Risky Bulletin
Risky Bulletin

Risky Bulletin: Ukrainians hacked Russian satellite comms platform

9 min
Apr 29, 2026about 1 month ago
Listen to Episode
Summary

This episode covers major cybersecurity incidents including Ukrainian hackers breaching Russian satellite communications, the Shiny Hunters group extorting Vimeo, and widespread data breaches affecting organizations from gaming to sports. Additional stories highlight rising social media scams costing Americans $2.1 billion, increased privacy fines, and geopolitical tensions over data breach investigations.

Insights
  • Supply chain attacks remain a critical vulnerability vector, with compromised tools like Anadot and Checkmark's Kix enabling attackers to target downstream customers at scale
  • State-sponsored cyber operations are increasingly targeting diaspora communities and journalists, indicating a shift toward information control and political influence campaigns
  • Ransomware groups are evolving tactics by partnering across organizations and exploiting flawed encryption implementations, making ransom payments unreliable recovery strategies
  • Regulatory fines for privacy violations have accelerated dramatically due to AI adoption and new state privacy laws, creating significant financial liability for enterprises
  • Social engineering and cryptocurrency scams are shifting from traditional channels to social media platforms, with Meta properties accounting for the majority of losses
Trends
State-sponsored cyber espionage targeting journalists and diaspora communities expanding globallySupply chain attacks leveraging compromised cloud monitoring and development tools as entry pointsRansomware groups forming partnerships and diversifying attack methods to increase extortion success ratesPrivacy regulation enforcement accelerating with fines exceeding previous five-year totals combinedSocial media platforms becoming primary vectors for financial scams and fraud schemesCryptocurrency ATM fraud driving state-level regulatory bans and restrictionsAI-generated disinformation campaigns scaling to tens of millions of views with minimal detectionHacked device inventory becoming primary ransomware attack vector for specific hardware platformsGeopolitical tensions influencing cybersecurity investigations and extradition disputesZero-day vulnerabilities in open-source health and task management platforms enabling widespread compromise
Companies
Vimeo
Video hosting platform being extorted by Shiny Hunters hacking group after data theft from Snowflake storage
Rockstar Games
Grand Theft Auto developer whose data was stolen by Shiny Hunters via compromised Anadot cloud monitoring tool
Payoneer
Payments provider affected by Shiny Hunters data breach through compromised Anadot cloud cost monitoring platform
Zara
Fashion retailer whose data was stolen by Shiny Hunters via compromised Anadot cloud monitoring tool
Checkmark
Security firm targeted by Lapsus group in supply chain attack via GitHub account compromise and malicious Kix payloads
Anadot
Cloud cost monitoring tool breached by Shiny Hunters, used to access Vimeo and extort multiple downstream customers
Meta
Parent company of Facebook, WhatsApp and Instagram, which accounted for majority of $2.1B in social media scams
Coupang
South Korean e-commerce giant that suffered major data breach exposing personal information of one-third of population
Roblox
Gaming platform where Ukrainian hackers compromised over 610,000 accounts and resold access via Russian Telegram chan...
Roscosmos
Russian space agency managing GONETS satellite communications platform breached by Ukrainian cyber specialists
Asian Football Confederation
Sports organization whose player and coach personal data was leaked by hackers who obtained it from Shiny Hunters
Open EMR
Open-source health records management platform patched 38 vulnerabilities including two critical severity 10.0 bugs
Cheelong
Task management service exploited by threat actors to deploy cryptocurrency miners via authentication bypass vulnerab...
GitHub
Development platform that fixed major vulnerability allowing potential server takeover via custom GitPush operations
Snowflake
Cloud storage platform where Vimeo data was stolen after Anadot compromise by Shiny Hunters hacking group
AtBay
Cyber insurance company reporting that one-third of 2024 claims involved breaches from compromised SonicWall devices
People
Katalin Kempanu
Prepared the Risky Bulletin episode covering major cybersecurity incidents and breaches
Claire Aird
Read and presented the Risky Bulletin episode on cybersecurity incidents and industry trends
Peter Stokes
19-year-old Scattered Spider member arrested in Finland under hacker alias Bokeh, facing US extradition charges
Xu Ziwei
Chinese hacker accused of stealing COVID vaccine information from US companies, extradited from Italy to US
Quotes
"Ukrainian cyber specialists have breached GONETS, a low-orbit satellite communications platform managed by the Russian space agency Roscosmos. GONETS is Moscow's alternative to Starlink."
Claire AirdOpening segment
"Americans lost more than $2.1 billion to social media scams last year. Most scams began on meta sites, with Facebook, WhatsApp and Instagram the top three platforms."
Claire AirdMid-episode
"American companies were fined more than $3.4 billion last year for privacy-related infractions. The total is larger than the previous five years combined."
Claire AirdMid-episode
"One-third of last year's cyber insurance claims filed with insurance company AtBay were for breaches originating from hacked sonic wall devices."
Claire AirdLate segment
Full Transcript
Ukrainians hack Russian satellites, Vimeo is being extorted, Greece wants to ban anonymity on social media, and a scattered spider hacker was arrested in Finland. This is the Risky Bulletin, prepared by Katalin Kempanu and read by me, Claire Aird. Today is the 29th of April, and this podcast episode is brought to you by Run Zero. In today's top story, Ukrainian cyber specialists have breached GONETS, a low-orbit satellite communications platform managed by the Russian space agency Roscosmos. GONETS is Moscow's alternative to Starlink. According to InformNapalm, the hackers stole classified internal documents and intercepted communications over three years. They also compromise at least two high-profile figures within GoNet's leadership. Ukraine's 256th Cyber Assault Division has taken credit for the intrusion. In other news, the Shiny Hunters hacking group is threatening to leak stolen data from video hosting platform Vimeo if the company doesn't pay a ransom. The group stole the data from the company's Snowflake cloud storage after hacking cloud cost monitoring tool Anadot. Shiny Hunters breached Anadot earlier this month and has since been extorting its customers. Recent victims include Grand Theft automaker Rockstar Games, fashion retailer Zara and payments provider Payoneer. Meantime, hackers have leaked stolen data from the Asian Football Confederation. The data includes the personal details of the players and coaches of the confederation's football clubs. Leaked details include player contracts, email addresses and passport scans. The leakers said they obtained the data from the Shiny Hunters hacking group. An Iranian hacking group has leaked the personal details of almost 2,400 US Marines stationed in the Persian Gulf. The data includes details about their families home addresses bases and shopping habits It unclear where the data was taken from The Lapsus cybercrime group was behind the supply chain attack against security firm Checkmarks and its Kix vulnerability scanner. The group first breached the company's GitHub account and published malicious payloads there in March. It did the same thing last week. Those payloads allowed Lapsus to steal credentials and hack organisations that used Kix to scan their internal networks. The group also leaked some of Checkmark's data on the weekend. Americans lost more than $2.1 billion to social media scams last year. Most scams began on meta sites, with Facebook, WhatsApp and Instagram the top three platforms. According to the US Federal Trade Commission, losses to Facebook scams significantly exceeded those originating from SMS or email. American companies were fined more than $3.4 billion last year for privacy-related infractions. The total is larger than the previous five years combined. According to research company Gartner, larger fines have been driven by the wide adoption of insecure AI technologies and new state privacy laws. South Korea has accused the US of applying political pressure and meddling over its investigation of last year's Coupang data breach. More than 90 South Korean lawmakers have signed a formal complaint to the U.S. ambassador, which will be delivered this week. The e-commerce giant suffered a major data breach late last year, exposing the personal information of one-third of South Korea's population. Several members of the U.S. House of Representatives have accused the South Korean government of targeting Coupang because it's American-owned. They did not present evidence to support the claims. The Greek government plans to ban anonymity on social media networks. Officials cited a growth in toxic online comments, coordinated harassment, fake news and political manipulation. Greece is set to hold national elections next year. The U state of Tennessee has banned cryptocurrency ATM kiosks due to an increase in scams Tennessee is the second U state to ban crypto ATMs following Indiana last month Cyber criminals have been tricking victims into buying crypto from ATMs to bypass banking anti-fraud detections. The U.S. Department of Justice has filed charges against a scattered spider member. 19-year-old Peter Stokes was arrested in Finland earlier this month while attempting to board a flight to Japan. He used the hacker name Bokeh. The US is seeking his extradition. Ukrainian police have arrested three people accused of hacking Roblox accounts and reselling access to them. The group compromised more than 610,000 accounts while operating out of the city of Lviv. They hid info-stealers in Roblox apps, which stole account credentials. The accounts were later sold on Russian Telegram channels. Italy has approved the extradition of a Chinese hacker to the US. Xu Ziwei is accused of hacking and stealing COVID vaccine information from American companies. The US Justice Department claims he's a member of the Chinese state-sponsored group Hafnium. Chinese state-sponsored hackers have conducted espionage campaigns against journalists, human rights defenders and exiled ethnic and religious groups. Two separate year-long campaigns were spotted which were carried out by two groups. Glitter Carp targeted the foreign Chinese diaspora, its activists and the journalists that reported on it. Sequin Carp specifically targeted journalists reporting on China's state repression tactics. Both campaigns impersonated journalists in an attempt to lure users to fishing sites. Citizen Lab believes the Glitter Carp group is likely a private contractor carrying out state-funded espionage. One-third of last year's cyber insurance claims filed with insurance company AtBay were for breaches originating from hacked sonic wall devices. Most of the claims were for attacks by the Akira Group, which repeatedly targeted the devices Last year Akira accounted for more than 40 of all ransomware claims The Open EMR project has patched 38 vulnerabilities in its open health records management platform Two of the bugs received a severity score of 10 out of 10 and many allowed takeovers of unpatched vulnerable platforms. The bugs were discovered by Isles Security this year. Threat actors are hacking Cheelong Task Management Service to deploy cryptocurrency miners. Attacks began in early February. Threat Actors exploited an authentication bypass bug, which at the time was a zero-day. It's since been patched. GitHub has fixed a major vulnerability that could have allowed Threat Actors to take over its own servers. The bug could have been exploited using a custom-crafted GitPush operation. Wiz researchers discovered the bug. It was patched at the beginning of March. GitHub says it found no evidence that the bug was exploited in the wild. Patches have been rolled out for self-hosted GitHub enterprise servers. Vect Ransomware is using a flawed encryption algorithm that permanently destroys any files larger than 128 kilobytes. Security firms Checkpoint and JumpSec warned against paying the group's ransom demands. According to recent reports, the Vect Group is working with Team PCP to ransom companies from the Trivi and Checkmark's Kix supply chain attacks. A network of YouTube accounts is using AI-generated content to promote the annexation of Canada's Alberta region by the US. The low-quality videos repeatedly mispronounce names and misgender politicians. They've amassed more than 40 million views combined. The videos use thumbnails featuring politicians such as Alberta Premier Danielle Smith and Prime Minister Mark Carney. CBC News trace the accounts to three Dutch nationals. And that is all for this podcast edition. Today's show was brought to you by our sponsor, RunZero. Find them at runzero.com. Thanks for your company. you