We have compiled the past week’s most notable cybersecurity news.
- A journalist was mistakenly added to a closed chat with the US president’s administration.
- Ukrzaliznytsia was hit by a large-scale cyberattack.
- Experts warned about fraudulent “elephant coins” on Telegram.
- Hackers began mining cryptocurrencies on Russians’ smart devices.
A journalist was mistakenly added to a closed Signal chat with the US president’s administration
The Atlantic’s editor-in-chief Jeffrey Goldberg said he found himself included in a Signal group chat where members of the US administration discussed bombing the Houthis in Yemen.
The exchange contained details of the forthcoming strikes, including a list of targets, weapons and the expected time of the attack. According to Goldberg, it matched the timing of the first official posts about the operation on social media.
Participants included Defense Secretary Pete Hegseth, Director of National Intelligence Tulsi Gabbard, CIA Director John Ratcliffe, National Security Adviser Mike Waltz, US vice-president JD Vance and others.
Officials confirmed the chat was real, though the Pentagon later tried to persuade the public that war plans were not discussed in the messenger. The journalist was likely added by mistake due to a similar abbreviation in a nickname.
Soon after authorities claimed there were no secrets in the messages, The Atlantic published the exchange in full here.
US President Donald Trump, in connection with the incident, said he retains confidence in all members of his national-security team.
Ukrzaliznytsia hit by a large-scale cyberattack
On March 23–24, online services of the Ukrainian railway operator Ukrzaliznytsia came under a large-scale cyberattack. It disrupted the mobile ticketing app but did not affect train schedules.
The company is investigating the incident but has not yet disclosed technical details.
“The attack was systematic, complex and multi-layered,” the press service said, adding that before the full restoration of affected systems from backups, specialists will check them for potential vulnerabilities.
Ukrainian state cyber agencies involved in the investigation have not commented publicly or attributed the attack to any specific hacker group.
Alleged creators of the Mamont malware detained in Russia
Police in Saratov Region detained three people suspected of developing the Mamont malware and distributing it via Telegram channels, the press service said.
The virus allowed attackers, via SMS banking, to transfer money from victims’ cards. In total, law enforcement registered more than 300 incidents involving the malware.
Officers seized a command server, computer equipment, storage media, communications devices and bank cards.
Criminal cases have been opened for fraud and unlawful access to computer information. The suspects have been placed under travel restrictions.
The investigation continues.
Hackers began mining cryptocurrencies on Russians’ smart devices
Attackers are breaking into smart-home systems to turn them into a botnet for DDoS attacks or cryptocurrency mining, TASS reports, citing materials from the Russian Interior Ministry.
Another goal may be surveillance via CCTV cameras and preparing for burglary. Hackers can determine whether the owner is at home using smart toothbrushes and temperature sensors.
Law enforcement urged consumers to choose central smart-home systems from market leaders and to keep software updated.
More than 300 suspected cybercriminals arrested in African countries
Law-enforcement agencies in seven African countries, with assistance from Interpol and analysts from Group-IB, Kaspersky and Trend Micro, carried out a series of arrests of alleged members of a transnational criminal network, Bleeping Computer reports.
In total, from November 2024 to February 2025, authorities seized 1,842 devices allegedly used for scams involving mobile banking, investment and messaging apps, which left more than 5,000 victims.
In Benin, Côte d’Ivoire, Nigeria, Rwanda, South Africa, Togo and Zambia, 306 suspects were arrested.
Some of the proceeds were converted into cryptocurrencies. Investigators are also checking links to human trafficking.
Fake DeepSeek site spotted in Google ads
Researchers at Malwarebytes noticed a phishing site for DeepSeek in sponsored Google search ads. The fake landing page, though different from the real one, looks convincing enough.
Clicking the download button installs a trojan on the user’s device.
Since Google cannot remove fake ads from sponsored search results, experts advise never clicking on top advertising links or installing an AdBlock extension. In addition, you can verify a site’s authenticity by checking the URL and the advertiser’s name.
Experts warned about fraudulent “elephant coins” on Telegram
Analysts at F6 reported two fraudulent Telegram bots that constitute an investment scam and use images of Russian and foreign celebrities for promotion.
One is the economic game MeowCraft, whose “ambassador”, the scammers claim, is actor Yuri Borisov. Users are lured with “a promo code for 5,000 rubles.” In reality, the bot demands a top-up in TRX and does not allow withdrawals.
Another scam project is the clicker “Our Elephant”. It has a menu to convert earned “elephant coins” into rubles. However, the game also requires a prior top-up in TON and steals all transferred funds.
The tapper is promoted using the likenesses of Keanu Reeves, Olga Buzova, Bianka and others.
The look-and-feel and distribution methods of the two bots are similar, so analysts believe a single organiser is behind them.
Also on ForkLog:
- Nigeria linked Binance to terrorism and kidnappings.
- The ‘leaked’ personal data of Binance and Gemini users appeared online.
- The US seized cryptocurrencies worth about $200,000 intended for Hamas.
- Grinex launched in Russia and the CIS, poaching some of Garantex’s clients.
- A whale who manipulated on Hyperliquid ended up in the red — exact losses are unknown.
- Immunefi reported the worst quarter for the crypto industry.
- A data leak showed the scale of censorship in China.
- Bybit denied restrictions on deposits from Trust Wallet.
- Media: a whale manipulated Polymarket markets.
- The Abracadabra Finance exploiter stole $13 million.
- A Moldovan priest lost $32,000 to a crypto scam.
- Binance took action against a market maker for manipulating MOVE.
- A Zhytomyr resident was suspected of crypto fraud worth 3.7 million hryvnias.
- US authorities will return $7 million to victims of fake crypto sites.
- Tornado Cash was removed from OFAC’s sanctions lists.
What to read this weekend?
Together with the Mixer.Money team, we examine how the Bybit incident may dent the reputation of Bitcoin mixers and which steps can minimise the risks of potential blocks.