US halts cyber offensive against Russia, fake Web3 jobs and other cybersecurity developments

We have compiled the week’s most important cybersecurity news.

Media report order to halt US cyber offensive against Russia

US Defense Secretary Pete Hegseth ordered Cyber Command to abandon any planning for offensive action against Russia, including in the digital realm, according to Record, which cited three informed sources.

According to the information available, Hegseth passed the instruction to Cyber Command chief General Timothy Ho, who in turn informed the command’s director of operations, Marine Corps Major General Ryan Heritage.

The sources also said the order reportedly does not extend to the National Security Agency and signals intelligence work directed against Russia.

The directive’s full scope remains unclear, as does its precise duration.

Cyber Command has begun compiling a report listing actions or missions slated for suspension, assessing the risks of the decision and potential threats emanating from Russia.

Crypto stolen from job seekers via fake software

The Russian-speaking hacking group Crazy Evil has launched a malicious campaign, GrassCall, targeting professionals seeking work in the Web3 sector, Bleeping Computer reports.

The attackers created X and LinkedIn profiles for a fictitious company, ChainSeeker.io, and placed premium job ads on popular recruitment sites on its behalf.

Applicants were asked to download the GrassCall app supposedly for interviews. In reality, the software installed a stealer that grabbed passwords, cookies and cryptocurrency wallet data.

The scam affected hundreds of people. For now, the ads posted by the attackers have been removed.

Telegram fined more than $600,000 in Australia

Australia’s online safety regulator, eSafety, fined Telegram more than $600,000 after the messenger delayed by 160 days providing information on measures to combat terrorism and child abuse material, The Guardian reports.

The platform has 28 days to appeal the decision, pay the amount or request a deferral.

Meanwhile, in Russia, from February 2022 to February 2025, Roskomnadzor fined Telegram a total of 63.4 million roubles for failing to comply with the agency’s orders, not removing prohibited information and refusing self-moderation.

Sweden and France weigh amendments to break messenger encryption

Sweden’s government could adopt a law as early as March 2026 introducing a so-called backdoor to end-to-end encryption (E2EE) in messaging apps. This would give law enforcement access to users’ confidential data, writes The Register.

Signal CEO Meredith Whittaker sharply criticised the initiative and said the company would shut down business in the country if the law takes effect. In her words, breaking E2EE would make all of the app’s code vulnerable to cyberattacks.

An analogous amendment was adopted by France’s Senate and is under review in the National Assembly. It requires encrypted messengers to open access to correspondence within 72 hours upon request. At the same time, local authorities want to ban ISPs and VPN services from providing access to pirate sites.

Privacy-focused email provider Tuta and the VPN Trust Initiative warned that the new laws threaten privacy and personal security.

Access to ChatGPT cut off for several North Korean hackers

OpenAI has blocked several North Korean hacking groups from using the ChatGPT platform. The accounts were detected with information from an industry partner and linked to the gangs Velvet Chollima (also known as Kimsuky, Emerald Sleet) and Stardust Chollima (APT38, Sapphire Sleet).

The cybercriminals used the chatbot to research future targets, attack methods, assistance in writing malicious code and to search for information on cryptocurrencies.

OpenAI threat analysts found that the North Korean actors revealed staging URLs of previously unknown binaries. The information was passed to security researchers to update rules and prevent attacks.

The company also blocked accounts linked to a potential scheme to place North Korean IT specialists in Western organisations.

Suspect in hacks of 90 organisations arrested in Thailand

The Royal Thai Police, together with counterparts in Singapore, arrested in Bangkok a suspect in a series of intrusions, extortion and data leaks affecting more than 90 organisations worldwide. Experts from Group-IB assisted the investigation.

According to investigators, since 2020 the hacker operated under the aliases ALTDOS, DESORDEN, GHOSTR and 0mid16B. The total volume of data stolen exceeded 13 TB.

If a victim refused to pay, the suspect notified the media or data protection regulators in order to inflict greater reputational and financial damage.

During the raid, police seized laptops and luxury items allegedly purchased with criminal proceeds.

The suspect faces multiple charges, including unauthorised access to protected computer systems and data, attempted extortion and illegal residence.

Microsoft announces Skype shutdown

The Skype video-calling service will cease operations on 5 May. Microsoft will end support for the app and focus on developing the free Teams platform.

The latter, like Skype, offers calls, messaging and file sharing. Teams’ advanced features include holding meetings, managing calendars, and creating and joining communities.

The platform’s user base has already reached the hundreds of millions.

To ease migration between the messengers, Microsoft will allow sign-in to Teams using a Skype account.

Also on ForkLog:

• Pi Network responded to fraud allegations from Bybit’s CEO.
• Kyrgyzstan claimed links between several crypto firms and money laundering.
• On his birthday, the founder of Mask Network had $4 million in crypto stolen.
• Immunefi: in February, the crypto industry lost $1.53 billion due to the Bybit hack.
• The Pump.fun X account was hacked to promote scam tokens.
• The FBI, following Arkham, confirmed North Korea’s involvement in the Bybit hack.
• Binance’s founder criticised Safe’s report on a wallet infrastructure vulnerability in the context of the Bybit hack.
• The US Department of Justice announced the extradition of Gotbit’s founder.
• Searches began in cities across Moldova over a crypto-exchange fraud case.
• Fake software on GitHub netted hackers $485,000 in bitcoin from a single attack.
• SMS scammers targeted Binance users with ‘warnings’ about hackers.
• The Bybit hackers laundered $113 million in a day.
• A user lost more than $760,000 due to ‘address poisoning’.
• Russia has launched inspections of ‘drop facilitators’ and crypto exchangers.
• Adam Back linked the Bybit hack to shortcomings in the EVM.
• US authorities seized $31 million in crypto assets tied to the Uranium Finance hack.
• An expert explained how scammers ‘kill’ trading bots.
• The Garantex crypto exchange was added to the EU sanctions list.
• Bybit blocked a Lazarus-linked meme token and fully restored its reserves.
• The stablecoin bank Infini was hacked for 49.5 million USDC.
• Experts spoke out against an Ethereum ‘rollback’.

What to watch this weekend?

A fresh episode of ‘Podcast Society’ in which Web3 entrepreneur Vladimir Menaskop dissects the details of the largest Bybit breach in an attempt to understand who was behind it and whether the incident could have been prevented.