{"id":992323,"date":"2025-11-03T00:45:19","date_gmt":"2025-11-02T21:45:19","guid":{"rendered":"https:\/\/gpss.ro\/threat-intelligence\/cyber-brief-25-06-may-2025\/"},"modified":"2025-11-03T00:45:19","modified_gmt":"2025-11-02T21:45:19","slug":"cyber-brief-25-06-may-2025","status":"publish","type":"threat_intelligence","link":"https:\/\/delve.ro\/ro\/threat-intelligence\/cyber-brief-25-06-may-2025\/","title":{"rendered":"Cyber Brief 25-06 &#8211; May 2025"},"content":{"rendered":"\n        <div class=\"gpss-language-switcher\" style=\"margin-bottom: 20px; padding: 15px; background: #f0f9ff; border-left: 4px solid #3b82f6; border-radius: 8px;\">\n            <div style=\"display: flex; align-items: center; justify-content: space-between; flex-wrap: wrap; gap: 10px;\">\n                <div style=\"display: flex; align-items: center; gap: 10px;\">\n                    <span style=\"font-weight: 600; color: #1e40af;\">\ud83c\udf0d Limb\u0103 \/ Language:<\/span>\n                    <button onclick=\"switchLanguage('en')\" id=\"btn-lang-en\" class=\"lang-btn lang-btn-active\" style=\"padding: 8px 16px; background: #3b82f6; color: white; border: none; border-radius: 6px; cursor: pointer; font-weight: 600; transition: all 0.3s;\">\n                        \ud83c\uddec\ud83c\udde7 English (Original)\n                    <\/button>\n                    <button onclick=\"switchLanguage('ro')\" id=\"btn-lang-ro\" class=\"lang-btn\" style=\"padding: 8px 16px; background: #e5e7eb; color: #374151; border: none; border-radius: 6px; cursor: pointer; font-weight: 600; transition: all 0.3s;\">\n                        \ud83c\uddf7\ud83c\uddf4 Rom\u00e2n\u0103\n                    <\/button>\n                <\/div>\n                <small style=\"color: #6b7280; font-style: italic;\">Traducere automat\u0103 \/ Automatic translation<\/small>\n            <\/div>\n        <\/div>\n\n        <div id=\"content-en\" class=\"lang-content\" style=\"display: block;\">\n            <div class=\"article-content\"><h2 id=\"cyber-brief-may-2025\">Cyber Brief (May 2025)<\/h2><p>June 3, 2025 - Version: 1<\/p><p class=\"tlp-type clear\">TLP:CLEAR<\/p><h2 id=\"executive-summary\">Executive summary<\/h2><ul><li><p>We analysed 328 open source reports for this Cyber Brief<sup class=\"footnote-ref\" id=\"fnref-1\"><a href=\"#fn-1\">1<\/a><\/sup>.<\/p><\/li><li><p>Relating to <strong>cyber policy and law enforcement<\/strong>, in Europe, seven EU Member States called out Russian GRU activity, while the Council of the EU sanctioned entities responsible for Russia\u2019s destabilising actions abroad. The Council of the EU and the Czech Republic condemned China-linked malicious cyber activity. Elsewhere, Iran intensified its collaboration with China on AI, Vietnam banned Telegram, in Moscow foreign visitors will reportedly soon be obliged to install a smartphone app which tracks them and NSO Group was ordered to pay over 167\u202fmillion US dollars to WhatsApp over Pegasus hacking. <\/p><\/li><li><p>On the <strong>cyberespionage<\/strong> front, in Europe, a Russia-linked actor targeted entities and individuals linked to Ukraine and linked to the European defence sector, and Iran-linked actors imitated a German private entity. Elsewhere, Chinese cyberespionage intruded the Guatemalan Foreign Ministry and hidden communication devices were found in Chinese-made solar inverters, while a Pakistani actor spoofed India's Ministry of Defence. <\/p><\/li><li><p>Relating to <strong>cybercrime<\/strong>, in Europe, AutoIt-compiled droppers were sighted targeting the Netherlands and Hungary, while a wave of Clickfix abuse targeted a range of Portuguese sectors.<\/p><\/li><li><p>There were <strong>disruptive and destructive<\/strong> attacks in the form of DDoS attacks in response to military support from EU Member States to Ukraine and the Romanian government during its election. Researchers uncovered a destructive supply-chain attack involving three malicious Go modules hid destructive code within seemingly legitimate packages. <\/p><\/li><li><p>As regards <strong>data exposure and leaks<\/strong> incidents, xAI Dev leaked an API Key for Private SpaceX and Tesla LLMs, meanwhile a South Korean telecom breach led to unauthorised access to the data of 26.5 million users.<\/p><\/li><li><p>Relating to <strong>information operations<\/strong>, in Europe, influence operations targeted social media to influence narratives around elections in Poland and Portugal and to discredit European leaders ahead of Ukraine peace talks in Turkey.<\/p><\/li><li><p>In this Cyber Brief we have included notable vulnerabilities exploited opportunistically in May 2025.<\/p><\/li><\/ul><h2 id=\"europe\">Europe<\/h2><h3 id=\"cyber-policy-and-law-enforcement\">Cyber policy and law enforcement<\/h3><p><strong>Several EU countries participate in joint advisory related to Russia-linked APT28<\/strong><br> On May 21, the governments of seven EU Member States and allied countries issued a joint advisory related to activity from the Russian General Staff Main Intelligence Directorate (GRU) which targeted Western logistics entities and technology companies. The activity included APT28 conducting cyberespionage activity repeatedly towards logistics entities and IT companies since 2022. <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Cyber-Security\/GRU_Western_Logistics.pdf?__blob=publicationFile&v=3\">link<\/a> <\/p><p><strong>The Council of the EU imposes sanctions towards Stark Industries web hosting service<\/strong><br> On May 20, the Council of the European Union imposed additional restrictive measures against 21 individuals and six entities responsible for Russia\u2019s destabilising actions abroad. These include Stark Industries, a web hosting service that has been affiliated with several Russia-linked threat actors. <code>russia<\/code> <code>sanctions<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.consilium.europa.eu\/en\/press\/press-releases\/2025\/05\/20\/russian-hybrid-threats-eu-lists-further-21-individuals-and-6-entities-and-introduces-sectoral-measures-in-response-to-destabilising-activities-against-the-eu-its-member-states-and-international-partners\/\">link<\/a> <\/p><p><strong>Czechia attributes cyberespionage to China-linked APT31<\/strong><br> On May 28, the Czech government publicly attributed a prolonged cyberespionage campaign targeting its Ministry of Foreign Affairs to the China-linked group APT31. The attacks, ongoing since 2022, affected an unclassified network designated as critical infrastructure. The High Representative on behalf of the European Union strongly condemned the malicious cyber activities. <code>china<\/code> <code>diplomacy<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/mzv.gov.cz\/jnp\/en\/issues_and_press\/press_releases\/statement_by_the_government_of_the_czech.html\">link<\/a> <\/p><p><strong>Dutch government passes law aimed at cyberespionage<\/strong><br> On May 15, the Dutch government approved legislation that extends existing espionage laws to include cyberespionage. The Dutch government took the measure to protect national security, the security of people, critical infrastructure and technology. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.nctv.nl\/actueel\/nieuws\/2025\/05\/15\/vanaf-15-mei-meer-vormen-van-spionage-strafbaar\">link<\/a> <\/p><p><strong>Ireland fined TikTok over unlawful data transfer to China<\/strong><br> On May 2, the Irish Data Protection Commission (DPC) fined TikTok 530 million euro for breaching GDPR by transferring user data to China without ensuring adequate protection and by failing to inform users transparently. The DPC ordered TikTok to comply within six months or face suspension of transfers, following inaccurate disclosures and violations between July 2020 and December 2022. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.dataprotection.ie\/en\/news-media\/latest-news\/irish-data-protection-commission-fines-tiktok-eu530-million-and-orders-corrective-measures-following\">link<\/a> <\/p><p><strong>Moldovan and Dutch authorities arrest suspect cybercriminal related to DopperPaymer ransomware<\/strong><br> On May 12, Moldovan authorities announced the arrest of an individual suspected to be linked to DopperPaymer ransomware attacks that targeted Dutch organisations in 2021. The operation was led jointly with Dutch law enforcement. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/politia.md\/ro\/content\/cetatean-strain-aflat-cautare-internationala-pentru-comiterea-infractiunilor-cibernetice\">link<\/a> <\/p><h3 id=\"cyberespionage-prepositioning\">Cyberespionage &amp; prepositioning<\/h3><p><strong>Google exposes ColdRiver\u2019s new cyberespionage malware strain<\/strong><br> On May 7, Google Cloud reported that Russia-linked Coldriver deployed a new malware named Lostkeys. The malware is designed to steal files and system data from government advisors, NGOs, journalists, and individuals linked to Ukraine. Delivered via fake CAPTCHA pages prompting users to run PowerShell scripts, Lostkeys represents an evolution in Coldriver\u2019s espionage tactics. <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/coldriver-steal-documents-western-targets-ngos?hl=en\">link<\/a> <\/p><p><strong>Laundry Bear, a new Russia-linked threat actor, conducts cyberespionage activity towards governmental entities in the EU<\/strong><br> On May 27, Microsoft and the Dutch government reported on Russia-linked Laundry Bear who reportedly has conducted cyberespionage operations since at least April 2024. In September 2024, Laundry Bear breached the Dutch police, exfiltrating contact data using stolen session cookies. In an April 2025 spearphishing campaign, Laundry Bear targeted individuals involved in the European defence sector. <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/05\/27\/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage\/\">link<\/a> <\/p><p><strong>Iranian APT group poses as German modeling agency<\/strong><br> On May 7, Palo Alto reported that Iranian cyber actors, linked with low confidence to APT35, created a fake website mimicking a German modeling agency. The site collected visitor data via obfuscated JavaScript and featured a fictitious model profile. <code>iran<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/unit42.paloaltonetworks.com\/iranian-attackers-impersonate-model-agency\/\">link<\/a> <\/p><p><strong>Apple warns users of spyware targeting<\/strong><br> On April 29, Apple notified users in 100 countries that they may have been targeted with government spyware, including an Italian journalist and a Dutch activist. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/techcrunch.com\/2025\/04\/30\/apple-notifies-new-victims-of-spyware-attacks-across-the-world\/\">link<\/a> <\/p><h3 id=\"cybercrime\">Cybercrime<\/h3><p><strong>Threat actor used AutoIt-based DarkCloud Stealer in targeted phishing attack<\/strong><br> On May 14, Palo Alto Networks reported about campaigns using phishing e-mails and AutoIt-compiled droppers to target government and tech sectors. The malware steals credentials and browser data, with samples seen in the US, Brazil, the Netherlands, and Hungary. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/unit42.paloaltonetworks.com\/darkcloud-stealer-and-obfuscated-autoit-scripting\/\">link<\/a> <\/p><p><strong>ClickFix campaign for data theft<\/strong><br> On May 6, Unit 42 reported that Lampion malware operators targeted the Portuguese governmental, finance, and transport sectors using a new ClickFix technique. Victims were tricked into executing malicious PowerShell commands under the guise of fixing issues. The attack chain involved obfuscated scripts and staged loaders. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/unit42.paloaltonetworks.com\/lampion-malware-clickfix-lures\/\">link<\/a> <\/p><h3 id=\"disruption-destruction\">Disruption &amp; destruction<\/h3><p><strong>Pro-Russia supposed hacktivists target Dutch public organisations with DDoS attacks<\/strong><br> On April 30, NoName057(16), a pro-Russia supposed hacktivist claimed disruptions of Dutch public and private services with DDoS attacks, targeting websites across several provinces and municipalities. The group claimed retribution for military aid to Ukraine. Despite service disruptions, Dutch officials confirmed no internal systems were compromised. <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.ncsc.nl\/actueel\/nieuws\/2025\/04\/30\/lopende-ddos-aanvallen-op-nederlandse-organisaties\">link<\/a> <\/p><p><strong>Pro-Russia supposed hacktivists targeted Romanian websites during Presidential election<\/strong><br> On May 4, NoName057(16), a pro-Russia supposed hacktivist claimed responsibility for DDoS attacks against Romanian websites. These attacks coincided with the first round of Romania's Presidential election rerun. The attacks hit the website of the Romanian Constitutional Court, the main government portal, the Romanian Foreign Ministry site and the websites of four Presidential candidates. <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.politico.eu\/article\/russia-hacker-group-romania-election-day-constitutional-court-vote\/\">link<\/a> <\/p><h3 id=\"information-operations\">Information operations<\/h3><p><strong>Disinformation campaign targeted Portuguese May elections<\/strong><br> On May 19, Cyabra, a company analysing disinformation online, reported on a disinformation campaign targeting the May 18 Portuguese elections. 58% of the accounts commenting on the far-right party Chega's X and threads were fake. Almost half of the accounts commenting on the other two main political parties (PS and PSD) were also fake. The main narratives were to amplify Chega's positions and discredit its opponents. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cnnportugal.iol.pt\/redes-sociais\/chega\/investigacao-sao-falsas-58-das-contas-no-x-que-promovem-o-chega\/20250516\/6826b94fd34e3f0bae9e39ce\">link<\/a> <\/p><p><strong>Russian cyber interference targets Polish elections, warns Minister<\/strong><br> On May 6, the Polish Minister of Digital Affairs reported unprecedented Russian interference in the Presidential elections, involving cyberattacks and disinformation campaigns targeting all political committees. In 2024, over 600.000 incidents were reported, with more than 100.000 addressed by Polish services, marking a 60% year-over-year increase. <code>election<\/code> <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.pap.pl\/aktualnosci\/gawkowski-mierzymy-sie-z-bezprecedensowa-proba-ingerencji-rosji-w-polskie-wybory\">link<\/a> <\/p><p><strong>Warnings of potential foreign interference in Polish Presidential campaign<\/strong><br> On May 14, NASK, a Polish research institute, reported identifying political advertisements on Facebook that may have been financed from abroad. These ads, displayed within Poland, appeared to support one candidate while discrediting others. The involved advertising accounts were reported to Meta, and the Internal Security Agency was notified. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/nask.pl\/aktualnosci\/mozliwa-proba-ingerencji-w-kampanie-wyborcza\">link<\/a> <\/p><p><strong>Pro-Russia actor deployed AI-generated media to discredit European leaders ahead of Istanbul peace talks<\/strong><br> On May 14, EclecticIQ reported that Storm-1516, a pro-Russia actor, orchestrated a campaign using AI-generated media to falsely accuse European leaders of drug use during a diplomatic visit to Kyiv. The operation aimed to erode public trust and undermine European unity before the Istanbul peace talks scheduled for May 15. <code>artificial intelligence<\/code> <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/blog.eclecticiq.com\/storm-1516-deploys-ai-generated-media-to-spread-disinformation-targets-european-leaders-and-influence-istanbul-peace-talks\">link<\/a> <\/p><h2 id=\"world\">World<\/h2><h3 id=\"cyber-policy-and-law-enforcement-2\">Cyber policy and law enforcement<\/h3><p><strong>Moscow to track foreigners via smartphone app<\/strong><br> On May 21, Roskomsvoboda, a Russian digital rights advocacy group, reported that starting September 1, 2025, Moscow and the Moscow region will implement a digital surveillance pilot targeting foreign nationals. Foreigners will be required to submit biometric data, undergo fingerprinting, register their residence, and install a mobile app enabling authorities to track their location. Non-compliance may lead to inclusion in a monitored registry and deportation. <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/roskomsvoboda.org\/en\/post\/spying-on-foreigners-via-smartphone\/\">link<\/a> <\/p><p><strong>Azerbaijan links February 2025 cyberattack on media to Russia<\/strong><br> On May 2, the Chairman of Azerbaijan's Parliamentary Commission on Countering Foreign Interference, revealed that the February 2025 cyberattack on Azerbaijani media was linked to Russia, specifically APT29. He suggested the attack was retaliation for Azerbaijan's closure of the Russian Information and Cultural Center and Sputnik's operations. <code>russia<\/code> <\/p><p><strong>Iran seeks Chinese AI expertise through technology diplomacy<\/strong><br> On May 14, Teheran Tines reported that Iran conducted a series of artificial intelligence\u2013related diplomatic meetings with China, seeking to expand Tehran\u2019s technological relationship with Beijing. <code>artificial intelligence<\/code> <code>china<\/code> <code>iran<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.tehrantimes.com\/news\/512906\/Strengthening-co-op-on-AI-essential-for-future-Chinese-envoy\">link<\/a> <\/p><p><strong>Vietnam bans Telegram over illegal content concerns<\/strong><br> On May 21, Vietnam ordered telecom firms to block Telegram, citing police reports that 68% of its 9600 local channels were used for fraud, drugs, and suspected terrorism. The government accused Telegram of failing to remove illegal content. Telegram said it had responded to legal requests and was surprised by the move. <code>ban<\/code> <code>vietnam<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/sustainability\/society-equity\/vietnam-acts-block-messaging-app-telegram-government-document-seen-by-reuters-2025-05-23\/\">link<\/a> <\/p><p><strong>NSO Group ordered to pay over 167\u202fmillion US dollars to WhatsApp for spyware attack<\/strong><br> On May 6, a US federal jury ordered Israeli spyware firm NSO Group to pay over 167 million US dollars in damages to WhatsApp for a 2019 hacking campaign that targeted more than 1.400 users with Pegasus spyware. <code>psoa<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/techcrunch.com\/2025\/05\/06\/nso-group-must-pay-more-than-167-million-in-damages-to-whatsapp-for-spyware-campaign\/\">link<\/a> <\/p><p><strong>US sanctions disrupt ICC Prosecutor\u2019s work, with Microsoft canceling Khan\u2019s e-mail address<\/strong><br> On May 16, AP News reported that US sanctions on ICC Prosecutor Karim Khan disrupted court operations, including freezing assets and stalling investigations. Microsoft, for example, canceled Khan\u2019s e-mail address, forcing the prosecutor to move to Proton Mail. <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/apnews.com\/article\/icc-trump-sanctions-karim-khan-court-a4b4c02751ab84c09718b1b95cbd5db3\">link<\/a> <\/p><h3 id=\"cyberespionage-prepositioning-2\">Cyberespionage &amp; prepositioning<\/h3><p><strong>US and Guatemala expose Chinese cyberespionage targeting Foreign Ministry<\/strong><br> On April 29, the US Embassy in Guatemala announced that a joint cybersecurity review with the Guatemalan government uncovered that the Ministry of Foreign Affairs' systems had been infiltrated by China-linked APT15. The Guatemalan Foreign Ministry clarified that this breach occurred between September 2022 and February 2025. <code>china<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/gt.usembassy.gov\/es\/estados-unidos-y-guatemala-identifican-amenazas-de-ciberespionaje-vinculadas-a-la-republica-popular-de-china-en-una-revision-conjunta-de-seguridad\/\">link<\/a> <\/p><p><strong>Hidden communication devices in Chinese solar inverters spark US cybersecurity concerns<\/strong><br> On May 14, Reuters reported that US officials found hidden communication devices in Chinese-made solar inverters and batteries, raising fears of potential cyber threats. These components, essential to managing renewable energy flow into power grids, could allow unauthorised remote access. <code>china<\/code> <code>energy<\/code> <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/sustainability\/climate-energy\/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14\/\">link<\/a> <\/p><p><strong>Marbled Dust exploits Output Messenger zero-day to target Kurdish entities<\/strong><br> On May 12, Microsoft Threat Intelligence reported that Marbled Dust, a supposed Turkey-linked actor, exploited a zero-day vulnerability in Output Messenger to gain authenticated access, deploy malware, and exfiltrate data, targeting Kurdish military entities in Iraq. Microsoft disclosed the issue to the developer, who released a patch to address the threat. <code>defence<\/code> <code>turkey<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/05\/12\/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage\/\">link<\/a> <\/p><p><strong>APT36-linked campaign spoofs India's Ministry of Defence portal using ClickFix method<\/strong><br> On May 5, Hunt[.]io reported that Pakistan-linked APT36 mimicked India's Ministry of Defence press release portal to deliver cross-platform malware in March. The fake site used a ClickFix-style method to copy malicious commands to users\u2019 clipboards. The campaign showed hallmarks of APT36, including cloned content, clipboard tactics, and spoofed government subdomains hosted on compromised infrastructure. <code>india<\/code> <code>pakistan<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/hunt.io\/blog\/apt36-clickfix-campaign-indian-ministry-of-defence\">link<\/a> <\/p><h3 id=\"data-exposure-and-leaks\">Data exposure and leaks<\/h3><p><strong>Data broker LexisNexis discloses data breach affecting 364.000 people<\/strong><br> On May 29, LexisNexis Risk Solutions, a US-based data broker, disclosed a breach affecting 364.000 people. The December 2024 breach, detected in April, involved unauthorised access via a compromised GitHub account. Exposed data included names, contact details, social security and driver\u2019s license numbers, and birth dates. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/data-broker-lexisnexis-discloses-data-breach-affecting-364-000-people\/\">link<\/a> <\/p><p><strong>xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs<\/strong><br> On May 1, KrebsOnSecurity reported that an xAI developer inadvertently exposed an API key on GitHub, granting access to over 60 private and unreleased large language models fine-tuned with proprietary data from SpaceX, Tesla, and Twitter\/X. Despite GitGuardian's alert on March 2, the key remained active until April 30, raising concerns over xAI Dev's internal security practices and the potential misuse of sensitive AI models. <code>artificial intelligence<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/krebsonsecurity.com\/2025\/05\/xai-dev-leaks-api-key-for-private-spacex-tesla-llms\/\">link<\/a> <\/p><p><strong>26.5 million users affected by South Korean SK Telecoms breach<\/strong><br> On May 20, SK Telecoms, a leading South Korean mobile network operator, gave additional details about the breach they disclosed in April. The company said that it had been ongoing since at least 2022, and 26.5 million users are affected by the attack, exposing their sensitive data. <code>south korea<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/sk-telecom-says-malware-breach-lasted-3-years-impacted-27-million-numbers\/\">link<\/a> <\/p><h3 id=\"disruption-destruction-2\">Disruption &amp; destruction<\/h3><p><strong>Malicious Go modules deliver disk-wiping payload<\/strong><br> In April, Socket uncovered a destructive supply-chain attack involving three malicious Go modules that used obfuscation to download and run a Linux-targeted disk-wiping script. Exploiting Go\u2019s decentralised ecosystem and namespace ambiguity, the threat actor hid destructive code within seemingly legitimate packages, leading to irreversible data loss and system failure if executed. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/socket.dev\/blog\/wget-to-wipeout-malicious-go-modules-fetch-destructive-payload\">link<\/a> <\/p><h4 id=\"opportunistic\">Opportunistic<\/h4><p><strong>SonicWall flags two VPN vulnerabilities as potentially exploited in active attacks<\/strong><br> On April 30, SonicWall updated advisories for CVE-2023-44221 and CVE-2024-38475, warning that both VPN-related vulnerabilities were potentially being exploited in the wild. CVE-2023-44221 affects the SMA100 SSL-VPN management interface and permits command injection by authenticated users. CVE-2024-38475, impacting Apache mod_rewrite, may enable unauthenticated code execution. Both flaws affect multiple SMA models and are patched in firmware version 10.2.1.14-75sv and later. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/psirt.global.sonicwall.com\/vuln-list\">link<\/a> <\/p><p><strong>Hackers exploit OttoKit WordPress plugin flaw as most sites auto-patched by April 24<\/strong><br> On April 11, a security researcher disclosed a critical vulnerability, CVE-2025-27007, in the OttoKit WordPress plugin that allowed unauthenticated attackers to create rogue admin accounts via its API. Although hackers began exploiting the flaw within 90 minutes of public disclosure, by April 24, most plugin users had been force-updated to a patched version, mitigating the risk for over 100.000 affected sites. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/patchstack.com\/articles\/additional-critical-ottokit-formerly-suretriggers-vulnerability-patched\/\">link<\/a> <\/p><p><strong>Google patches Chrome zero-day enabling OAuth token theft<\/strong><br> On May 15, Google released a security update addressing CVE-2025-4664, a high-severity vulnerability in Chrome\u2019s Loader component. The flaw allows attackers to leak cross-origin data via crafted HTML pages, potentially leading to account takeover by capturing sensitive information like OAuth tokens. Google is aware of reports of exploits existing in the wild. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/chromereleases.googleblog.com\/2025\/05\/stable-channel-update-for-desktop_14.html\">link<\/a> <\/p><p><strong>Malicious NPM packages target Cursor AI on macOS<\/strong><br> On May 7, researchers at Socket, a cybersecurity company, reported that threat actors used three NPM packages aimed at the macOS version of Cursor AI code editor. The packages have been downloaded over 3200 times and are still available online. Once installed, it can be used to steal user credentials, fetch an encrypted payload, overwrite Cursor\u2019s main.js file, and they can maintain persistence by disabling auto-updates. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/socket.dev\/blog\/malicious-npm-packages-hijack-cursor-editor-on-macos\">link<\/a> <\/p><p><strong>Critical Langflow flaw exploited to hack AI app servers<\/strong><br> On May 5, CISA warned of active exploitation of a critical remote code execution flaw (CVE-2025-3248) in Langflow, an open-source tool for building AI workflows using LangChain. Attackers can execute code on servers running vulnerable versions. Widely used in experimental and production AI apps, Langflow is affected before version 1.3.0. Users should update immediately to secure their systems. <code>artificial intelligence<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/critical-langflow-rce-flaw-exploited-to-hack-ai-app-servers\/\">link<\/a> <\/p><p><strong>Chinese threat group linked to SAP NetWeaver exploitation<\/strong><br> On May 8, cybersecurity firm Forescout revealed that a previously known exploitation of a critical SAP NetWeaver vulnerability (CVE-2025-31324) has now been attributed to the Chinese threat group Chaya_004. The group used web shells and backdoors like Supershell in targeted attacks. <code>china<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.forescout.com\/blog\/threat-analysis-sap-vulnerability-exploited-in-the-wild-by-chinese-threat-actor\/\">link<\/a> <\/p><div class=\"footnotes\"><hr><ol><li id=\"fn-1\"><p>Conclusions or attributions made in this document merely reflect what publicly available sources report. They do not reflect our stance.&#160;<a href=\"#fnref-1\" class=\"footnoteBackLink\" title=\"Jump back to footnote 1 in the text.\">&#8617;<\/a><\/p><\/li><\/ol><\/div><\/div>\n        <\/div>\n\n        <div id=\"content-ro\" class=\"lang-content\" style=\"display: none;\">\n            <div class=\"article-content\"><?xml encoding=\"UTF-8\"><h2 id=\"cyber-brief-may-2025\">Cyber &#8203;&#8203;Brief (mai 2025)<\/h2><p>3 iunie 2025 - Versiunea: 1<\/p><p class=\"tlp-type clear\">TLP:CLEAR<\/p><h2 id=\"executive-summary\">Rezumat<\/h2><ul><li><p>Am analizat 328 de rapoarte open source pentru acest Cyber &#8203;&#8203;Brief<sup class=\"footnote-ref\" id=\"fnref-1\"><a href=\"#fn-1\">1<\/a><\/sup>.<\/p><\/li><li><p>Referitor la<strong>politica cibernetic&#259; &#537;i aplicarea legii<\/strong>, &icirc;n Europa, &#537;apte state membre ale UE au anun&#539;at activitatea GRU rus&#259;, &icirc;n timp ce Consiliul UE a sanc&#539;ionat entit&#259;&#539;ile responsabile pentru ac&#539;iunile destabilizatoare ale Rusiei &icirc;n str&#259;in&#259;tate. Consiliul UE &#537;i Republica Ceh&#259; au condamnat activitatea cibernetic&#259; r&#259;u inten&#539;ionat&#259; legat&#259; de China. &Icirc;n alt&#259; parte, Iranul &#537;i-a intensificat colaborarea cu China &icirc;n domeniul inteligen&#539;ei artificiale, Vietnamul a interzis Telegramul, la Moscova, vizitatorii str&#259;ini vor fi obliga&#539;i &icirc;n cur&acirc;nd s&#259; instaleze o aplica&#539;ie pentru smartphone care &icirc;i urm&#259;re&#537;te, iar NSO Group a fost obligat s&#259; pl&#259;teasc&#259; peste 167 de milioane de dolari SUA c&#259;tre WhatsApp din cauza hacking-ului Pegasus.<\/p><\/li><li><p>Pe<strong>ciberspionaj<\/strong>&icirc;n fa&#539;&#259;, &icirc;n Europa, un actor legat de Rusia a vizat entit&#259;&#539;i &#537;i persoane legate de Ucraina &#537;i legate de sectorul european de ap&#259;rare, iar actorii lega&#539;i de Iran au imitat o entitate privat&#259; german&#259;. &Icirc;n alt&#259; parte, spionajul cibernetic chinez a p&#259;truns &icirc;n Ministerul de Externe din Guatemala &#537;i au fost g&#259;site dispozitive de comunicare ascunse &icirc;n invertoarele solare fabricate din China, &icirc;n timp ce un actor pakistanez a falsificat Ministerul Ap&#259;r&#259;rii din India.<\/p><\/li><li><p>Referitor la<strong>criminalitatea cibernetic&#259;<\/strong>, &icirc;n Europa, picuratoarele compilate cu AutoIt au fost observate viz&acirc;nd &#538;&#259;rile de Jos &#537;i Ungaria, &icirc;n timp ce un val de abuzuri Clickfix a vizat o serie de sectoare portugheze.<\/p><\/li><li><p>Au fost<strong>perturbator &#537;i distructiv<\/strong>atacuri sub form&#259; de atacuri DDoS ca r&#259;spuns la sprijinul militar din partea statelor membre ale UE pentru Ucraina &#537;i guvernul rom&acirc;n &icirc;n timpul alegerilor sale. Cercet&#259;torii au descoperit un atac distructiv al lan&#539;ului de aprovizionare care implic&#259; trei module Go r&#259;u inten&#539;ionate care ascundea cod distructiv &icirc;n pachete aparent legitime.<\/p><\/li><li><p>&Icirc;n ceea ce prive&#537;te<strong>expunerea datelor &#537;i scurgerile<\/strong>incidente, xAI Dev a divulgat o cheie API pentru Private SpaceX &#537;i Tesla LLM-uri, &icirc;n timp ce o bre&#537;&#259; de telecomunica&#539;ii din Coreea de Sud a dus la accesul neautorizat la datele a 26,5 milioane de utilizatori.<\/p><\/li><li><p>Referitor la<strong>opera&#539;iuni de informare<\/strong>, &icirc;n Europa, opera&#539;iunile de influen&#539;&#259; au vizat re&#539;elele de socializare pentru a influen&#539;a nara&#539;iunile despre alegerile din Polonia &#537;i Portugalia &#537;i pentru a discredita liderii europeni &icirc;naintea discu&#539;iilor de pace din Ucraina &icirc;n Turcia.<\/p><\/li><li><p>&Icirc;n acest Cyber &#8203;&#8203;Brief am inclus vulnerabilit&#259;&#539;i notabile exploatate oportunist &icirc;n mai 2025.<\/p><\/li><\/ul><h2 id=\"europe\">Europa<\/h2><h3 id=\"cyber-policy-and-law-enforcement\">Politica cibernetic&#259; &#537;i aplicarea legii<\/h3><p><strong>Mai multe &#539;&#259;ri UE particip&#259; la consultarea comun&#259; referitoare la APT28 legat de Rusia<\/strong><br>Pe 21 mai, guvernele a &#537;apte state membre ale UE &#537;i &#539;&#259;ri aliate au emis un aviz comun legat de activitatea Direc&#539;iei principale de informa&#539;ii a Statului Major al Rusiei (GRU), care a vizat entit&#259;&#539;ile de logistic&#259; &#537;i companiile de tehnologie occidentale. Activitatea a inclus APT28 desf&#259;&#537;urarea activit&#259;&#539;ii de spionaj cibernetic &icirc;n mod repetat fa&#539;&#259; de entit&#259;&#539;i de logistic&#259; &#537;i companii IT &icirc;ncep&acirc;nd cu anul 2022.<code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Cyber-Security\/GRU_Western_Logistics.pdf?__blob=publicationFile&amp;v=3\">link<\/a> <\/p><p><strong>Consiliul UE impune sanc&#539;iuni fa&#539;&#259; de serviciul de g&#259;zduire web Stark Industries<\/strong><br>Pe 20 mai, Consiliul Uniunii Europene a impus m&#259;suri restrictive suplimentare &icirc;mpotriva a 21 de persoane &#537;i &#537;ase entit&#259;&#539;i responsabile pentru ac&#539;iunile destabilizatoare ale Rusiei &icirc;n str&#259;in&#259;tate. Acestea includ Stark Industries, un serviciu de g&#259;zduire web care a fost afiliat cu mai mul&#539;i actori de amenin&#539;&#259;ri lega&#539;i de Rusia.<code>rusia<\/code> <code>sanc&#539;iuni<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.consilium.europa.eu\/en\/press\/press-releases\/2025\/05\/20\/russian-hybrid-threats-eu-lists-further-21-individuals-and-6-entities-and-introduces-sectoral-measures-in-response-to-destabilising-activities-against-the-eu-its-member-states-and-international-partners\/\">link<\/a> <\/p><p><strong>Cehia atribuie spionajul cibernetic APT31 legat de China<\/strong><br>Pe 28 mai, guvernul ceh a atribuit public o campanie prelungit&#259; de spionaj cibernetic care vizeaz&#259; Ministerul Afacerilor Externe grupului APT31 legat de China. Atacurile, care au loc din 2022, au afectat o re&#539;ea neclasificat&#259; desemnat&#259; drept infrastructur&#259; critic&#259;. &Icirc;naltul Reprezentant, &icirc;n numele Uniunii Europene, a condamnat ferm activit&#259;&#539;ile cibernetice r&#259;u inten&#539;ionate.<code>China<\/code> <code>diploma&#539;ie<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/mzv.gov.cz\/jnp\/en\/issues_and_press\/press_releases\/statement_by_the_government_of_the_czech.html\">link<\/a> <\/p><p><strong>Guvernul olandez adopt&#259; o lege care vizeaz&#259; spionajul cibernetic<\/strong><br>Pe 15 mai, guvernul olandez a aprobat o legisla&#539;ie care extinde legile existente privind spionajul pentru a include spionajul cibernetic. Guvernul olandez a luat m&#259;sura pentru a proteja securitatea na&#539;ional&#259;, securitatea oamenilor, infrastructura critic&#259; &#537;i tehnologia.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.nctv.nl\/actueel\/nieuws\/2025\/05\/15\/vanaf-15-mei-meer-vormen-van-spionage-strafbaar\">link<\/a> <\/p><p><strong>Irlanda a amendat TikTok pentru transferul ilegal de date c&#259;tre China<\/strong><br>Pe 2 mai, Comisia Irlandez&#259; pentru Protec&#539;ia Datelor (DPC) a amendat TikTok cu 530 de milioane de euro pentru &icirc;nc&#259;lcarea GDPR prin transferul datelor utilizatorilor &icirc;n China f&#259;r&#259; a asigura o protec&#539;ie adecvat&#259; &#537;i prin faptul c&#259; nu a informat utilizatorii &icirc;n mod transparent. DPC a ordonat TikTok s&#259; se conformeze &icirc;n termen de &#537;ase luni sau s&#259; se confrunte cu suspendarea transferurilor, &icirc;n urma unor dezv&#259;luiri inexacte &#537;i &icirc;nc&#259;lc&#259;ri &icirc;ntre iulie 2020 &#537;i decembrie 2022.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.dataprotection.ie\/en\/news-media\/latest-news\/irish-data-protection-commission-fines-tiktok-eu530-million-and-orders-corrective-measures-following\">link<\/a> <\/p><p><strong>Autorit&#259;&#539;ile moldovene&#537;ti &#537;i olandeze au arestat un suspect de infractor cibernetic legat de ransomware-ul DopperPaymer<\/strong><br>Pe 12 mai, autorit&#259;&#539;ile moldovene&#537;ti au anun&#539;at arestarea unui individ suspectat a fi legat de atacurile ransomware DopperPaymer care au vizat organiza&#539;ii olandeze &icirc;n 2021. Opera&#539;iunea a fost condus&#259; &icirc;mpreun&#259; cu for&#539;ele de ordine olandeze.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/politia.md\/ro\/content\/cetatean-strain-aflat-cautare-internationala-pentru-comiterea-infractiunilor-cibernetice\">link<\/a> <\/p><h3 id=\"cyberespionage-prepositioning\">Spionaj cibernetic &#537;i prepozi&#539;ionare<\/h3><p><strong>Google dezv&#259;luie noua tulpin&#259; de malware de spionaj cibernetic ColdRiver<\/strong><br>Pe 7 mai, Google Cloud a raportat c&#259; Coldriver, legat de Rusia, a implementat un nou malware numit Lostkeys. Programul malware este conceput pentru a fura fi&#537;iere &#537;i date de sistem de la consilieri guvernamentali, ONG-uri, jurnali&#537;ti &#537;i persoane legate de Ucraina. Livrat prin intermediul paginilor CAPTCHA false care &icirc;i determin&#259; utilizatorilor s&#259; ruleze scripturi PowerShell, Lostkeys reprezint&#259; o evolu&#539;ie &icirc;n tacticile de spionaj ale Coldriver.<code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/coldriver-steal-documents-western-targets-ngos?hl=en\">link<\/a> <\/p><p><strong>Laundry Bear, un nou actor de amenin&#539;&#259;ri legat de Rusia, desf&#259;&#537;oar&#259; activit&#259;&#539;i de spionaj cibernetic c&#259;tre entit&#259;&#539;i guvernamentale din UE<\/strong><br>Pe 27 mai, Microsoft &#537;i guvernul olandez au raportat despre Laundry Bear, legat de Rusia, care ar fi efectuat opera&#539;iuni de spionaj cibernetic cel pu&#539;in din aprilie 2024. &Icirc;n septembrie 2024, Laundry Bear a &icirc;nc&#259;lcat poli&#539;ia olandez&#259;, exfiltr&acirc;nd datele de contact folosind cookie-uri de sesiune furate. &Icirc;ntr-o campanie de spearphishing din aprilie 2025, Laundry Bear a vizat persoane implicate &icirc;n sectorul european de ap&#259;rare.<code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/05\/27\/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage\/\">link<\/a> <\/p><p><strong>Grupul iranian APT se prezint&#259; drept agen&#539;ie german&#259; de modele<\/strong><br>Pe 7 mai, Palo Alto a raportat c&#259; actorii cibernetici iranieni, lega&#539;i cu o &icirc;ncredere sc&#259;zut&#259; de APT35, au creat un site fals care imit&#259; o agen&#539;ie de modele german&#259;. Site-ul a colectat date despre vizitatori prin JavaScript ofuscat &#537;i a prezentat un profil de model fictiv.<code>iran<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/unit42.paloaltonetworks.com\/iranian-attackers-impersonate-model-agency\/\">link<\/a> <\/p><p><strong>Apple avertizeaz&#259; utilizatorii cu privire la &#539;intirea programelor spion<\/strong><br>Pe 29 aprilie, Apple a notificat utilizatorii din 100 de &#539;&#259;ri c&#259; ar fi putut fi viza&#539;i de programe spion guvernamentale, inclusiv un jurnalist italian &#537;i un activist olandez.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/techcrunch.com\/2025\/04\/30\/apple-notifies-new-victims-of-spyware-attacks-across-the-world\/\">link<\/a> <\/p><h3 id=\"cybercrime\">Crima cibernetic&#259;<\/h3><p><strong>Actorul de amenin&#539;&#259;ri a folosit DarkCloud Stealer bazat pe AutoIt &icirc;n atacuri de phishing &#539;intite<\/strong><br>Pe 14 mai, Palo Alto Networks a raportat despre campanii care utilizeaz&#259; e-mailuri de phishing &#537;i droppers compilate cu AutoIt pentru a viza sectoarele guvernamentale &#537;i tehnologice. Programul malware fur&#259; acredit&#259;rile &#537;i datele browserului, cu mostre v&#259;zute &icirc;n SUA, Brazilia, &#538;&#259;rile de Jos &#537;i Ungaria.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/unit42.paloaltonetworks.com\/darkcloud-stealer-and-obfuscated-autoit-scripting\/\">link<\/a> <\/p><p><strong>Campanie ClickFix pentru furtul de date<\/strong><br>Pe 6 mai, Unitatea 42 a raportat c&#259; operatorii de programe malware Lampion au vizat sectoarele guvernamentale, financiare &#537;i de transport portugheze folosind o nou&#259; tehnic&#259; ClickFix. Victimele au fost p&#259;c&#259;lite s&#259; execute comenzi PowerShell r&#259;u inten&#539;ionate sub pretextul remedierii problemelor. Lan&#539;ul de atac a implicat scripturi ofucate &#537;i &icirc;nc&#259;rc&#259;toare &icirc;n etape.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/unit42.paloaltonetworks.com\/lampion-malware-clickfix-lures\/\">link<\/a> <\/p><h3 id=\"disruption-destruction\">Perturbare &#537;i distrugere<\/h3><p><strong>Se presupune c&#259; hacktivi&#537;ti pro-rusi vizeaz&#259; organiza&#539;iile publice olandeze cu atacuri DDoS<\/strong><br>Pe 30 aprilie, NoName057(16), un presupus hacktivist pro-rus a sus&#539;inut c&#259; au fost &icirc;ntrerupte serviciile publice &#537;i private olandeze prin atacuri DDoS, viz&acirc;nd site-uri din mai multe provincii &#537;i municipalit&#259;&#539;i. Grupul a pretins pedeapsa pentru ajutorul militar acordat Ucrainei. &Icirc;n ciuda &icirc;ntreruperilor de serviciu, oficialii olandezi au confirmat c&#259; niciun sistem intern nu a fost compromis.<code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.ncsc.nl\/actueel\/nieuws\/2025\/04\/30\/lopende-ddos-aanvallen-op-nederlandse-organisaties\">link<\/a> <\/p><p><strong>Presupu&#537;ii hacktivi&#537;ti pro-rusi au vizat site-uri web rom&acirc;ne&#537;ti &icirc;n timpul alegerilor preziden&#539;iale<\/strong><br>Pe 4 mai, NoName057(16), un presupus hacktivist pro-rus &#537;i-a revendicat responsabilitatea pentru atacurile DDoS &icirc;mpotriva site-urilor web din Rom&acirc;nia. Aceste atacuri au coincis cu primul tur al relu&#259;rii alegerilor preziden&#539;iale din Rom&acirc;nia. Atacurile au lovit site-ul Cur&#539;ii Constitu&#539;ionale a Rom&acirc;niei, principalul portal al guvernului, site-ul Ministerului de Externe al Rom&acirc;niei &#537;i site-urile a patru candida&#539;i la Pre&#537;edin&#539;ie.<code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.politico.eu\/article\/russia-hacker-group-romania-election-day-constitutional-court-vote\/\">link<\/a> <\/p><h3 id=\"information-operations\">Opera&#539;iuni de informare<\/h3><p><strong>Campania de dezinformare a vizat alegerile din mai portugheze<\/strong><br>Pe 19 mai, Cyabra, o companie care analizeaz&#259; dezinformarea online, a raportat despre o campanie de dezinformare care vizeaz&#259; alegerile portugheze din 18 mai. 58% dintre conturile care comentau despre X &#537;i firele de discu&#539;ie ale partidului de extrem&#259;-dreapta Chega au fost false. Aproape jum&#259;tate din relat&#259;rile care comentau despre celelalte dou&#259; partide politice principale (PS &#537;i PSD) au fost &#537;i ele false. Nara&#539;iunile principale au fost s&#259; amplifice pozi&#539;iile lui Chega &#537;i s&#259;-i discrediteze adversarii.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cnnportugal.iol.pt\/redes-sociais\/chega\/investigacao-sao-falsas-58-das-contas-no-x-que-promovem-o-chega\/20250516\/6826b94fd34e3f0bae9e39ce\">link<\/a> <\/p><p><strong>Interferen&#539;a cibernetic&#259; a Rusiei vizeaz&#259; alegerile poloneze, avertizeaz&#259; ministrul<\/strong><br>Pe 6 mai, ministrul polonez al afacerilor digitale a raportat o ingerin&#539;&#259; f&#259;r&#259; precedent a Rusiei &icirc;n alegerile preziden&#539;iale, care a implicat atacuri cibernetice &#537;i campanii de dezinformare care vizeaz&#259; toate comitetele politice. &Icirc;n 2024, au fost raportate peste 600.000 de incidente, peste 100.000 fiind abordate de serviciile poloneze, marc&acirc;nd o cre&#537;tere de 60% de la an la an.<code>alegeri<\/code> <code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.pap.pl\/aktualnosci\/gawkowski-mierzymy-sie-z-bezprecedensowa-proba-ingerencji-rosji-w-polskie-wybory\">link<\/a> <\/p><p><strong>Avertismente privind poten&#539;iala interferen&#539;&#259; str&#259;in&#259; &icirc;n campania preziden&#539;ial&#259; polonez&#259;<\/strong><br>Pe 14 mai, NASK, un institut de cercetare polonez, a raportat c&#259; a identificat pe Facebook reclame politice care ar fi putut fi finan&#539;ate din str&#259;in&#259;tate. Aceste reclame, afi&#537;ate &icirc;n Polonia, p&#259;reau s&#259; sprijine un candidat, &icirc;n timp ce i-au discreditat pe al&#539;ii. Conturile de publicitate implicate au fost raportate c&#259;tre Meta, iar Agen&#539;ia de Securitate Intern&#259; a fost sesizat&#259;.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/nask.pl\/aktualnosci\/mozliwa-proba-ingerencji-w-kampanie-wyborcza\">link<\/a> <\/p><p><strong>Un actor pro-rus a desf&#259;&#537;urat mass-media generat&#259; de inteligen&#539;&#259; artificial&#259; pentru a discredita liderii europeni &icirc;naintea discu&#539;iilor de pace de la Istanbul<\/strong><br>Pe 14 mai, EclecticIQ a raportat c&#259; Storm-1516, un actor pro-rus, a orchestrat o campanie folosind mass-media generat&#259; de AI pentru a acuza &icirc;n mod fals liderii europeni de consum de droguri &icirc;n timpul unei vizite diplomatice la Kiev. Opera&#539;iunea a avut ca scop erodarea &icirc;ncrederii publicului &#537;i subminarea unit&#259;&#539;ii europene &icirc;naintea discu&#539;iilor de pace de la Istanbul programate pentru 15 mai.<code>inteligen&#539;&#259; artificial&#259;<\/code> <code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/blog.eclecticiq.com\/storm-1516-deploys-ai-generated-media-to-spread-disinformation-targets-european-leaders-and-influence-istanbul-peace-talks\">link<\/a> <\/p><h2 id=\"world\">Lumea<\/h2><h3 id=\"cyber-policy-and-law-enforcement-2\">Politica cibernetic&#259; &#537;i aplicarea legii<\/h3><p><strong>Moscova va urm&#259;ri str&#259;inii prin aplica&#539;ia pentru smartphone<\/strong><br>Pe 21 mai, Roskomsvoboda, un grup rus de sus&#539;inere a drepturilor digitale, a raportat c&#259;, &icirc;ncep&acirc;nd cu 1 septembrie 2025, Moscova &#537;i regiunea Moscovei vor implementa un pilot de supraveghere digital&#259; care vizeaz&#259; cet&#259;&#539;enii str&#259;ini. Str&#259;inilor li se va cere s&#259; trimit&#259; date biometrice, s&#259; fie supu&#537;i amprentei, s&#259; &icirc;&#537;i &icirc;nregistreze re&#537;edin&#539;a &#537;i s&#259; instaleze o aplica&#539;ie mobil&#259; care s&#259; le permit&#259; autorit&#259;&#539;ilor s&#259; le urm&#259;reasc&#259; loca&#539;ia. Nerespectarea poate duce la includerea &icirc;ntr-un registru monitorizat &#537;i la deportare.<code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/roskomsvoboda.org\/en\/post\/spying-on-foreigners-via-smartphone\/\">link<\/a> <\/p><p><strong>Azerbaidjanul leag&#259; de Rusia atacul cibernetic din februarie 2025 asupra mass-media<\/strong><br>Pe 2 mai, pre&#537;edintele Comisiei parlamentare a Azerbaidjanului pentru combaterea interferen&#539;elor str&#259;ine, a dezv&#259;luit c&#259; atacul cibernetic din februarie 2025 asupra mass-media azer&#259; a fost legat de Rusia, &icirc;n special de APT29. El a sugerat c&#259; atacul a fost o r&#259;zbunare pentru &icirc;nchiderea de c&#259;tre Azerbaidjan a Centrului de Informare &#537;i Cultural al Rusiei &#537;i a opera&#539;iunilor Sputnik.<code>rusia<\/code> <\/p><p><strong>Iranul caut&#259; expertiza chinez&#259; &icirc;n domeniul inteligen&#539;ei artificiale prin diploma&#539;ia tehnologic&#259;<\/strong><br>Pe 14 mai, Teheran Tines a raportat c&#259; Iranul a condus o serie de &icirc;nt&acirc;lniri diplomatice legate de inteligen&#539;a artificial&#259; cu China, &icirc;ncerc&acirc;nd s&#259; extind&#259; rela&#539;ia tehnologic&#259; a Teheranului cu Beijingul.<code>inteligen&#539;&#259; artificial&#259;<\/code> <code>China<\/code> <code>iran<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.tehrantimes.com\/news\/512906\/Strengthening-co-op-on-AI-essential-for-future-Chinese-envoy\">link<\/a> <\/p><p><strong>Vietnamul interzice Telegram din cauza problemelor legate de con&#539;inutul ilegal<\/strong><br>Pe 21 mai, Vietnam a ordonat firmelor de telecomunica&#539;ii s&#259; blocheze Telegram, invoc&acirc;nd rapoarte ale poli&#539;iei conform c&#259;rora 68% din cele 9600 de canale locale au fost folosite pentru fraud&#259;, droguri &#537;i suspecte de terorism. Guvernul a acuzat Telegram c&#259; nu a eliminat con&#539;inutul ilegal. Telegram a spus c&#259; a r&#259;spuns solicit&#259;rilor legale &#537;i a fost surprins&#259; de aceast&#259; mi&#537;care.<code>ban<\/code> <code>vietnam<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/sustainability\/society-equity\/vietnam-acts-block-messaging-app-telegram-government-document-seen-by-reuters-2025-05-23\/\">link<\/a> <\/p><p><strong>Grupul NSO a fost obligat s&#259; pl&#259;teasc&#259; peste 167 de milioane de dolari c&#259;tre WhatsApp pentru atacul cu programe spion<\/strong><br>Pe 6 mai, un juriu federal american a ordonat companiei israeliene de spyware NSO Group s&#259; pl&#259;teasc&#259; daune de peste 167 de milioane de dolari SUA c&#259;tre WhatsApp pentru o campanie de hacking din 2019, care a vizat peste 1.400 de utilizatori cu software spion Pegasus.<code>psoa<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/techcrunch.com\/2025\/05\/06\/nso-group-must-pay-more-than-167-million-in-damages-to-whatsapp-for-spyware-campaign\/\">link<\/a> <\/p><p><strong>Sanc&#539;iunile SUA perturb&#259; activitatea procurorului ICC, Microsoft anul&acirc;nd adresa de e-mail a lui Khan<\/strong><br>Pe 16 mai, AP News a raportat c&#259; sanc&#539;iunile SUA &icirc;mpotriva procurorului ICC Karim Khan au perturbat opera&#539;iunile instan&#539;ei, inclusiv &icirc;nghe&#539;area activelor &#537;i blocarea investiga&#539;iilor. Microsoft, de exemplu, a anulat adresa de e-mail a lui Khan, for&#539;&acirc;nd procurorul s&#259; se mute la Proton Mail.<code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/apnews.com\/article\/icc-trump-sanctions-karim-khan-court-a4b4c02751ab84c09718b1b95cbd5db3\">link<\/a> <\/p><h3 id=\"cyberespionage-prepositioning-2\">Spionaj cibernetic &#537;i prepozi&#539;ionare<\/h3><p><strong>SUA &#537;i Guatemala dezv&#259;luie spionajul cibernetic chinez care vizeaz&#259; Ministerul de Externe<\/strong><br>Pe 29 aprilie, Ambasada SUA din Guatemala a anun&#539;at c&#259; o analiz&#259; comun&#259; a securit&#259;&#539;ii cibernetice cu guvernul guatemalez a descoperit c&#259; sistemele Ministerului Afacerilor Externe au fost infiltrate de APT15 legat de China. Ministerul de Externe din Guatemala a clarificat c&#259; aceast&#259; &icirc;nc&#259;lcare a avut loc &icirc;ntre septembrie 2022 &#537;i februarie 2025.<code>China<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/gt.usembassy.gov\/es\/estados-unidos-y-guatemala-identifican-amenazas-de-ciberespionaje-vinculadas-a-la-republica-popular-de-china-en-una-revision-conjunta-de-seguridad\/\">link<\/a> <\/p><p><strong>Dispozitivele de comunicare ascunse &icirc;n invertoarele solare din China provoac&#259; &icirc;ngrijor&#259;ri de securitate cibernetic&#259; &icirc;n SUA<\/strong><br>Pe 14 mai, Reuters a raportat c&#259; oficialii americani au g&#259;sit dispozitive de comunicare ascunse &icirc;n invertoarele solare &#537;i bateriile fabricate chinezi, st&acirc;rnind temeri de poten&#539;iale amenin&#539;&#259;ri cibernetice. Aceste componente, esen&#539;iale pentru gestionarea fluxului de energie regenerabil&#259; &icirc;n re&#539;elele electrice, ar putea permite accesul neautorizat de la distan&#539;&#259;.<code>China<\/code> <code>energie<\/code> <code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/sustainability\/climate-energy\/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14\/\">link<\/a> <\/p><p><strong>Marbled Dust exploateaz&#259; Output Messenger zero-day pentru a viza entit&#259;&#539;ile kurde<\/strong><br>Pe 12 mai, Microsoft Threat Intelligence a raportat c&#259; Marbled Dust, un presupus actor legat de Turcia, a exploatat o vulnerabilitate zero-day &icirc;n Output Messenger pentru a ob&#539;ine acces autentificat, a implementa malware &#537;i a exfiltra date, viz&acirc;nd entit&#259;&#539;ile militare kurde din Irak. Microsoft a dezv&#259;luit problema dezvoltatorului, care a lansat un patch pentru a aborda amenin&#539;area.<code>ap&#259;rare<\/code> <code>curcan<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/05\/12\/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage\/\">link<\/a> <\/p><p><strong>Campania legat&#259; de APT36 falsific&#259; portalul Ministerului Ap&#259;r&#259;rii din India folosind metoda ClickFix<\/strong><br>Pe 5 mai, Hunt[.]io a raportat c&#259; APT36, legat de Pakistan, a imitat portalul de comunicate de pres&#259; al Ministerului Ap&#259;r&#259;rii din India pentru a furniza malware pe mai multe platforme &icirc;n martie. Site-ul fals a folosit o metod&#259; &icirc;n stil ClickFix pentru a copia comenzi r&#259;u inten&#539;ionate &icirc;n clipboard-urile utilizatorilor. Campania a ar&#259;tat semne distinctive ale APT36, inclusiv con&#539;inut clonat, tactici de clipboard &#537;i subdomenii guvernamentale falsificate g&#259;zduite pe infrastructura compromis&#259;.<code>India<\/code> <code>Pakistan<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/hunt.io\/blog\/apt36-clickfix-campaign-indian-ministry-of-defence\">link<\/a> <\/p><h3 id=\"data-exposure-and-leaks\">Expunerea datelor &#537;i scurgerile<\/h3><p><strong>Brokerul de date LexisNexis dezv&#259;luie &icirc;nc&#259;lcarea datelor care afecteaz&#259; 364.000 de persoane<\/strong><br>Pe 29 mai, LexisNexis Risk Solutions, un broker de date din SUA, a dezv&#259;luit o &icirc;nc&#259;lcare care afecteaz&#259; 364.000 de persoane. &Icirc;nc&#259;lcarea din decembrie 2024, detectat&#259; &icirc;n aprilie, a implicat acces neautorizat printr-un cont GitHub compromis. Datele expuse au inclus nume, detalii de contact, numere de securitate social&#259; &#537;i de permis de conducere &#537;i datele de na&#537;tere.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/data-broker-lexisnexis-discloses-data-breach-affecting-364-000-people\/\">link<\/a> <\/p><p><strong>xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs<\/strong><br>La 1 mai, KrebsOnSecurity a raportat c&#259; un dezvoltator xAI a expus din gre&#537;eal&#259; o cheie API pe GitHub, acord&acirc;nd acces la peste 60 de modele de limb&#259; mari private &#537;i nelansate, ajustate cu date proprietare de la SpaceX, Tesla &#537;i Twitter\/X. &Icirc;n ciuda alertei GitGuardian din 2 martie, cheia a r&#259;mas activ&#259; p&acirc;n&#259; pe 30 aprilie, st&acirc;rnind &icirc;ngrijor&#259;ri cu privire la practicile de securitate intern&#259; ale xAI Dev &#537;i la poten&#539;iala utilizare gre&#537;it&#259; a modelelor sensibile AI.<code>inteligen&#539;&#259; artificial&#259;<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/krebsonsecurity.com\/2025\/05\/xai-dev-leaks-api-key-for-private-spacex-tesla-llms\/\">leg&#259;tur&#259;<\/a> <\/p><p><strong>26,5 milioane de utilizatori afecta&#539;i de &icirc;nc&#259;lcarea SK Telecoms din Coreea de Sud<\/strong><br>Pe 20 mai, SK Telecoms, un important operator de re&#539;ele mobile din Coreea de Sud, a oferit detalii suplimentare despre &icirc;nc&#259;lcarea pe care au dezv&#259;luit-o &icirc;n aprilie. Compania a spus c&#259; a fost &icirc;n desf&#259;&#537;urare din cel pu&#539;in 2022 &#537;i 26,5 milioane de utilizatori sunt afecta&#539;i de atac, expun&acirc;ndu-&#537;i datele sensibile.<code>coreea de sud<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/sk-telecom-says-malware-breach-lasted-3-years-impacted-27-million-numbers\/\">link<\/a> <\/p><h3 id=\"disruption-destruction-2\">Perturbare &#537;i distrugere<\/h3><p><strong>Modulele Malicious Go ofer&#259; sarcin&#259; util&#259; de &#537;tergere a discului<\/strong><br>&Icirc;n aprilie, Socket a descoperit un atac distructiv al lan&#539;ului de aprovizionare care a implicat trei module Go r&#259;u inten&#539;ionate care au folosit ofuscarea pentru a desc&#259;rca &#537;i rula un script de &#537;tergere a discului vizat de Linux. Exploat&acirc;nd ecosistemul descentralizat al Go &#537;i ambiguitatea spa&#539;iului de nume, actorul amenin&#539;&#259;rii a ascuns cod distructiv &icirc;n pachete aparent legitime, duc&acirc;nd la pierderi ireversibile de date &#537;i la defec&#539;iuni ale sistemului dac&#259; sunt executate.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/socket.dev\/blog\/wget-to-wipeout-malicious-go-modules-fetch-destructive-payload\">link<\/a> <\/p><h4 id=\"opportunistic\">Oportunist&#259;<\/h4><p><strong>SonicWall semnaleaz&#259; dou&#259; vulnerabilit&#259;&#539;i VPN ca fiind poten&#539;ial exploatate &icirc;n atacurile active<\/strong><br>Pe 30 aprilie, SonicWall a actualizat avizele pentru CVE-2023-44221 &#537;i CVE-2024-38475, avertiz&acirc;nd c&#259; ambele vulnerabilit&#259;&#539;i legate de VPN erau poten&#539;ial exploatate &icirc;n s&#259;lb&#259;ticie. CVE-2023-44221 afecteaz&#259; interfa&#539;a de gestionare SMA100 SSL-VPN &#537;i permite injectarea de comenzi de c&#259;tre utilizatorii autentifica&#539;i. CVE-2024-38475, care afecteaz&#259; Apache mod_rewrite, poate activa execu&#539;ia de cod neautentificat. Ambele defecte afecteaz&#259; mai multe modele SMA &#537;i sunt corectate &icirc;n versiunea de firmware 10.2.1.14-75sv &#537;i ulterioar&#259;.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/psirt.global.sonicwall.com\/vuln-list\">link<\/a> <\/p><p><strong>Hackerii exploateaz&#259; defectul pluginului OttoKit WordPress, deoarece majoritatea site-urilor au fost corectate automat p&acirc;n&#259; pe 24 aprilie<\/strong><br>Pe 11 aprilie, un cercet&#259;tor &icirc;n securitate a dezv&#259;luit o vulnerabilitate critic&#259;, CVE-2025-27007, &icirc;n pluginul WordPress OttoKit, care le-a permis atacatorilor neautentifica&#539;i s&#259; creeze conturi de administrator necinstite prin intermediul API-ului s&#259;u. De&#537;i hackerii au &icirc;nceput s&#259; exploateze defectul &icirc;n decurs de 90 de minute de la dezv&#259;luirea public&#259;, p&acirc;n&#259; pe 24 aprilie, majoritatea utilizatorilor de pluginuri au fost actualiza&#539;i for&#539;at la o versiune corectat&#259;, atenu&acirc;nd riscul pentru peste 100.000 de site-uri afectate.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/patchstack.com\/articles\/additional-critical-ottokit-formerly-suretriggers-vulnerability-patched\/\">link<\/a> <\/p><p><strong>Google corecteaz&#259; Chrome-ul zero-day, permi&#539;&acirc;nd furtul de token OAuth<\/strong><br>Pe 15 mai, Google a lansat o actualizare de securitate care abordeaz&#259; CVE-2025-4664, o vulnerabilitate de mare severitate &icirc;n componenta Loader a Chrome. Defectul permite atacatorilor s&#259; scurg&#259; date cu origini &icirc;ncruci&#537;ate prin intermediul paginilor HTML create, ceea ce poate duce la preluarea contului prin captarea de informa&#539;ii sensibile, cum ar fi token-urile OAuth. Google este la curent cu rapoartele privind exploat&#259;rile existente &icirc;n s&#259;lb&#259;ticie.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/chromereleases.googleblog.com\/2025\/05\/stable-channel-update-for-desktop_14.html\">link<\/a> <\/p><p><strong>Pachetele NPM r&#259;u inten&#539;ionate vizeaz&#259; Cursor AI pe macOS<\/strong><br>Pe 7 mai, cercet&#259;torii de la Socket, o companie de securitate cibernetic&#259;, au raportat c&#259; actorii amenin&#539;&#259;rilor au folosit trei pachete NPM care vizeaz&#259; versiunea macOS a editorului de cod Cursor AI. Pachetele au fost desc&#259;rcate de peste 3200 de ori &#537;i sunt &icirc;nc&#259; disponibile online. Odat&#259; instalat, poate fi folosit pentru a fura acredit&#259;rile utilizatorului, pentru a prelua o sarcin&#259; criptat&#259;, pentru a suprascrie fi&#537;ierul main.js al Cursor &#537;i pot men&#539;ine persisten&#539;a prin dezactivarea actualiz&#259;rilor automate.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/socket.dev\/blog\/malicious-npm-packages-hijack-cursor-editor-on-macos\">link<\/a> <\/p><p><strong>Defect critic Langflow exploatat pentru a pirata serverele de aplica&#539;ii AI<\/strong><br>Pe 5 mai, CISA a avertizat despre exploatarea activ&#259; a unei erori critice de execu&#539;ie a codului de la distan&#539;&#259; (CVE-2025-3248) &icirc;n Langflow, un instrument open-source pentru construirea fluxurilor de lucru AI folosind LangChain. Atacatorii pot executa cod pe servere care ruleaz&#259; versiuni vulnerabile. Folosit pe scar&#259; larg&#259; &icirc;n aplica&#539;iile AI experimentale &#537;i de produc&#539;ie, Langflow este afectat &icirc;nainte de versiunea 1.3.0. Utilizatorii ar trebui s&#259; actualizeze imediat pentru a-&#537;i securiza sistemele.<code>inteligen&#539;&#259; artificial&#259;<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/critical-langflow-rce-flaw-exploited-to-hack-ai-app-servers\/\">link<\/a> <\/p><p><strong>Grup de amenin&#539;&#259;ri chinez legat de exploatarea SAP NetWeaver<\/strong><br>Pe 8 mai, firma de securitate cibernetic&#259; Forescout a dezv&#259;luit c&#259; o exploatare cunoscut&#259; anterior a unei vulnerabilit&#259;&#539;i critice SAP NetWeaver (CVE-2025-31324) a fost acum atribuit&#259; grupului chinez de amenin&#539;&#259;ri Chaya_004. Grupul a folosit shell-uri web &#537;i u&#537;i din spate precum Supershell &icirc;n atacuri direc&#539;ionate.<code>China<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.forescout.com\/blog\/threat-analysis-sap-vulnerability-exploited-in-the-wild-by-chinese-threat-actor\/\">link<\/a> <\/p><div class=\"footnotes\"><hr><ol><li id=\"fn-1\"><p>Concluziile sau atribu&#539;iile f&#259;cute &icirc;n acest document reflect&#259; doar ceea ce raporteaz&#259; sursele disponibile public. Ele nu reflect&#259; pozi&#539;ia noastr&#259;.&nbsp;<a href=\"#fnref-1\" class=\"footnoteBackLink\" title=\"Jump back to footnote 1 in the text.\">&#8617;<\/a><\/p><\/li><\/ol><\/div><\/div>\n        <\/div>\n\n        <script>\n        function switchLanguage(lang) {\n            \/\/ Ascunde ambele versiuni\n            document.getElementById(\"content-ro\").style.display = \"none\";\n            document.getElementById(\"content-en\").style.display = \"none\";\n\n            \/\/ Reseteaz\u0103 stilurile butoanelor\n            document.querySelectorAll(\".lang-btn\").forEach(function(btn) {\n                btn.style.background = \"#e5e7eb\";\n                btn.style.color = \"#374151\";\n                btn.classList.remove(\"lang-btn-active\");\n            });\n\n            \/\/ Afi\u0219eaz\u0103 versiunea selectat\u0103\n            if (lang === \"ro\") {\n                document.getElementById(\"content-ro\").style.display = \"block\";\n                document.getElementById(\"btn-lang-ro\").style.background = \"#3b82f6\";\n                document.getElementById(\"btn-lang-ro\").style.color = \"white\";\n                document.getElementById(\"btn-lang-ro\").classList.add(\"lang-btn-active\");\n            } else {\n                document.getElementById(\"content-en\").style.display = \"block\";\n                document.getElementById(\"btn-lang-en\").style.background = \"#3b82f6\";\n                document.getElementById(\"btn-lang-en\").style.color = \"white\";\n                document.getElementById(\"btn-lang-en\").classList.add(\"lang-btn-active\");\n            }\n\n            \/\/ Salveaz\u0103 preferin\u021ba \u00een localStorage\n            localStorage.setItem(\"gpss_preferred_language\", lang);\n        }\n\n        \/\/ Restaureaz\u0103 preferin\u021ba utilizatorului la \u00eenc\u0103rcare\n        document.addEventListener(\"DOMContentLoaded\", function() {\n            var preferredLang = localStorage.getItem(\"gpss_preferred_language\") || \"ro\";\n            switchLanguage(preferredLang);\n        });\n\n        \/\/ Hover effects pentru butoane\n        document.querySelectorAll(\".lang-btn\").forEach(function(btn) {\n            btn.addEventListener(\"mouseenter\", function() {\n                if (!this.classList.contains(\"lang-btn-active\")) {\n                    this.style.background = \"#bfdbfe\";\n                    this.style.color = \"#1e40af\";\n                }\n            });\n            btn.addEventListener(\"mouseleave\", function() {\n                if (!this.classList.contains(\"lang-btn-active\")) {\n                    this.style.background = \"#e5e7eb\";\n                    this.style.color = \"#374151\";\n                }\n            });\n        });\n        <\/script>\n\n        <style>\n        .lang-btn:hover {\n            transform: translateY(-2px);\n            box-shadow: 0 4px 12px rgba(59, 130, 246, 0.3);\n        }\n        .lang-btn-active {\n            box-shadow: 0 4px 12px rgba(59, 130, 246, 0.4);\n        }\n        <\/style>\n        ","protected":false},"excerpt":{"rendered":"<p>\ud83c\udf0d Limb\u0103 \/ Language: \ud83c\uddec\ud83c\udde7 English (Original) \ud83c\uddf7\ud83c\uddf4 Rom\u00e2n\u0103 Traducere automat\u0103 \/ Automatic translation Cyber Brief (May 2025)June 3, 2025 &#8211; Version: 1TLP:CLEARExecutive summaryWe analysed 328 open source reports for this Cyber Brief1.Relating to cyber policy and law enforcement, in Europe, seven EU Member States called out Russian GRU activity, while the Council of the [&hellip;]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":{"footnotes":""},"ti_category":[198],"ti_source":[172],"ti_severity":[187],"class_list":["post-992323","threat_intelligence","type-threat_intelligence","status-publish","hentry","ti_category-threat-actor","ti_source-cert-eu","ti_severity-critical"],"_links":{"self":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/threat-intelligence\/992323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/threat-intelligence"}],"about":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/types\/threat_intelligence"}],"version-history":[{"count":0,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/threat-intelligence\/992323\/revisions"}],"wp:attachment":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/media?parent=992323"}],"wp:term":[{"taxonomy":"ti_category","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/ti_category?post=992323"},{"taxonomy":"ti_source","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/ti_source?post=992323"},{"taxonomy":"ti_severity","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/ti_severity?post=992323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}