Cyber News 20NOV2025
General
- AUKUS sanction "Media Land", a Russian Bulletproof Hosting Provider (BPH - ignore takedown notices), based in St. Petersburg. Also extends activity against "Aeza Group", sanctioned in July this year.
- https://home.treasury.gov/news/press-releases/sb0319
- https://www.gov.uk/government/news/uk-smashes-russian-cybercrime-networks-responsible-for-attacks-on-uk-businesses
- (A Krebs article on Yalishanda) https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
- https://www.bleepingcomputer.com/news/security/us-sanctions-russian-bulletproof-hosting-provider-media-land-over-ransomware-ties/
- https://www.cybersecuritydive.com/news/russian-bulletproof-hosting-company-sanctions-us-australia-uk/805911/
- https://www.itnews.com.au/news/australia-us-and-uk-sanction-russian-cyber-firms-over-ransomware-links-621919
- https://therecord.media/bulletproof-hosting-sanctions-ransomware
- The latest from Brian Krebs - the Cloudflare outage is a good reminder to consider defence-in-depth. If you need to remove part of your infrastructure, does that remove all of your controls? Can you safely do so?
- The law may be slow, but it does catch up with people - another guilty plea for laundering stolen crypto-currency. Part of a group that stole bitcoin worth - at the time - approximately US$263m.
Mehta first met the members of the in early 2024 through a money exchanger who was friendly with the owner of a Los Angeles exotic car dealership. The money exchanger solicited Mehta’s assistance with crypto-to-cash conversions in the tens of thousands of dollars. Mehta charged a 10% fee for converting the cryptocurrency to fiat cash.
When members of the conspiracy requested cash, Mehta often delivered it himself. Mehta also performed wire transfers for the group, sending stolen funds to an exotic car dealership, a private jet company and real estate rental companies in exchange for a 10% fee for himself.
- https://www.justice.gov/usao-dc/pr/cryptocurrency-money-launderer-pleads-guilty-rico-conspiracy-scheme-stole-263-million
- https://www.bleepingcomputer.com/news/security/california-man-admits-to-laundering-crypto-stolen-in-230m-heist/
- Scattered Lapsus$ Hunters just can't stay quiet - new "Sh1nySp1d3r Ransomware" Ransomware as a Service (RaaS) has surfaced.
- Leaving an unpatched router on your perimeter is never a good idea, even for home networks. Suspected chinese actor is attacking unpatched Asus routers, apparently to create an Operational Relay Box (ORB) network (fancy name for residential proxy networks used in APT operations, to hide the source).
- Simulating a whole browser window, in a browser, to make phishing look more real (gives the attacker full control of the simulated address-bar). Designed to look as though the website has popped up another window, sitting on top of the current browser window, skinned to match browser and OS.
- [EU] Illegal IPTV streaming services targeted via crypto-currency payments. Follow the money, find the exchange, freeze the accounts. No mention of the funds being seized yet.
- [RU] Large insurer knocked out for over a week by probable ransomware incident, possible Ukrainian link (and DDoS response from Russia against Ukrainian insurers)
Getting Techy
- ESET have a write-up on a "China-aligned" group using DNS to intercept insecure software updates, and deliver malware. Starts with compromise of a local router, replaces DNS, returning an attacker IP for certain update hosts.
- https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/
- https://www.bleepingcomputer.com/news/security/plushdaemon-hackers-hijack-software-updates-in-supply-chain-attacks/
- https://therecord.media/china-aligned-threat-actor-espionage-network-devices
- https://www.theregister.com/2025/11/19/thousands_more_asus_routers_pwned/
Geo-Politics
- [US] Trump tells reporter "Quiet. Quiet, piggy", when asked about Epstein files
AI
- With Gemini 3 now launched, Google's AI Mode in Search uses the new model, to create "new generative UI experiences". Demo creates an "interactive" (not really, unless you call play/pause interactive?) simulation.
- Google forced to release info on datacentre water usage...must be a reason they're hiding this.
- Tearing into Microsoft's Windows with Agentic AI - Copilot Actions. TL;DR - it's unsafe, Microsoft will release it, "our commitment is to include robust security and privacy controls", however "We recommend that you only enable this feature if you understand the security implications".
TL;DR - here's a loaded gun, the safety is off, please don't shoot yourself in the foot.