offline on Saturday after a service provider’s software was hit in the attack.

Heathrow airport, the United Kingdom’s largest and one of the busiest internationally, said Collins Aerospace, which provides check-in and boarding systems for several airlines across multiple airports globally, “is experiencing a technical issue that may cause delays for departing passengers”.

“While the provider works to resolve the problem quickly, we advise passengers to check their flight status with their airline before travelling,” it said.

Collins Aerospace is a major aerospace and military company based in the United States, and a subsidiary of weaponsmaker RTX Corporation – formerly Raytheon Technologies. RTX said it was aware of a “cyber-related disruption” to its software in select airports, without naming them.

“The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations,” the company said in a statement, adding that it was working to fix the issue as quickly as possible.

Brussels and Berlin airports separately confirmed they were also affected by the attack, which rendered automated systems inoperable, allowing only manual check-in and boarding procedures.

“This has a large impact on the flight schedule and will unfortunately cause delays and cancellations of flights,” Brussels airport said, adding that the cyberattack occurred on Friday night.

“Due to a technical issue at a system provider … there are longer waiting times at check-in. We are working on a quick solution,” Berlin airport said in a banner on its website.

Frankfurt airport, Germany’s largest, was not affected, a spokesperson said. An official from the operations control centre at Zurich airport also said it had not been affected.

The Paris Charles de Gaulle airport, also known as Roissy, along with Orly and Le Bourget airports in the Paris area, reported no disruptions.

No group, individual, or state actor has claimed responsibility for the cyberattack, and a motive is yet to be confirmed. There has been no confirmed instance of data theft related to the attack.

India’s finance minister calls for greater collaboration in ‘cybersecurity’ and ‘defence’ between the two countries.

Israel and India have signed a bilateral investment agreement to expand mutual trade during far-right Israeli Minister of Finance Bezalel Smotrich’s trip to the South Asian country, which deepened its ties with Israel under Hindu nationalist Prime Minister Narendra Modi.

The agreement, signed in New Delhi by Smotrich and Indian Minister of Corporate Affairs Nirmala Sitharaman, aims to boost trade and investment flows between the two countries. Sitharaman stressed the need for greater collaboration in “cybersecurity, defence, innovation and high-technology”.

The deal marked “an important strategic step for our joint vision”, said Smotrich, who has been sanctioned by several Western countries for his links to illegal settlements in the occupied West Bank.

“The agreement reached today between Israel and India reflects our economic growth, innovation and mutual prosperity,” he wrote on X.

“This agreement will open new opportunities for investors in both countries, strengthen Israeli exports, and provide businesses with the certainty and tools to grow in one of the world’s largest and fastest-growing markets.”

India’s Ministry of Finance described the deal as a “historic milestone”, adding that it will foster cooperation in “fintech innovation, infrastructure development, financial regulation, and digital payment connectivity”.

Bilateral trade stood at $3.9bn in 2024, while current mutual investments are worth about $800m, according to official figures. But the bulk of the trade between the two countries is in the domain of defence and security, with New Delhi being Israel’s largest weapons buyer.

Last year, Indian firms also sold Israel rockets and explosives during Israel’s war on Gaza, an Al Jazeera investigation revealed.

The agreement comes as New Delhi moves closer to Israel, even as Israel faces growing political isolation over its genocidal war on Gaza. India was one of the first countries to reach out to Israel after the October 7, 2023, attack on Israel led by Hamas, condemning it as “an act of terror”.

Indian authorities have cracked down on pro-Palestine protests, even criminalising them in some cases, while allowing pro-Israel rallies.

India still supports the so-called two-state solution for the resolution of the Israel-Palestine conflict, but it has abstained from several United Nations resolutions that have been critical of Israeli rights violations against Palestinians.

In 2024, India also abstained from a UN General Assembly vote calling for an “immediate, unconditional and permanent” ceasefire in Gaza.

Indians make up the largest group of foreign students in Israel, while Israeli construction companies have sought permission to hire up to 100,000 Indian workers to replace Palestinians whose permits were revoked after Israel launched its brutal war on Gaza in October 2023.

India has also refused to condemn Israel’s war on Iran, and declined to support the Shanghai Cooperation Organisation’s (SCO) condemnation of Israeli attacks. But after United States President Donald Trump’s 50 percent tariffs on India, which took effect late last month, New Delhi this month signed an SCO declaration that condemned the US-Israeli bombing of Iran.

India has also moved to mend its ties with rival China, in a setback for years of US policy using New Delhi as a counterweight to Beijing.

China and India should be partners, not rivals, Chinese President Xi Jinping told Modi on the sidelines of the SCO summit in Tianjin.

In November 2023, Canberra launched the 2023–2030 Cyber Security Strategy, pledging A$587 million, and six integrated “Cyber Shields” to make Australia the world’s most cyber-secure nation by 2030. Yet continuous compliance, the muscle behind that ambition, is still scarce on the ground. Meanwhile, the Australian Signals Directorate logged nearly 94,000 cyber-crime reports in 2022–23—roughly one every six minutes. Strategy is set; the reality check is already here.

Australia’s 2030 vision and six Cyber Shields

From Horizon 1 to Horizon 3 – the road map in plain English

Horizon 1 (2023–2025)

Horizon 2 (2026–2028)

Horizon 3 (2029–2030)

Gaps exposed – Essential Eight and beyond

Incident reporting and third-party risks

The pitfall of “tick-the-box” security

From annual audit to continuous assurance

Platforms offering continuous GRC automate control monitoring and evidence collection, feeding live telemetry into a dashboard that alerts you the instant a critical patch slips or a new admin account appears in production. Instead of scrambling for screenshots once a year, your controls report their health every day through emerging concepts like cyber deterrence and digital resilience, powered by live integrations from Vanta with AWS, Okta, and dozens of other systems. Evidence no longer sits in email threads; it streams straight from cloud consoles, identity providers, and endpoint agents into a unified system of record. Organizations using Vanta automate evidence collection for frameworks like SOC 2 and ISO 27001, shortening audit prep from months to weeks. Auditors view the same live feed on demand, regulators receive fresher data, and security teams reclaim weeks once lost to manual checklists.

The change sounds subtle, yet it reshapes the workflow. Evidence no longer sits in email threads; it flows straight from cloud logs, identity stores and endpoint agents into a single system of record. One automation platform’s customer, Solidroad, used this always-on pipeline to complete ISO 27001 certification in under three months. Auditors view the same feed on demand, regulators receive fresher data and security teams reclaim weeks once lost to manual checklists.

Real-time telemetry also catches compliance drift the moment it begins. A mis-scoped IAM policy triggers an alert before it turns into a breach headline, turning assurance into a feedback loop rather than a rear-view mirror.

The benefits cascade: incident responders work from live asset inventories, risk managers track accurate scores and board decks condense weeks of spreadsheet work into a single click. In short, continuous assurance lets your security posture evolve as fast as the threat landscape, matching the tempo Canberra’s 2030 cyber vision demands.

Manual versus automated – spot the difference

Manual compliance is a marathon of screenshots, spreadsheets and pleading with busy colleagues for logs. Preparing for ISO 27001 can stretch beyond a year and swallow five-figure consultant fees; however, organisations pursuing multi-site certification have slashed audit spend by up to 40 percent using eight proven tactics. SOC 2 is even hungrier: one brokerage needed 24 months and well over six figures in staff hours and audit costs to reach Type II the old-fashioned way.

Automation reverses the burden. Evidence flows from cloud consoles and IAM stores, and control drift triggers an alert instead of a line item for next quarter. Vendor case studies claim that companies like Newfront Insurance and Abmatic AI have significantly reduced certification timelines

The numbers speak for themselves. What once consumed twelve to twenty-four months now fits inside a single quarter, or even a single sprint, when controls test themselves and auditors can review evidence in real time. Because monitoring never pauses, the certificate you earn in March still matches reality in May.

Building trust and cutting costs

Supporting Strategy goals

Next steps for organisations

Conclusion

Israel’s elite cyber-intelligence unit stored vast volumes of intercepted Palestinian phone calls on Microsoft’s cloud servers, according to a joint investigation by The Guardian, +972 Magazine and Local Call.

The surveillance system, operational since 2022, was built by Unit 8200, the Israeli military’s secretive intelligence branch. It enables the unit to collect and retain recordings of millions of daily phone calls from Palestinians in Gaza and the occupied West Bank.

The revelations initially reported on Wednesday stem from leaked Microsoft documents and testimonies from 11 sources, including from Israeli military intelligence and the company.

According to the leaks, a large amount of the data appeared to be stored on Microsoft’s Azure servers located in the Netherlands and Ireland, the Guardian reported.

Three sources from Unit 8200 said that the cloud-based system helped guide deadly air strikes and shaped operations across the occupied Palestinian territories.

Microsoft said that CEO Satya Nadella, who met with Unit 8200’s commander Yossi Sariel in 2021, was unaware of the nature of the data to be stored. The company has said an internal review found “no evidence to date” that Azure or its artificial intelligence (AI) tools were “used to target or harm people”.

The revelations come after the United Nations special rapporteur on the situation of human rights in the occupied Palestinian territory, Francesca Albanese, issued a report mapping the corporations aiding Israel in its occupation and war on Gaza.

The report noted that Microsoft, which has operated in Israel since 1991, has built its largest hub outside the US in Israel and began integrating its technologies across the country’s military, police, prisons, schools, and settlements.

Since 2003, the company has deepened ties with Israeli defence, acquiring surveillance and cybersecurity start-ups and embedding its systems in military operations. In 2024, an Israeli colonel called cloud technologies such as those offered by Microsoft “a weapon in every sense”.

The Guardian reported that internal records at Microsoft showed that Nadella offered support for Sariel’s aim to move large volumes of military intelligence into the cloud.

A Microsoft statement cited by the Guardian said it “is not accurate” to say he provided his personal support for the project.

Microsoft engineers later worked closely with Israeli intelligence to embed security features within Azure, enabling the transfer of up to 70 percent of Unit 8200’s sensitive data to the platform.

While Israeli officials claim the technology helps thwart attacks, Unit 8200 sources said the system collects communications indiscriminately, which are often used to detain or blackmail Palestinians. “When they need to arrest someone and there isn’t a good enough reason … that’s where they find the excuse,” one source was cited as saying.

Some sources alleged the stored data had been used to justify detentions and even killings.

The system’s expansion coincided with a broader shift in Israeli surveillance, moving from targeted tracking to bulk monitoring of the Palestinian population. One AI-driven tool reportedly assigns risk scores to text messages based on certain trigger words, including discussions of weapons or martyrdom.

Sariel, who resigned in 2024 after Israel’s intelligence failure on October 7, 2023, had long championed cloud-based surveillance.

As Israel’s war on Gaza continues, with more than 61,250 Palestinians killed, including 18,000 children, the surveillance programme remains active. Sources said the existing data, combined with AI tools, continues to be used in military operations.

Microsoft claimed it had “no information” about the specific data stored by Unit 8200.

Microsoft says cyber-espionage campaign ‘poses high risk’ to foreign embassies, diplomats and other groups in Moscow.

Microsoft has accused one of the Russian government’s premier cyber-espionage units of deploying malware against embassies and diplomatic organisations in Moscow by leveraging local internet service providers.

In a blog post on Thursday, Microsoft Threat Intelligence said the campaign by Russia’s Federal Security Service, also known as the FSB, “has been ongoing since at least 2024”.

The effort “poses a high risk to foreign embassies, diplomatic entities, and other sensitive organizations operating in Moscow, particularly to those entities who rely on local internet providers”, Microsoft said.

The analysis confirms for the first time that the FSB is conducting cyber-espionage at the ISP level, according to Microsoft’s findings.

“This means that diplomatic personnel using local ISP or telecommunications services in Russia are highly likely targets of [the campaign] within those services,” the blog post reads.

Microsoft tracked an alleged FSB cyber-espionage campaign that in February targeted unnamed foreign embassies in Moscow.

The FSB activity facilitates the installation of custom backdoors on targeted computers, which can be used to install additional malware, as well as steal data, Microsoft said.

The findings come amid increasing pressure from Washington for Moscow to agree to a ceasefire in its war in Ukraine and pledges from NATO countries to increase defence spending surrounding their own concerns about Russia.

Microsoft did not say which embassies were targeted by the FSB campaign.

The US Department of State, as well as Russian diplomats, did not respond to requests for comment from the Reuters news agency.

Russia has denied carrying out cyber-espionage operations. There was no immediate comment from Moscow on Microsoft’s report on Thursday.

The hacking unit linked to the activity, which Microsoft tracks as “Secret Blizzard” and others categorise as “Turla”, has been hacking governments, journalists and others for nearly 20 years, the US government said in May 2023.

The Shadowserver Foundation and Eye Security would not disclose which firms were affected.

A sweeping cyber espionage operation targeting Microsoft server software has compromised about 100 different organisations over the weekend.

Two of the organisations that helped uncover the attack announced their findings on Monday.

On Saturday, Microsoft issued an alert about “active attacks” on self-hosted SharePoint servers, which are widely used by organisations to share documents and collaborate within others. SharePoint instances run off of Microsoft servers were unaffected.

Dubbed a “zero-day” because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organisations.

Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether – and that was before the technique behind the hack was widely known.

“It’s unambiguous,” Bernard said. “Who knows what other adversaries have done since to place other backdoors.”

He declined to identify the affected organisations, saying that the relevant national authorities had been notified.

The Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany and that the victims included government organisations.

Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.

“It’s possible that this will quickly change,” said Rafe Pilling, director of threat intelligence at Sophos, a British cybersecurity firm.

A Microsoft spokesperson said in an emailed statement that it had “provided security updates and encourages customers to install them”.

It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain’s National Cyber Security Centre said in a statement that it was aware of “a limited number” of targets in the United Kingdom. A researcher tracking the hacks said that the campaign appeared initially aimed at a narrow set of government-related organisations.

Potential targets

The pool of potential targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, more than 8,000 servers online could theoretically have already been compromised by hackers.

Those servers include major industrial firms, banks, auditors, healthcare companies and several US state-level and international government entities.

“The SharePoint incident appears to have created a broad level of compromise across a range of servers globally,” said Daniel Card of British cybersecurity consultancy, PwnDefend.

“Taking an assumed breach approach is wise, and it’s also important to understand that just applying the patch isn’t all that is required here.”

On Wall Street, Microsoft’s stock is about even with the market open as of 3pm in New York (19:00 GMT), up by only 0.06 percent, and has gone up more than 1.5 percent over the last five days of trading.

Globalization is generally understood as a characteristic feature of the contemporary world, and there is no unified definition of this phenomenon that can be given. What it basically comes down to is that globalization is a complex of processes that have successfully rearranged economic, political, and social ties across the borders, creating high-density interregional and intercontinental webs. Although the importance of globalization to enhance technological advancement, economic integration, and cultural exchange is commonly hailed, it has also put states at new and advanced vulnerabilities, especially in the cyberspace sector. In spite of the claims that it is an ineluctable side product of human innovation, the rate of globalization has advanced considerably due to improved digital communication and transportation technology. Other researchers advance the idea that its origin can be traced to ancient migration and trade networks, and the interconnectedness is the property of human evolution. The digital age has, however, increased this connectivity to the extent that it is no longer what it was. The advent of the internet and instant communication has transformed relations and life in the world, raising the living standards of the developed countries and also bringing in developed forms of threats. Among these, the most urgent is the so-called cyber warfare one, as a brand-new area that breaks the inner paradigms of national security and national sovereignty.

In the modern world characterized by hyperconnectivity, the global digital networks have the capacity to enable the state and non-state actors to dictate cyber operations that are cross-border with far-reaching consequences. The chain of modern society, including the financial system, healthcare, energy, and military communication systems, is both a strength and a weak point to take advantage of. An attack on a single node may spread horizontally across systems and into borders of different countries, endangering social equilibrium. This necessitates the need to comprehend the motives, what they can do, and the strategies they are likely to use, and to develop adaptive national security models that can adapt to this changing environment. Technology is the powerful aspect that can present change in almost all spheres of life. The spread of the use of smartphones, the construction of smart cities, and the implementation of blockchain systems indicate the high rate of transformation of personal life and institutional life, as well as their digitalization. This digital transformation, however, also came with an abundance of cyber risks. Not only is the new threat environment vigilant, but it is advanced enough to require precedent defense. Such qualities of cyberspace as anonymity, easy accessibility, legal confusion, and unequal distribution of power make the latter a beneficial environment for conflicts, spying, and interference by an extended number of opponents.

The changes of cyber threats have been gradual yet far-reaching. The history of cybersecurity could be established back in the early 1970s when the Creeper and its antivirus Reaper became the first self-replicating and antivirus applications, respectively. Commercial Antivirus software was introduced in the 1980s, the same decade that the 90s witnessed a boom of online crime since more people got access to the internet worldwide. Cybercrime was being organized and more technologically advanced in the early 2000s, with state-sponsored cyber manipulation starting to take shape. By 2026, the worldwide cybersecurity market is expected to exceed 345 billion, which can be seen as a way of demonstrating the magnitude of the problem and the necessity to take measures in preventing it. Cyber capabilities are being more and more incorporated as part of the greater strategic arsenals of states. Hybrid warfare, the idea of a combination of conventional military methods and digital warfare, has turned out to be one of the central concepts of modern combat. Of particular interest is the use, in 2010, of the Stuxnet malware, apparently by the United States and Israel, to destroy nuclear centrifuges in Iran. These cyber operations have the potential to create strategic disruption to adversaries at no political or humanitarian cost of direct warfare, and they can be covered behind the plausible deniability of it. This is because the Russian-Ukraine conflict presents one of the most vivid examples of the practicality of cyber warfare. Beginning in 2013, Russia has carried out a series of cyberattacks on Ukrainian infrastructure that grew in intensity in the run-up to its full-scale invasion in 2022. The malware was used to carry out operations like attacks using destructive malware referred to as the Acid Rain, which interfered with satellite communications and even the monitoring of wind turbines, as well as the internet being cut off through parts of Europe and even North Africa. Such cyberattacks were not isolated maneuvers but rather a part of Russia’s broad hybrid warfare policy. They wanted to disrupt Ukrainian rule, create disinformation, disorient people, and tear the society apart without the specificity of any military attack.

The non-state actors have also become substantial sources of cyber menace. The organizations and groups that operate in the cyberspace now include the hacktivist groups and criminal syndicates, terrorist organizations and inclusion of corporate groups as well. They have different motives. Their motives could be as varied as financial gain, ideological expression, or strategic disruption, but their capability to cause harm is real. In 2007, there were Estonian cyberattacks, largely blamed on Russian patriotic hackers, that led to the paralysis of banking systems, ministerial websites, and media houses. The incident was not scientifically connected to the Russian state, but it revealed the nature of destruction of non-state actors. At least, these groups are involved in cyber espionage and/or sabotage with or without official state sponsorship to make it more difficult to attribute culpability and strike back. The consequences upon national security are enormous and extremely troubling. Hacking is capable of bringing the most vital services to their knees, stealing classified information, and undermining democratic efforts in the minds of a citizenry. A case in point is the Ghostnet which was found out in 2009 and had penetrated networks in over 100 countries expressly posing a challenge of digital sovereignty and spying. In a similar vein, in 2016 Russia was charged with influencing the US presidential election race via cyber incursion, disinformation, and explorations of electoral infrastructure, which was a move designed to discredit democracy as well as geopolitical stability. With cyber warfare still being in development, the boundary between the peaceful and aggressive becomes more grey. Digital battlefield involves situations where attacks cannot be tracked and consequently acknowledged, where it is difficult to ascribe such an attack, and where effects, though sometimes silent, are vast. The necessity of taking good care of cybersecurity is pressing and hard to exaggerate. In order to combat such threats, the states have to invest in integrated cybersecurity systems. Not just firewalls, intrusion and detection systems, and encrypting data, but more sophisticated threat intelligence using the technology of artificial intelligence and machine learning. The critical systems have to be secured through proactive monitoring, protocols of quick responses and regular vulnerability checks.

Nevertheless, system-based countermeasures are not enough. It is also crucial to have a subtle perception of how humans conduct themselves online. Behavioral science insights have to be involved in cybersecurity strategies in order to predict, prevent, and respond to internal and external threats more effectively. The high security levels of cyber resilience can be achieved through awareness campaigns, psychological profiling of threat actors, and an education program for both users and professionals. The other pillar of success in cybersecurity is international cooperation. No nation can take on these threats independently because of the nature of the internet, which is borderless. International rules and conventions, codes of ethics, and laws have to be developed to govern cyberspace behavior and punish the violators. Moreover, the worldwide issue of cybersecurity talent shortage will require making large investments both in learning and educating the current generation of cybersecurity experts and investing in innovative approaches like gamified learning, virtual labs, and outreach strategies to appeal to people of different backgrounds and interests to the industry. Globalization has finally facilitated and strengthened the emergence of cyber threats. Though interconnectedness may be one of the most effective drivers of economic and social development, it also ensures the spawning of fresh opportunities through which dangerous outcomes may be realized should it be left unchecked, acting devastatingly to malicious parties. It is not cybersecurity and only a technical need; it is a national need that is necessary to protect sovereignty, stability, and the democratic order in the twenty-first century.

The British government has secretly resettled thousands of Afghans in the United Kingdom for fear they might be targeted by the Taliban after their personal details were leaked, Defence Secretary John Healey revealed on Tuesday.

Details about the accidental data breach by a British soldier and the secret relocation programme for Afghans were made public after a rare court order known as a “superinjuction”, which barred the media from even disclosing its existence, was lifted on Tuesday.

Here is what we know about what happened and how the government responded:

Whose data was leaked and how did it happen?

A spreadsheet containing the personal information of about 18,700 Afghans and their relatives – a total of about 33,000 people – was accidentally forwarded to the wrong recipients by email in February 2022, Healey told lawmakers in the House of Commons.

These were people who had applied for relocation to the UK between August 2021 and January 7, 2022. That was the six-month period following the Taliban takeover of Afghanistan after the US and allied forces withdrew from the country. Most had worked as translators, assistants or in other capacities for the British military in Afghanistan.

They had applied for the UK’s Afghan Relocations and Assistance Policy (ARAP) scheme, which, like its predecessor, the Ex-Gratia Scheme (EGS), had been set up for Afghans who had worked for the British forces.

The EGS was originally established in 2013 following a long campaign by activists and media in support of people who had assisted the British military in Afghanistan and who were considered likely to face reprisals from the Taliban.

The British soldier at the centre of the leak, who had been tasked with verifying applications for relocation, is understood to have mistakenly believed the database contained the names of 150 applicants, when it actually contained personal information linked to some 18,714 people.

The soldier was under the command of General Sir Gwyn Jenkins, who was director of special forces at the time and now heads the British Navy. His name had also been suppressed by the court order until this week.

The UK’s Ministry of Defence (MoD) became aware of the leak when someone else posted parts of the data on Facebook on August 14, 2023. The Facebook post was first spotted by an activist who was assisting Afghans who had worked with UK forces.

The activist contacted the MoD, saying: “The Taliban may now have a 33,000-long kill list – essentially provided to them by the British government. If any of these families are murdered, the government will be liable,” The Guardian newspaper reported.

How did the government respond to the leak?

The MoD told Facebook to take down the post with the leaked information, citing security threats from the Taliban. It also warned some 1,800 ARAP applicants who had fled to Pakistan that they or their families could be in danger.

The UK government, led by former Conservative Prime Minister Rishi Sunak, then sought a court order barring any media disclosure of the data breach.

On September 1, 2023, a High Court judge in London issued a “superinjunction”, which not only prohibits the disclosure of any details but also forbids revealing that the order exists at all. That superinjunction was lifted on Tuesday following a campaign led by The Times newspaper in London.

In April 2024, the government created the Afghanistan Response Route (ARR) to support Afghans who were not eligible for ARAP but were considered at high risk of reprisals from the Taliban as a result of the data leak.

This scheme, which was kept secret, has now been closed, Healey told the House of Commons. However, he added that hundreds of invitations were issued to Afghans and their families under the scheme and these invitations “will be honoured”.

The government also launched the secret Operation Rubific to evacuate those Afghans deemed to be at risk directly to the UK.

How many Afghans have been relocated to the UK under the secret scheme?

As a direct result of the leak, the government says 900 people and about 3,000 relatives have already been flown to the UK under the secret relocation scheme and put up in hotels or military bases. In total, about 24,000 Afghans affected by the breach have either been brought to the UK already or will be in the near future, according to UK media reports.

Through broader resettlement schemes, 35,245 Afghans have so far been relocated to the UK, official data suggests.

Why is this information being disclosed now?

The court order barring the details about the leak from being disclosed was lifted at noon (11:00 GMT) on Tuesday.

Following several private hearings, a High Court judge ruled in May that the injunction should be lifted, citing, among other reasons, the inability of the public or parliament to scrutinise the government’s decisions.

British news outlet The Times reported it had spearheaded the two-year legal battle which resulted in the injunction being lifted.

That decision was, however, overturned by the Court of Appeal in July 2024, due to concerns about the potential risks to individuals whose information had been leaked.

Then came the “Rimmer review”.

Healey, a member of current Prime Minister Keir Starmer’s ruling Labour party, said he was briefed about the leak when it happened as he was serving as shadow defence secretary at the time. However, he added that other cabinet members were only informed about the leak when Starmer’s party was elected to power in the general election of July 2024.

“As Parliamentarians – and as Government Ministers – it has been deeply uncomfortable to be constrained in reporting to this House. And I am grateful today to be able to disclose the details to Parliament,” Healey said on Tuesday.

Healey said that at the beginning of this year, he commissioned former senior civil servant and former Deputy Chief of Defence Intelligence Paul Rimmer to conduct an independent review.

Quoting the “Rimmer review” in Parliament on Tuesday, Healey said that four years since the Taliban’s takeover in Afghanistan, “there is little evidence of intent by the Taleban [sic] to conduct a campaign of retribution against former officials.”

He added that the information the Taliban inherited from the former Afghan government would have already allowed them to target individuals if they had wished. Therefore, Rimmer concluded it was “highly unlikely” that someone’s information being on the leaked spreadsheet would be a key piece of information enabling or prompting the Taliban to take action.

“However, Rimmer is clear – he stresses the uncertainty in any judgements … and he does not rule out any risk,” Healey said.

How safe are the people named in the leak now?

The Times reported that after the superinjunction had been lifted, a new temporary court order was issued, barring the media from publishing specific sensitive details about what exactly was in the database.

The Times said the government cited reasons of confidentiality and national security, arguing that the leaked list still poses a threat to the safety of the Afghans.

In a webpage published on Tuesday, the MoD states: “At present, there is no evidence to suggest that the spreadsheet has been seen or used by others who might seek to exploit the information; however, the UK Government cannot rule out that possibility.”

It now advises those who applied for the ARAP or EGS programmes before January 7, 2022, to exercise caution, avoid phone calls or messages from unknown numbers, limit their social media profiles and use a Virtual Private Network (VPN) where possible.

UK-based media outlets have reported that a law firm is suing the MoD on behalf of at least 1,000 Afghans affected by the data leak.

How much has the leak cost the UK government?

Healey said on Tuesday that it had already cost 400 million pounds ($540m) to bring an initial 900 Afghans and their 3,600 family members to the UK under the ARR.

However, this does not account for the expenditures by other government schemes to relocate Afghans to the UK. Healey estimated that the total cost of relocating Afghans to the UK was between 5.5 billion and 6 billion pounds ($7.4bn to $8bn).

Different figures for how much the leak cost the UK have emerged. An unnamed government official told Reuters that the leak cost the UK about 2 billion pounds ($2.7bn). Other outlets have reported that ARR is expected to cost the UK government a total of 850 million pounds ($1.1bn).

Beijing’s remarks come after Ottawa announced it would cease all Canadian operations of the company.

Canada’s request for Chinese surveillance equipment firm Hikvision to close local operations will “damage” bilateral trade, complicating recent efforts to improve ties between the countries, China’s Ministry of Commerce has said.

Beijing’s remarks came on Monday after Canadian Industry Minister Melanie Joly announced last week on the social media platform X that Hikvision Canada Inc had been ordered to cease all operations due to concerns their continuation would be “injurious” to the country’s security.

Her statement on Friday did not provide details on the alleged threat posed by Hikvision products, but said departments and agencies would be prohibited from using them, and that the government is “conducting a review of existing properties to ensure that legacy Hikvision products are not used going forward”.

China’s Commerce Ministry responded by accusing Ottawa of “over-generalising national security”, stating: “China is strongly dissatisfied.”

“This not only undermines the legitimate rights and interests of Chinese companies and affects the confidence of companies from both countries in cooperation, but also disrupts and damages the normal economic and trade cooperation between China and Canada,” the statement read.

“China urges Canada to immediately correct its wrong practices,” it added.

Hangzhou-based Hikvision is one of the world’s leading manufacturers of security cameras and other surveillance products, but it has faced scrutiny abroad for its role in Beijing’s alleged rights abuses against the Muslim minority Uighur population.

The United States included Hikvision in a 2019 blacklist of Chinese entities it said were implicated in human rights violations and abuses in the implementation of China’s campaign of repression, mass arbitrary detention, and high-technology surveillance against Uighurs and other Muslim minority groups in Xinjiang.

The latest disagreement represents an early test for China-Canada relations after Prime Minister Mark Carney surged to electoral victory in April.

China said in response to the election result that Beijing was willing to improve ties with Ottawa, a relationship rocked in recent years by a range of thorny issues.

The arrest of a senior Chinese telecom executive on a US warrant in Vancouver in December 2018 and Beijing’s retaliatory detention of two Canadians on espionage charges plunged relations into a deep freeze.

Ties were further strained over allegations of Chinese interference in Canadian elections in 2019 and 2021, charges Beijing has denied.

Joly had said the decision to ban Hikvision had been reached following a “multi-step review” of information provided by the Canadian security and intelligence community.

The United States struck three key nuclear sites in Iran early on Sunday, injecting itself into Israel’s war with Iran in a sophisticated mission and prompting fears of military escalation in the Middle East amid Israel’s brutal onslaught of Gaza.

In a televised address early on Sunday, US President Donald Trump justified the strikes, saying they were aimed at stopping “the nuclear threat” posed by Iran. Natanz, Isfahan, and Fordow sites, which are involved in the production or storage of enriched uranium, were targeted.

“Tonight, I can report to the world that the strikes were a spectacular military success. Iran’s key nuclear enrichment facilities have been completely and totally obliterated,” he said, warning Tehran against retaliation.

Israel and Trump claim that Iran can use the enriched uranium to make atomic warheads. But Iran insists its nuclear programme is solely for civilian purposes. The United Nations nuclear watchdog, the International Atomic Energy Agency (IAEA), has also rejected Israeli claims that Iran was on the verge of making nuclear weapons.

Condemning the strikes, which US officials said were covertly coordinated, Iranian Foreign Minister Abbas Araghchi said that the time for diplomacy had passed and that his country had the right to defend itself.

“The warmongering, a lawless administration in Washington, is solely and fully responsible for the dangerous consequences and far-reaching implications of its act of aggression,” he said at a news conference in Istanbul, Turkiye.

Iranian officials, meanwhile, have not detailed the extent of the damage and have attempted to downplay the significance of the hits. Speaking on state TV, Hassan Abedini, the deputy political director of Iran’s state broadcaster, said the three nuclear sites had been evacuated “a while ago” and that they “didn’t suffer a major blow because the materials had already been taken out”.

Here’s what to know about the nuclear plants hit and what the attacks mean for Iran:

Which facilities were hit?

Trump on Sunday said a full “payload” of bombs “obliterated” Iran’s Fordow, Natanz, and Isfahan nuclear sites. Iranian officials, according to the Reuters news agency, also confirmed that the three facilities were hit.

1. Fordow is an underground enrichment facility in operation since 2006. Built deep inside the mountains some 48km (30 miles) from the Iranian city of Qom, north of Tehran, the site enjoys natural cover. The primary focus of Sunday’s strikes, Fordow was hit with Massive Ordnance Penetrator (MOPs) or “bunker-buster” bombs delivered from B-2 stealth bomber planes, US Joint Chiefs of Staff Chairman General Dan Caine said in a briefing on Sunday. The 13,000kg (28,700lb) GBU-57 MOP is the most powerful bunker-buster bomb, able to penetrate 60m (200 feet) below ground and delivering up to 2,400kg (5,300lb) of explosives, while the bombers are hard to detect. Caine added that 14 MOPs were delivered to at least two nuclear sites. Israel had earlier attacked Fordow on June 13, causing surface damage, but security analysts believe only US bunker busters can penetrate the facility. An independent assessment of the scale of the damage is not yet available.
2. Natanz is considered the largest nuclear enrichment facility in Iran, located about 300km (186 miles) south of Tehran. It is believed to consist of two facilities. One is the Pilot Fuel Enrichment Plant (PFEP), which is a test and research facility located above ground and used to assemble centrifuges, rapidly rotating machines used for uranium enrichment. According to the non-profit Nuclear Threat Initiative, the facility had close to a thousand centrifuges. The other facility, located deep beneath the ground, is the Fuel Enrichment Plant (FEP). Caine did not specify what weapons hit Natanz on said on Sunday.
3. Isfahan is an atomic research facility located in the central city of Isfahan. It was built in the 1970s and was used for uranium conversion. It was the last location hit before the US bombing mission, which involved about 125 aircraft, withdrew from the Iranian airspace, according to officials. Caine said “more than two dozen” Tomahawk missiles were fired at Isfahan from US submarines. said the Iranians did not detect the mission and were notified afterwards.

Are the sites destroyed?

Independent impact assessment of the US strikes at Fordow remains unclear.

Defence Secretary Hegseth on Sunday said the US’s “initial assessment is that all our precision munitions struck where we wanted them to strike and achieved the desired effect”, citing particular damage at Fordow.

An Iranian lawmaker told Al Jazeera that the site suffered superficial damage. Israeli strikes on the plant last week only caused “limited, if any, damage” at the underground plant, according to IAEA boss Rafael Grossi.

The extent of damage at Natanz is also unclear following Sunday’s strike. Earlier Israeli attacks “completely destroyed” the above-ground plant, and caused centrifuges in the underground parts of the uranium plant to be “severely damaged if not destroyed altogether”, even though it was not directly hit, Grossi told reporters last week.

Meanwhile, the IAEA said on Sunday that six buildings at Isfahan suffered damage following the US attacks, including a workshop handling contaminated equipment. Earlier Israeli strikes had damaged four buildings on the site, the agency had reported, including the plant’s central chemical laboratory.

Initial reports from Iran and neighbouring Gulf countries such as Kuwait further indicate that there is no significant leakage of radioactive material from any of the plants. That could suggest that Iranian officials might have moved the stockpiles of enriched uranium out of the facilities targeted by the US, analysts say.

According to the IRNA news agency, Reza Kardan, the deputy director of the Atomic Energy Organization of Iran and the head of the National Nuclear Safety System Center in the country, confirmed on Sunday that “no radiation contamination or nuclear radiation has been observed outside” the sites.

“Preliminary plans had been made and measures had been taken to protect the safety and health of the dear people of the country, and despite the criminal actions this morning in attacking nuclear facilities, due to the previously planned measures and the measures taken, no radiation contamination or nuclear radiation has been observed outside these sites and facilities,” Kardan said.

The IAEA also said the radiation levels near targeted sites had not increased.

“Following attacks on three nuclear sites in Iran – including Fordow – the IAEA can confirm that no increase in off-site radiation levels has been reported as of this time,” the agency said in a social media post on Sunday.

Trita Parsi, executive vice president of the Quincy Institute for Responsible Statecraft, says it is likely Iran had taken precautionary actions ahead of the US attacks.

“It appears that they already had gotten an advanced warning,” he told Al Jazeera.

“They understood that he [Trump] was buying time while moving military assets in order to actually strike. So, I think for some time they have moved those assets – where they are is unclear at this point.”

Will this derail Iran’s nuclear efforts?

The impact of the strikes on Iran’s overall nuclear programme is yet unknown.

However, analysts say there was no clear evidence that Iran had advanced so far as to be able to reach weaponisation in its nuclear programme in the first place.

Parsi said Iran’s most valuable nuclear asset is its stockpile of enriched uranium.

“As long as they continue to have that, they still actually have very much a nuclear programme that still could be weaponised,” he added.

“And I think we are going to start to hear from the Israelis in rather short order, that this was not the type of successful strike Trump has claimed, but they are going to start making the case that there needs to be a more ongoing bombing campaign against Iran.”

Has Iran’s nuclear programme suffered setbacks before?

• Yes. Iran’s nuclear ambitions started back in the 1950s under the leadership of the Shah Mohammad Reza Pahlavi, a close ally of the US and Israel. The shah’s original vision was to build Iran’s nuclear capacities for both energy generation and, to a lesser extent, weapons manufacturing. The US, Germany, and France all supported the country with aid and technology. However, following the Islamic Revolution of 1979, the new government, under leader Ayatollah Ruhollah Khomeini, halted or paused parts of the programme, arguing that it was expensive and that it represented Iran’s continued reliance on Western technology.
• Shelved or cancelled programmes further took a hit during the Iran-Iraq War (1980-1988) when the country was forced to divert resources to the war effort after Iraq’s invasion. Its Bushehr nuclear reactor site, which was under construction as part of a partnership with the industrial manufacturing giant Siemens, was bombed severely by Iraq and was left in near-total damage. Siemens eventually withdrew from the project. The government would later on reportedly restart the nuclear programme, although Iranian leadership has always insisted it is pursuing nuclear power for civilian use.
• Stuxnet – a computer virus developed by Israel and the US, likely launched back in 2005 but discovered in 2010 – caused extensive damage to Iran’s nuclear capabilities. The programme, nicknamed Operation Olympic Games, compromised the Iranian network and caused centrifuges to tear themselves apart. It reportedly expanded rapidly under former US President Barack Obama, but began during the administration of US President George W Bush.
• Under the 2015 Iran nuclear deal (officially known as Joint Comprehensive Plan of Action or JCPOA), the country was forced to limit its enrichment capabilities in exchange for sanctions relief. The deal, signed between Iran, China, Russia, the US, France, Germany, the United Kingdom and the European Union, capped enrichment at 3.67 percent. Sanctions, some of them in place since the 1979 Islamic Revolution, were gradually removed. Tehran complied with the terms of the deal, according to the (IAEA). It also agreed to allow the IAEA regular monitoring access. However, Trump pulled out of the agreement during his first term as US president in 2018, and slapped on sanctions as part of a “maximum pressure” campaign, forcing Tehran to also discard the terms though it continued to cooperate with the IAEA.

BOSTON — A federal judge has blocked the Trump administration from making drastic cuts to research funding provided by the National Science Foundation.

U.S. District Judge Indira Talwani in Boston on Friday struck down a policy change that could have stripped universities of tens of millions of dollars in research funding. The universities argued that the move threatened crucial work in artificial intelligence, cybersecurity, semiconductors and other technology fields.

Talwani said the change, announced by the NSF in May, was arbitrary, capricious and contrary to law.

An email Saturday to the National Science Foundation was not immediately returned.

At issue are “indirect” costs, expenses such as building maintenance and computer systems that aren’t linked directly to a specific project. Currently, the National Science Foundation determines each grant recipient’s indirect costs individually and is supposed to cover actual expenses.

The Trump administration has dismissed indirect expenses as “overhead” and capped them for future awards by the National Science Foundation to universities at 15% of the funding for direct research costs.

The University of California, one of the plaintiffs, estimated the change would cost it nearly $100 million a year.

Judges have blocked similar caps that the Trump administration placed on grants by the Energy Department and the National Institutes of Health.

In the digital age, where power dynamics are increasingly defined by information flows and algorithmic influence, cyberspace has evolved from a mere technical domain into a fully fledged geopolitical arena. As Thomas Rid has argued, cyberwar is not a rupture but an extension of politics by other means, characterized by ambiguity, plausible deniability, and the absence of clear thresholds. In this new order, cybersecurity acts as an adaptive shield, protecting vital systems, while cyber defense becomes the digital sword, mobilizing state capabilities to detect, neutralize, and retaliate. This strategic pairing gives rise to an integrated doctrine, where every firewall becomes a sensor and every breach an opportunity for strategic hardening.

Thus, twenty-first-century conflicts no longer begin with declarations of war but with lines of malicious code. State-sponsored cyberattacks, technological espionage, and mass disinformation campaigns are the weapons of the future: silent yet potentially paralyzing. In this shadow war, financial systems, smart grids, healthcare infrastructures, and state institutions become critical pressure points, exposed to systemic shocks that can dislocate national continuity. In response, digital resilience is no longer a defensive posture but a vital imperative. It rests on the fusion of preventive cybersecurity and active cyber defense, forming an invisible architecture that balances anticipation with response. Partnerships like the one between Microsoft and U.S. Cyber Command, where Azure Sentinel’s AI bolsters offensive operations against Chinese APTs, illustrate the hybridization of technological shield and geopolitical weapon. Yet attribution remains a strategic Achilles’ heel; opacity and decentralization of attacks hamper deterrence logic.

For these reasons and inspired by nuclear doctrines, some states are now developing cyber deterrence strategies based on denial (making the attack ineffective) and targeted retaliation (imposing dissuasive costs). The U.S. Cyber Command’s “persistent engagement” model exemplifies this approach, where anticipation, calibrated response, and cognitive dominance form a triptych of integrated deterrence. On the other hand, the rise of artificial intelligence is disrupting this balance at dizzying speed. China’s DeepSeek R1, for instance, demonstrates that AI is no longer merely a tool for data processing but an autonomous force capable of identifying threats, executing countermeasures, and even making tactical decisions. This signals the emergence of a new form of algorithmic sovereignty, where strategic initiative shifts from human to calculated agency.

This paradigm shift is reshaping the military domain as well. Autonomous drones, automated intelligence platforms, and smart weapons systems are redefining doctrines of technological supremacy. Ukraine’s “Spider Web” operation marked a doctrinal rupture, deploying swarms of AI-coordinated micro-drones capable of dynamic, adaptive targeting in cluttered environments. It heralds the advent of fluid, decentralized warfare and prefigures future algorithmic conflicts.

Big Tech: Geopolitical Hydras

When Big Tech dictates the rules of cyberspace, states become variables in someone else’s equation. It is no longer armies but platforms that shape power balances. This paradigm shift cements the rise of an extraterritorial technological power not based on monopoly of legitimate violence but on mastery of data flows and digital architectures. Then, GAFAM (Google, Apple, Facebook, Amazon, Microsoft) now operates as systemic entities, wielding influence that eclipses traditional state sovereignty. Their power, driven by an unprecedented concentration of computational, financial, and informational capital, grants them a structuring role in international relations, rivaling even the core prerogatives of the state.

This rise isn’t merely economic or technological; it redefines global governance. These corporations act as the architects of the “matrix politica,” enforcing opaque algorithmic regulation of public discourse, social behaviors, and collective perception. By replacing legitimate legal norms with proprietary logic, they institute an unelected algorithmic order, generating “invisible prisons” where individuals become exploitable variables and national sovereignty becomes a residual fiction.

In this context, any viable cyber defense or deterrence strategy must confront this structural asymmetry. Strengthening state defenses against conventional cyber threats is no longer sufficient. The relationship between public authority and private technological hegemony must be recalibrated. Effective digital resilience demands a democratic reconquest of communication infrastructures and political oversight of the normative power wielded by platforms. Absent such rebalancing, cyberspace will continue to slide into a deterritorialized algorithmic sovereignty that deeply reconfigures the exercise of power in the 21st century.

This silent capture of normative power presents a strategic challenge to cyber deterrence doctrines. After all, what is the purpose of state deterrence if critical infrastructures, codebases, and mass cognitive systems are controlled by transnational private entities? Digital sovereignty must encompass offensive capabilities against state-backed cyber aggressors and against hegemonic drifts of platforms capable of reshaping cognitive battlegrounds, manipulating public perception, and influencing political decisions in real time.

This revolution comes at a cost. Deep learning algorithms can now launch sophisticated cyberattacks, detect invisible vulnerabilities, and strike without warning, pushing human intervention into the background. AI thus generates a strategic paradox: it enhances resilience while simultaneously magnifying vulnerabilities. Advances like DeepMind’s AlphaFold show how such technologies permeate critical domains, from biology to cybersecurity, blurring the lines between scientific progress and digital militarization. In this new era, AI is no longer a tool; it is a geopolitical actor.

In fact, major powers and actors are investing in this revolution in different ways. The United States, a pioneer in AI research, focuses on innovation and developing offensive and defensive cyber capabilities. China, aiming for technological supremacy by 2030, is coupling digital sovereignty with state surveillance to bolster its global position. The European Union adopts a more regulatory and ethical approach, seeking to govern AI use while preserving its technological autonomy.

Warfare in the Age of AI

The military domain, too, is being swept into the vortex of AI-led automation. Autonomous drones, smart weapon systems, and automated intelligence platforms are reshaping defense doctrines, ushering in a new form of technological supremacy. These tools offer asymmetric advantages to well-equipped powers but also pave the way for an unprecedented militarization of cyberspace.

Delegating lethal decisions to machines raises profound ethical dilemmas: who bears responsibility for algorithmic misfires? How do we regulate autonomous weapons in a world where legal norms lag behind innovation? Without clear answers, AI risks transforming the battlefield into a dehumanized theater of operations beyond political and moral control.

Subsequently, the proliferation of hybrid threats, cyberattacks, disinformation, and covert operations underscores the urgency of enhanced international cooperation. In fact, the Russo-Ukrainian conflict has highlighted cyberspace’s centrality in modern warfare, with the rise of cyber-volunteers, hacktivists, and destabilization campaigns. Ukraine’s IT Army exemplifies a new form of cyber mobility, where citizens and transnational collectives become key players in cyber conflict.

In this regard, Ukraine’s “Spider Web” operation against Russian targets demonstrates a new military application of AI in hybrid warfare. Here, AI no longer acts as a mere optimizer but as a digital war commander, orchestrating data collection, target identification, battlefield navigation, and dynamic strike execution. This machine-learning-powered architecture transforms each drone into both a sensor and a lethal vector, capable of real-time adaptation. More than a technological feat, Spider Web signals a metamorphosis of warfare, with AI assuming operational control and ushering in an era of autonomous algorithmic wars.

Fragmented Tech Ecosystems and Strategic Rivalries

Meanwhile, the militarization of cyberspace is accelerating. Leading powers are developing advanced cyber weapons, espionage tools, and surveillance systems to maintain digital supremacy. China’s “Made in China 2025” strategy channels massive investment into cybersecurity and tech sovereignty, while the U.S. doubles down on proactive defense to safeguard its hegemonic edge.

This trend drives increasing fragmentation of the global digital landscape, undermining the ideal of an open internet and encouraging the formation of rival digital blocs. The Sino-American tech rivalry extends beyond infrastructure development, despite enduring interdependencies in key sectors. While semiconductor and 5G decoupling advances, shared reliance persists in AI, cloud computing, and components. This duality complicates strategic choices. Each power must navigate between tech independence and global innovation access, accelerating cyber-nationalism and deepening digital polarization. Huawei’s Harmony OS and U.S. bans on Chinese semiconductors are clear signs of a growing digital decoupling that could redefine global tech ecosystems.

In this climate of intensifying threats and systemic interdependence, states are turning to cyber sovereignty strategies to secure critical infrastructure and reduce exposure to foreign interference. This forms part of a broader reconfiguration of global digital order, where control over data and information flows becomes a strategic lever.

International bodies such as NATO and the EU are gradually adapting. The EU’s Cyber Rapid Response Teams (CRRTs) and NATO’s adoption of offensive cyber doctrines signal a growing intent to pool resources and establish collective response mechanisms. Thus, China exemplifies the sovereigntist approach: its Great Firewall symbolizes a strategy combining national infrastructure protection, strict data regulation, and bolstered cyber-offensive capabilities.

From Code to Context: Redefining Cyberwarfare

Cyberwarfare is no longer about code but about context. Victory lies in merging civilian neural networks, predictive algorithms, and bio-neural systems, where every smartphone becomes a sensor and every hacktivist a cognitive disruptor. Tomorrow’s cyber defense rests on algorithmic sovereignty: an ecosystem where tactical metaverses, morphic AI drones, and quantum blockchains redefine resilience. In addition, Ukraine has shown that the future belongs to those who break hierarchies to build combat bio-networks—info-centric systems powered by quantum geolocation and operational proliferation of cyber volunteers. In this borderless arena, victory is won not by hacking machines but by hacking perceptions, hybridizing human agency, generative AI, and legal ambiguity.

Furthermore, cybersecurity is no longer a static defense line but a fractal weapon with evolutionary capabilities, where every intrusion becomes a counter-weapon and every psychokinetic attack an information battleground. That’s to say, this next-gen cyber architecture is based on adaptive algorithmic systems capable of dynamic reconfiguration in the face of ever-mutating threats. Its strength lies in an advanced synergy of AI, quantum cryptography, and autonomous protocols—modular, decentralized, and self-replicating systems that respond proportionately to the intensity and nature of cyberattacks. In a world shaped by asymmetry and uncertainty, this model grants states algorithmic superiority, shaping tomorrow’s deterrence and digital resilience.

Therefore, in the face of this accelerating tech revolution, global AI governance is no longer optional—it’s an existential necessity. Without robust legal frameworks and multilateral oversight, the world risks plunging into a digital arms race defined by opacity, irresponsibility, and strategic instability. It is no longer about regulating innovation; it is about preserving global balance in a world where the boundaries between war and peace, civil and military, and human and machine are increasingly blurred. Namely, an international architecture of trust and transparency is essential to prevent AI from becoming the unaccountable arbiter of tomorrow’s conflicts.

Disruption Scenario: Toward Unchecked Algorithmic Warfare

By 2032, the lack of international regulation on military AI triggers an uncontrolled rise of autonomous weapons and AI-powered cyber capabilities. Amid mounting tensions between the West and the Sino-Russian bloc, the race for AI military supremacy enters a tipping point. China, after scaling up AI militarization with Central Asian partners, unleashes targeted cyberattacks against European logistics and energy systems, paralyzing large parts of the continent. Simultaneously, autonomous drone swarms developed under a Sino-Russian program infiltrate NATO airspace disguised as meteorological probes.

Behind the scenes, Russia orchestrates a massive cognitive warfare operation using generative AI trained to manipulate Western public opinion. Deepfakes, forged documents, and fake military orders—Europe’s political systems are plunged into information chaos. In several capitals, key decisions are based on alerts fabricated by hostile AI. Thus, a devastating strike then hits a NATO logistics hub in the Baltic Sea, causing significant casualties. No state claims responsibility, but suspicion falls on Russia. Western attribution systems, despite being AI-enhanced, are circumvented by adversarial AI obfuscation networks. Indeed, caught in a spiral of disinformation and decision paralysis, a NATO member launches a massive cyber counterattack on Russian civilian infrastructure. Moscow retaliates with a hybrid strike combining autonomous weapons, electronic warfare, and satellite disruption. Within a week, a high-intensity hybrid conflict erupts regionally, with immediate nuclear escalation risk. Traditional command chains are disabled, decisions are made under AI pressure, and human agency vanishes. Strategic equilibrium, once upheld by nuclear deterrence and diplomacy, collapses under the weight of self-evolving, autonomous algorithms.

Moreover, conflicts no longer begin with declarations of war: they emerge, self-perpetuate, and unfold in an algorithmic fog where the line between peace and hostility vanishes. Humanity then realizes that, in failing to regulate, it has surrendered control to hostile, elusive, and autonomous intelligences.

Coding Sovereignty in the Algorithmic Fog

The future of cybersecurity lies in the ability of states to reconcile innovation, regulation, and strategic cooperation. The implementation of robust cyber doctrines, blending deterrence, algorithmic resilience, and control over critical infrastructure, will be key to preserving national sovereignty and global stability. That is to say, in the age of information supremacy, building cyber coalitions, massively investing in sovereign digital infrastructures, and establishing binding international norms are essential to secure peace and security. Cybersecurity is no longer a defensive tool; it is a core pillar of state power.

This indicates that cyberwar is no longer a future scenario; it is a strategic reality where supremacy depends on integrating offensive and defensive capabilities into a deterrent cyber ecosystem. The convergence of cyber intelligence, algorithmic resilience, and anticipatory response is reshaping defense doctrines, establishing a digital sovereignty rooted in system self-learning, cognitive warfare, and adversary vulnerability exploitation.

Finally, in this asymmetrical theatre, mastery over critical infrastructure and the ability to conduct hybrid operations will determine the balance of power in a cyberspace that has become the epicenter of global strategic rivalries. In the algorithmic fog of tomorrow’s wars, sovereignty is no longer declared, but it is coded, learned, and defended with every line of data.

Italy severs links with Paragon spyware after allegations of targeting critics and migrant rescuers spark outrage.

Italy has terminated its contracts with Israeli spyware company Paragon, after revelations that the surveillance technology was used against critics of the government – including journalists and migrant rescue workers – prompted political uproar and calls for a full investigation.

The move was confirmed in a parliamentary report released on Monday by the intelligence oversight committee COPASIR, which found that Italy’s intelligence services had initially paused, then cancelled their use of Paragon’s spyware.

The timeline of the contract’s end remains unclear, especially since Prime Minister Giorgia Meloni’s government had told parliament in February that the deal was still active.

Both the Italian government and Paragon confirmed the termination, but offered diverging narratives.

The controversy has provoked condemnation from opposition parties and media freedom advocates. Italy’s journalists’ union, FNSI, urged prosecutors to determine whether state surveillance laws were broken.

Paragon’s software was allegedly used to target individuals in Italy, including a journalist and members of the migrant rescue organisation Mediterranea, which has frequently criticised Meloni’s right-wing government.

Meta-owned WhatsApp revealed in January that the spyware had been deployed against dozens of users globally — including some in Italy.

Italian government denies illegality

The government has admitted that seven Italians were targeted, but maintains that any surveillance was lawful and overseen by a public prosecutor. It denied engaging in illicit spying and said it had tasked the National Cybersecurity Agency with reviewing the matter.

One of those allegedly targeted, Francesco Cancellato, editor of investigative outlet Fanpage, had claimed to the Reuters news agency and others that he was placed under surveillance.

But COPASIR said it found no evidence supporting the claim. Paragon, in a statement to Fanpage, said it halted services to Italy once Cancellato’s case came to light and claimed the Italian government refused a joint probe into the matter.

Meloni’s office has declined to comment. Meanwhile, opposition lawmakers are demanding that the government explain its role in parliament.

The report also revealed that Italy’s intelligence services had authorised the use of Paragon’s spyware in 2023 and 2024 to monitor a small number of individuals in connection with criminal investigations, including suspected “terrorism”, people smuggling and espionage.

COPASIR defended the surveillance of Mediterranea members Luca Casarini and Beppe Caccia, saying it was not due to their activism but their suspected links to irregular migration. The spyware’s use on them was approved by Undersecretary Alfredo Mantovano, Meloni’s top intelligence adviser, on September 5, 2024.

Mantovano did not respond to requests for comment.

Last month, a Sicilian court ordered Casarini, Caccia and four others to stand trial for allegedly aiding irregular immigration – a case widely seen as a test of Italy’s approach to migrant rescues. All deny the charges.

Michael Valentino Teofrasto Carturan was renting a luxury New York townhouse for $40,000 a month, enjoying the fruits of his highly lucrative investments in cryptocurrency. But in May, his 17-room Manhattan home became a torture chamber in which he was held by kidnappers for 17 days.

Carturan’s captors, John Woeltz and William Duplessie, who wanted access to his cryptocurrency accounts, used brutal methods in their bid to prise open Carturan’s Bitcoin wallet, purportedly containing some $28m worth of cryptocurrency. Among other torture methods, they hung him from the building’s roof, shocked him with electrical wires and threatened him with a chainsaw.

When all else failed, they forced him to smoke crack cocaine. Ultimately, they were unsuccessful. After more than two gruelling weeks, Carturan managed to escape the townhouse and Woeltz and Duplessie were subsequently arrested and charged with kidnapping and assault.

Carturan’s ordeal was one of the latest in a spate of “wrench attacks”, which include so-called “crypto kidnappings”, combining high-tech cybertheft with old-fashioned thuggery and have been taking place in several countries around the world.

Have arrests for crypto kidnapping attacks been made elsewhere?

Yes. On May 31, 26 people were charged for several attempted kidnappings of a top figure in France’s cryptocurrency world, French prosecutors said.

It was the culmination of a police investigation into an “attempted kidnapping by an organised gang” of the daughter and grandson of the CEO of crypto firm Paymium in Paris on May 13, and “other unsuccessful plans”, a failed attempt on the same targets the day before, and another attempt near the western city of Nantes on June 2.

“Eighteen people have been placed in pre-trial detention, three have requested a deferred hearing, and four have been placed under judicial supervision,” the Paris public prosecutor’s office said, concerning the Paris attack. The suspects are all aged between 16 and 23.

France has been the centre of several attacks on prominent crypto entrepreneurs in recent months. But crypto-linked kidnappings have occurred in other countries, too.

Where else have crypto kidnappings taken place?

In addition to the recent attempted abductions in Paris, a group of criminals kidnapped David Balland, cofounder of the cryptocurrency firm Ledger, and his wife in central France in January.

In a particularly gruesome turn of events, the kidnappers cut off one of Balland’s fingers and sent the video of the mutilation to Ledger. Within two days, however, the French gendarmerie had freed both victims.

Nine suspects are under criminal investigation in that case.

In December 2024, the wife of crypto investor and influencer Stephane Winkel was kidnapped from the couple’s home in Belgium. She was rescued after her kidnapper crashed his car during a dramatic police chase.

Canada and Australia have also witnessed high-profile kidnappings, with crypto executives and traders abducted and forced to pay ransoms ranging from $40,000 to $1m in digital assets.

It is unclear whether the recent spate of crypto kidnappings is connected in any way.

What is cryptocurrency?

Bitcoin, which began trading in January 2009, was the very first cryptocurrency. This form of monetary exchange allows people to bypass central banks and traditional payment methods. It is now a functioning, decentralised monetary system, with hundreds of millions of users worldwide.

Bitcoin was first used in a transaction in 2009, valued at just $0.004 per Bitcoin. Yesterday, Bitcoin’s price closed at nearly $101,576 per Bitcoin – about 53 percent higher than a year ago, and nearly 2.5 trillion percentage points higher than in 2009.

Initially, the digital currency was favoured by internet libertarians who were drawn to the idea that money should be free from government interference. It quickly gained more mainstream popularity, and the price has shot up.

More recently, United States President Donald Trump has taken steps to mint several cryptocurrencies, meaning they would be included in a “Crypto Strategic Reserve”, boosting their price even more in the process.

While cryptocurrency thefts are nothing new, they have historically involved hacking digital accounts holding large sums of the currency. In 2022, for instance, internet thieves stole an estimated $570m from Binance, the world’s largest crypto exchange.

But as Bitcoin and other digital assets continue to climb in value, criminals are shifting their efforts from online hacking to real-world extortion, via kidnappings and torture.

How do criminals target victims in crypto kidnappings?

Victims are not hard to find.

Some crypto tycoons, many of whom are young men, have a habit of flaunting their wealth on social media or by appearing at cryptocurrency conferences, which allows criminals to easily identify targets.

Many have continued to flaunt their wealth in spite of the 2016 Kim Kardashian kidnapping incident. The US reality TV star was tied up in her hotel room in Paris as robbers made off with millions of dollars worth of jewellery. The men – dubbed the “grandpa robbers” because of their ages – were later caught and sentenced to prison by a French court.

That was not a crypto attack, but as more crypto tycoons have appeared, there is little to differentiate them from the fabulously wealthy like the Kardashians.

Even those with large crypto wealth who are more cautious about displaying their wealth on social media and in public have been exposed to criminal activity via data breaches at cryptocurrency exchanges, however.

In May 2025, Coinbase Global announced that hackers had managed to obtain personal information, including the home addresses of almost 70,000 customers in the previous few months, putting thousands at risk of attack or extortion.

Besides hacking the accounts of crypto millionaires for this sort of information, criminals have also bribed insiders at crypto exchanges for customer data. This information is then used to select and find high-value targets for kidnappings or home invasions.

Why are crypto kidnappings on the rise?

It is easier to steal money from a digital wallet than from a traditional bank account, and kidnapping is one way to do this.

Attackers simply need to gain access to someone’s cryptocurrency account password, as there’s no third-party financial institution to protect the funds held in the digital wallet.

Transactions on an open-ledger blockchain – the technology which facilitates cryptocurrencies – are also permanent, meaning transactions are irreversible.

And, unlike cash, jewellery and gold, thieves don’t need to carry away the stolen cryptocurrency with them. With a few clicks, money can simply be moved from one account to another.

Furthermore, cryptocurrency’s ability to skirt traditional law enforcement also means it is much easier to launder, making it popular with internet-based drug dealers.

Therefore, if criminals can force a victim to give up their account, they can gain immediate access to vast wealth – hence the rise in physical attacks and kidnappings.

Can you get insurance against a crypto kidnapping?

Yes, you can. At least three insurance companies which provide services for cryptocurrency investors are in the process of designing policies specifically for abductions, called kidnap and ransom (K&R) policies, according to a report by NBC News.

Becca Rubenfeld, chief operating officer at AnchorWatch – a crypto insurance firm aiming to launch K&R protection later this year – said that fear of violence was a key talking point at this year’s annual Las Vegas Bitcoin Conference, in May.

“They’re [cryptocurrency holders are] tense,” Rubenfeld told NBC. “I’m not saying that because I’m trying to sell insurance, but overall, the mood is a very good environment for me.”

Kidnapping and ransom insurance is not uncommon for high-profile corporate executives.

What else are crypto investors doing to stay safe?

Elsewhere, security experts are urging investors to avoid sharing details of their crypto holdings online, even with friends, and to use pseudonyms and new digital wallet addresses for each transaction.

Increasingly, crypto traders are avoiding making social media posts with geotagged photos, especially any that show themselves with luxury items, or revealing their travel plans.

Bokeo province, Laos – Khobby was living in Dubai last year when he received an intriguing message about a well-paying job working online in a far-flung corner of Southeast Asia.

The salary was good, he was told. He would be working on computers in an office.

The company would even foot the bill for his relocation to join the firm in Laos – a country of 7.6 million people nestled between China, Thailand, Cambodia, Vietnam and Myanmar.

With the company paying for his flights, Khobby decided to take the plunge.

But his landing in Laos was anything but smooth.

Khobby discovered that the promised dream job was rapidly becoming a nightmare when his Ghanaian passport was taken on arrival by his new employers.

With his passport confiscated and threats of physical harm ever present, he endured months working inside a compound which he could not leave.

The 21-year-old had become the latest victim of booming online cyber-scam operations in Southeast Asia – an industry that is believed to have enslaved tens of thousands of workers lured with the promise of decently paid jobs in online sales and the information technology industry.

“When I got there, I saw a lot of Africans in the office, with a lot of phones,” Khobby told Al Jazeera, recounting his arrival in Laos.

“Each person had 10 phones, 15 phones. That was when I realised this was a scamming job,” he said.

The operation Khobby found himself working for was in a remote area in northwest Laos, where a casino city has been carved out of a patch of jungle in the infamous “Golden Triangle” region – the lawless border zone between Myanmar, Laos and Thailand that has long been a centre for global drug production and trafficking.

He said he was forced to work long days and sleep in a dormitory with five other African workers at night during the months he spent at the scam centre in the Golden Triangle Special Economic Zone.

Khobby recounted the original message he received from an acquaintance encouraging him to take the job in Laos.

“My company is hiring new staff”, he said, adding that he was told the salary was $1,200 per month.

“He told me it was data entry.”

Casino city

The Golden Triangle Special Economic Zone (GTSEZ) where Khobby was lured to for work operates as an autonomous territory within Laos.

Leased from Laotian authorities by Chinese national Zhao Wei, whom the US government has designated the leader of a transnational criminal organisation, life in the GTSEZ is monitored by a myriad of security cameras and protected by its own private security force.

Clocks are set to Beijing time. Signage is predominantly in Chinese, and China’s yuan is the dominant and preferred currency.

Central to the GTSEZ city-state is Zhao Wei’s Kings Romans casino, which the United States Treasury also described as a hub for criminal activity such as money laundering, narcotics and wildlife trafficking.

During a recent visit to the zone by Al Jazeera, Rolls Royce limousines ferried gamblers to some of the city’s casinos while workers toiled on the construction of an elaborate and expansive Venice-style waterway just a stone’s throw from the Mekong river.

While luxury construction projects – including the recently completed Bokeo International Airport – speak to the vast amounts of money flowing through this mini casino city, it is inside the grey, nondescript tower blocks dotted around the economic zone where the lucrative online scam trade occurs.

Within these tower blocks, thousands of trafficked workers from all over the world – just like Khobby – are reported to spend up to 17 hours a day working online to dupe unsuspecting “clients” into parting with their money.

The online swindles are as varied as investing money in fake business portfolios to paying false tax bills that appear very real and from trading phoney cryptocurrency to being caught in online romance traps.

Anti-trafficking experts say most of the workers are deceived into leaving their home countries – such are nearby China, Thailand and Indonesia or as far away as Nigeria, Ghana, Uganda and Ethiopia – with the promise of decent salaries.

Online ‘butchering’

Khobby told how his “data entry” job was, in fact, a scam known in the cybercrime underworld as “pig butchering”.

This is where victims are identified, cold-called or messaged directly by phone in a bid to establish a relationship. Trust is built up over time to the point where an initial investment is made by the intended victim. This can be, at first, a small amount of the victim’s money or emotions in the case of fake online relationships.

There are small rewards on the investments, Khobby explained, telling how those in the industry refer to their victims as pigs who are being “fattened” by trust built up with the scammers.

That fattening continues until a substantial monetary investment is made in whatever scam the victim has become part of. Then they are swiftly “butchered”, which is when the scammers get away with the ill-gotten gains taken from their victims.

Once the butchering is done, all communications are cut with the victims and the scammers disappear without leaving a digital trace.

According to experts, cyber-scamming inside the GTSEZ boomed during the 2019 and 2020 COVID lockdowns when restrictions on travel meant international visitors could not access the Kings Romans casino.

In the years since, the cyber-scam industry has burgeoned, physically transcended borders to become one of the dominant profit-making illicit activities in the region, not only in the GTSEZ in Laos but also in neighbouring Cambodia and in conflict-ridden Myanmar.

Though not as elaborate as the GTSEZ, purpose-built cyber-scam “compounds” have proliferated in Myanmar’s border areas with Thailand.

The Center for Strategic and International Studies estimates that cyber-scamming in Southeast Asia generates tens of billions annually, while the United States Institute of Peace equates the threat to that of the destructive fentanyl trade.

“Cyber-scam operations have significantly benefitted from developments in the fintech industry, including cryptocurrencies, with apps being directly developed for use at [cyber-scam] compounds to launder money,” said Kristina Amerhauser, of the Global Initiative against Transnational Organized Crime.

“Victims and perpetrators are spread across different countries, money is laundered offshore, operations are global,” Amerhauser told Al Jazeera, explaining that the sophisticated technology used in cyber-scamming, along with its international reach, has made it extremely difficult to combat.

Complicit victims?

About 260 trafficked scam-centre workers were recently rescued in a cross-border operation between Thailand and Myanmar. Yet, even in rare instances such as this when trafficked workers are freed, they still face complications due to their visa status and their own potential complicity in criminal activity.

Khobby – who is now back in Dubai – told Al Jazeera that while he was coerced into working in the GTSEZ, he did actually receive the promised $1,200 monthly salary, and he had even signed a six-month “contract” with the Chinese bosses who ran the operation.

Richard Horsey, International Crisis Group’s senior adviser on Myanmar, said Khobby’s experience reflected a changing trend in recruitment by the criminal organisations running the scam centres.

“Some of the more sophisticated gangs are getting out of the human trafficking game and starting to trick workers to come,” Horsey said.

“People don’t like to answer an advert for criminal scamming, and it’s hard to advertise that. But once they’re there, it’s like – actually, we will pay you. We may have taken your passport, but there is a route to quite a lucrative opportunity here and we will give you a small part of that,” he said.

The issue of salaries paid to coerced and enslaved workers complicates efforts to repatriate trafficking victims, who may be considered complicit criminals due to their status as “paid” workers in the scam centres, said Eric Heintz, from the US-based anti-trafficking organisation International Justice Mission (IJM).

“We know of individuals being paid for the first few months they were inside, but then it tapers off to the point where they are making little – if any – money,” Heintz said, describing how victims become “trapped in this cycle of abuse unable to leave the compound”.

“This specific aspect was a challenge early on with the victim identity process – when an official would ask if an individual previously in the scam compound was paid, the victim would answer that initially he or she was. That was enough for some officials to not identify them as victims,” Heintz said.

Some workers have also been sold between criminal organisations and moved across borders to other scam centres, he said.

“We have heard of people being moved from a compound in one country to one in another – for example from Myawaddy to the GTSEZ or Cambodia and vice versa,” he said.

Khobby said many of the workers in his “office” had already had experience with scamming in other compounds and in other countries.

“Most of them had experience. They knew the job already,” he said.

“This job is going on in a lot of places – Thailand, Laos, Myanmar. They were OK because they got paid. They had experience and they knew what they were doing,” he added.

‘What are we here for? Money!’

High-school graduate Jojo said she was working as a maid in Kampala, Uganda, when she received a message on the Telegram messaging app about an opportunity in Asia that involved being sponsored to do computer studies as part of a job in IT.

“I was so excited,” Jojo recounted, “I told my mum about the offer.”

Jojo told how she was sent an airline ticket, and described how multiple people met her along the way as she journeyed from Kampala to Laos. Eventually Jojo arrived in the same scam operation as Khobby.

She described an atmosphere similar to a fast-paced sales centre, with Chinese bosses shouting encouragement when a victim had been ‘butchered’ and their money stolen, telling how she witnessed people scammed for as much as $200,000.

“They would shout a lot, in Chinese – ‘What are we here for? Money!’”

On top of adrenaline, the scam operation also ran on fear, Jojo said.

Workers were beaten if they did not meet targets for swindling money. Mostly locked inside the building where she worked and lived; Jojo said she was only able to leave the scam operation once in the four months she was in the GTSEZ, and that was to attend a local hospital after falling ill.

Fear of the Chinese bosses who ran the operation not only permeated their workstations but in the dormitory where they slept.

“They told us ‘Whatever happens in the room, we are listening’,” she said, also telling how her co-workers were beaten when they failed to meet targets.

“They stopped them from working. They stopped them from coming to get food. They were not getting results. They were not bringing in the money they wanted. So they saw them as useless,” she said.

“They were torturing them every day.”

Khobby and Jojo said they were moved to act in case it was their turn next.

When they organised a strike to demand better treatment, their bosses brought in Laotian police and several of the strikers – including Jojo and Khobby – were taken to a police station where they were told they were sacked.

They were also told they would not be paid what was owed in wages and their overseers refused to give their passports back.

Khobby said he was left stranded without a passport and the police refused to help.

“This is not about only the Chinese people,” Khobby said. “Even in Vientiane, they have immigration offices who are involved. They are the ones giving the visas. When I got to Laos, it was the immigration officer who was waiting for me. I didn’t even fill out any form,” he said.

With help from the Ghanaian embassy, Khobby and Jojo were eventually able to retrieve their passports, and with assistance from family and friends, they returned home.

The IJM’s Heintz, said that target countries for scammer recruitment – such as those in Africa – need better awareness of the dangers of trafficking.

“There needs to be better awareness at the source country level of the dangers associated with these jobs,” he said.

Reflecting on what led him to work up the courage to lead a strike in the scam centre, Khobby considered his childhood back in Ghana.

“I was a boy who was raised in a police station. My grandpa was a police commander. So in that aspect, I’m very bold, I have that courage. I like giving things a try and I like taking risks,” he said.

Jojo told Al Jazeera how she continues to chat online with friends who are still trapped in scam centres in Laos, and who have told her that new recruits arrive each day in the GTSEZ.

Her friends want to get out of the scam business and the economic zone in Laos. But it is not so easy to leave, Jojo said.

“They don’t have their passports,” she said.