{"id":24689,"date":"2025-06-14T07:00:00","date_gmt":"2025-06-14T04:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/sumys-fake-bitcoin-exchange-telegrams-alleged-fsb-ties-and-other-cybersecurity-news\/"},"modified":"2025-06-14T07:00:00","modified_gmt":"2025-06-14T04:00:00","slug":"sumys-fake-bitcoin-exchange-telegrams-alleged-fsb-ties-and-other-cybersecurity-news","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/sumys-fake-bitcoin-exchange-telegrams-alleged-fsb-ties-and-other-cybersecurity-news\/","title":{"rendered":"Sumy\u2019s fake bitcoin exchange, Telegram\u2019s alleged FSB ties, and other cybersecurity news"},"content":{"rendered":"<p>We compiled the week\u2019s key cybersecurity developments.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>In Sumy, authorities detained the creator of a fake bitcoin exchange.<\/li>\n<li>Citizens of three countries pleaded guilty to laundering $36.9 million in cryptocurrency.<\/li>\n<li>INTERPOL arrested 32 cryptostealer operators.<\/li>\n<li>Telegram responded to rumours about ties to the FSB.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Sumy police detain creator of a fake bitcoin exchange<\/strong><\/h2>\n<p>The National Police of Ukraine in Sumy Oblast <a href=\"https:\/\/cyberpolice.gov.ua\/news\/policziya-sumshhyny-vykryla-masshtabnu-sxemu-onlajn-shaxrajstva-z-fejkovoyu-kryptobirzheyu-6327\/\">exposed<\/a> the alleged creator of a counterfeit cryptocurrency exchange who pocketed funds under the guise of bitcoin trading.<\/p>\n<p>According to investigators, a 23-year-old resident of Kyiv Oblast simulated real transactions with digital assets and kept the money. The total loss exceeded 7.6 million hryvnias (~$184,000).<\/p>\n<p>During a search, police seized cash, a mobile phone and a Lexus.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXe7BhcBVU8noJj4g_924LmWIkXGSkCrckMv1_X_ZOnndKk70i_N0SygczBOBS6BPoWz0WQtFbvB5W1L8t5-xnm77Ce6-Zm31UA4HRCSvTyWij163pIuHGdvt7OcVmTivLmIY71BvA?key=PPdApSkmJ5UF2auXoy4b7w\" alt=\"A fake exchange from Sumy, Telegram\u2019s 'links' to the FSB and other cybersecurity events\"\/><figcaption class=\"wp-element-caption\">Data: National Police of Ukraine.<\/figcaption><\/figure>\n<p>The suspect was charged with particularly large-scale fraud.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Citizens of three countries plead guilty to laundering $36.9m in crypto<\/strong><\/h2>\n<p>Five people from China, the US and Turkey pleaded guilty to taking part in an international criminal group and laundering more than $36.9 million from cryptocurrency investment scams, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/five-plead-guilty-to-laundering-36-million-stolen-in-investment-scams\/\">Bleeping Computer<\/a> reported.<\/p>\n<p>Based in Cambodia, the accomplices found victims via social networks and dating services and acted on behalf of Axis Digital Limited. Funds were sent to an account at Deltec Bank in the Bahamas and then converted to USDT.<\/p>\n<p>Some defendants have been in custody since 2024. They pleaded guilty to facilitating the laundering of stolen funds through US shell companies, international bank accounts and crypto wallets. They face five to 25 years in prison.<\/p>\n<h2 class=\"wp-block-heading\"><strong>INTERPOL arrests 32 cryptostealer operators\u00a0<\/strong><\/h2>\n<p>Law-enforcement agencies in 26 countries, led by INTERPOL, blocked more than 20,000 IP addresses and domains linked to infostealer operators in Southeast Asia.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">20,000 malicious IPs and domains taken down in <a href=\"https:\/\/twitter.com\/hashtag\/INTERPOL?src=hash&#038;ref_src=twsrc%5Etfw\">#INTERPOL<\/a> infostealer crackdown<\/p>\n<p>During Operation Secure law police from 26 countries worked to locate servers, map physical networks and execute targeted takedowns arresting 32 suspects linked to illegal cyber activities.<\/p>\n<p>\u2014 INTERPOL (@INTERPOL_HQ) <a href=\"https:\/\/twitter.com\/INTERPOL_HQ\/status\/1932720716220411949?ref_src=twsrc%5Etfw\">June 11, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Forty-one servers with more than 100GB of data were seized; 32 people were arrested in Vietnam and Sri Lanka, including the leader of a group. Police found more than 300 million dong ($11,500) in cash.<\/p>\n<p>The suspects are potentially tied to the RisePro, META Stealer and Lumma malware families, which steal browser credentials, passwords and cryptocurrency wallet contents.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Google patches potential phone-number leak<\/strong><\/h2>\n<p>Researchers at Brute Cat <a href=\"https:\/\/brutecat.com\/articles\/leaking-google-phones\">reported<\/a> a way to obtain Google users\u2019 phone numbers via a legacy account-recovery form.<\/p>\n<p>With JavaScript support disabled, two POST requests could reveal whether a phone number was linked to a Google account, based on the displayed profile name.<\/p>\n<p>The flaw could have enabled wide-ranging phishing and SIM-swapping attacks.<\/p>\n<p><iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/aM3ipLyz4sw?si=OPBzDtq2BPgHyvTz\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>Later, Google told Bleeping Computer <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-patched-bug-leaking-phone-numbers-tied-to-accounts\/\">it had patched<\/a> the issue.<\/p>\n<h2 class=\"wp-block-heading\"><strong>AI model defeated with a single character<\/strong><\/h2>\n<p>HiddenLayer researchers <a href=\"https:\/\/hiddenlayer.com\/innovation-hub\/the-tokenbreak-attack\/\">reported<\/a> a tokenization break of the <span data-descr=\"large language model \" class=\"old_tooltip\">LLM<\/span> via input perturbation. A single extra character or a meaning-preserving word change let attackers bypass filters that detect malicious text input.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXe8kzQvfHo7dFDya5baF1qO6zGhIdxHwxkdF7OL9hJJnh3eRp3tLsR0Sn2LKnRGISN4AJNWCo0__OYsR8bB2fgZnU9eeyiWyc_e4YsuMUZfT6OlmfS4gZTVxgq_boOh_kwataPacA?key=PPdApSkmJ5UF2auXoy4b7w\" alt=\"A fake exchange from Sumy, Telegram\u2019s 'links' to the FSB and other cybersecurity events\"\/><figcaption class=\"wp-element-caption\">Data: HiddenLayer.<\/figcaption><\/figure>\n<p>The attack is dubbed TokenBreak. Among tokenizers, only Unigram was not vulnerable.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Microphones leaked audio signals<\/strong><\/h2>\n<p>Researchers at the University of Florida <a href=\"https:\/\/www.usenix.org\/conference\/usenixsecurity25\/presentation\/onishi\">said<\/a> it is possible to intercept radio signals carrying recorded information during audio processing by microphones in laptops, phones and smart speakers.<\/p>\n<p>According to the team, microphones often switch on automatically during audio or video playback, regardless of user settings. Some remained active even when services appeared disabled, creating scope for persistent monitoring.<\/p>\n<p>In experiments, the scientists achieved up to 94.2% accuracy in recognising spoken digits through a 25-centimetre concrete wall, with some transcriptions showing error rates as low as 6.5%.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Telegram responds to rumours of FSB ties\u00a0<\/strong><\/h2>\n<p>Journalists at Vazhnye Istorii <a href=\"https:\/\/www.youtube.com\/watch?v=s7pnANMPigg\">reported<\/a> that Telegram\u2019s server infrastructure is handled by Elektrontelekom and GlobalNet, which service secret FSB facilities. In their view, this gives those entities access to messages.<\/p>\n<p>The investigation also claims that a vulnerability in the messenger\u2019s protocol, allowing user activity and movement to be tracked worldwide, may have been created deliberately for Russia\u2019s security services.<\/p>\n<p>Telegram representatives, in a <a href=\"https:\/\/t.me\/bbcrussian\/81393\">comment to the BBC<\/a>, called the messenger a global company that \u201chas contracts with dozens of different service providers worldwide,\u201d but none of them \u201chas access to data or confidential infrastructure.\u201d\u00a0<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cAll Telegram servers are owned by Telegram and maintained by Telegram staff,\u201d the company said.<\/p>\n<\/blockquote>\n<p>They also added that the messenger \u201chas never disclosed private messages to third parties, and its encryption has never been broken.\u201d<\/p>\n<h2 class=\"wp-block-heading\"><strong>Attack on QA job seekers nets hackers 14m rubles<\/strong><\/h2>\n<p>Specialists at F6 <a href=\"https:\/\/t.me\/f6_cybersecurity\/3709\">reported<\/a> a series of compromises of devices belonging to applicants for tester roles. Phishing ads were spotted in niche Telegram groups, social networks and on freelancer websites.<\/p>\n<p>Victims were asked to install a malicious app that granted access to SMS and push notifications from banks.<\/p>\n<p>Two scam groups using this scheme since April 2025 stole more than 14 million rubles from residents of Russia.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>Darknet marketplace Huione <a href=\"https:\/\/u1f987.com\/en\/news\/darknet-marketplace-huione-expands-operations-despite-closure-announcement\">ramped up volumes<\/a> after a \u201cshutdown\u201d.<\/li>\n<li>Thai authorities will introduce <a href=\"https:\/\/u1f987.com\/en\/news\/thailand-to-implement-ai-regulation-to-stay-ahead-in-technological-progress\">AI regulation<\/a> to \u201cavoid lagging behind progress\u201d.<\/li>\n<li>Hong Kong authorities will develop an <a href=\"https:\/\/u1f987.com\/en\/news\/hong-kong-authorities-to-develop-aml-tool-for-cryptocurrencies\">AML tool<\/a> for cryptocurrencies.<\/li>\n<li>Analysts reported a <a href=\"https:\/\/u1f987.com\/en\/news\/analysts-report-new-surge-of-covert-mining-in-russia\">new wave of covert mining<\/a> in Russia.<\/li>\n<li><a href=\"https:\/\/u1f987.com\/en\/news\/chaincode-labs-sizes-up-the-quantum-threat-to-bitcoin\">Quantum risks<\/a>: Chaincode Labs assessed the threat to Bitcoin.<\/li>\n<li>Researchers identified the main <a href=\"https:\/\/u1f987.com\/en\/news\/researchers-identify-key-threats-to-ethereum-ecosystem\">threats to the Ethereum ecosystem<\/a>.<\/li>\n<li>OpenAI services suffered a <a href=\"https:\/\/u1f987.com\/en\/news\/openai-services-experience-global-outage\">global outage<\/a>.<\/li>\n<li>Hackers breached the X account of Paraguay\u2019s president and posted a <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-breach-paraguayan-presidents-x-account-post-fake-bitcoin-announcement\">fake about bitcoin\u2019s status<\/a>.<\/li>\n<li>ALEX Lab will <a href=\"https:\/\/u1f987.com\/en\/news\/alex-lab-to-compensate-losses-following-8-3-million-hack\">reimburse losses after an $8.3m hack<\/a>.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to read this weekend?<\/strong><\/h2>\n<p>How cryptocurrencies and Mexican cartels intersected:<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We compiled the week\u2019s key cybersecurity developments. In Sumy, authorities detained the creator of a fake bitcoin exchange. Citizens of three countries pleaded guilty to laundering $36.9 million in cryptocurrency. INTERPOL arrested 32 cryptostealer operators. Telegram responded to rumours about ties to the FSB. Sumy police detain creator of a fake bitcoin exchange The National [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":24688,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-24689","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"38","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/24689","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=24689"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/24689\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/24688"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=24689"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=24689"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=24689"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}