Cybersecurity Chronicles: Signals Security Breach and Multinational Malware Crackdowns

Here’s the text translated into English and rewritten with unique phrasing while maintaining the original meaning:

We have compiled the most significant cybersecurity news from the past week.

Jeffrey Goldberg, the editor-in-chief of The Atlantic, disclosed that he was accidentally added to a group chat on Signal, where members of the U.S. administration were discussing the bombing of Houthi forces in Yemen.

The conversation contained details about the planned strikes, including target lists, types of weaponry, and estimated timing for the attacks. According to Goldberg, this timing coincided with the release of the first official announcements regarding the military operation on social media.

Participants in the chat included Defense Secretary Pete Hegseth, Director of National Intelligence Tulsi Gabbard, CIA Director John Ratcliffe, National Security Advisor Mike Waltz, U.S. Vice President JD Vance, among others.

Officials have confirmed the existence of the chat; however, the Department of Defense later attempted to assure the public that military plans were never discussed in the messaging app. Goldberg was likely added by mistake due to a similar abbreviation in his alias.

Shortly after the authorities denied that any sensitive information was shared in the chat, The Atlantic published the entire conversation publicly.

In light of the incident, U.S. President Donald Trump expressed his continued trust in all members of his national security team.

On March 23-24, the online services of Ukraine’s railway operator, Ukrzaliznytsia, were subjected to a large-scale cyberattack. This attack disrupted the mobile ticket purchasing app but did not affect the train schedules.

The company is investigating the incident but has not released any technical details thus far.

«The attack was systematic, complex, and multi-layered,» stated the press service, adding that specialists will check the affected systems for potential vulnerabilities from backups before complete restoration.

Ukrainian state cyber agencies involved in the investigation have not publicly commented on the attack or attributed it to any specific hacking group.

Authorities in the Saratov region arrested three individuals allegedly behind the development of the malicious software Mamont, which was spread via Telegram channels. This was reported by the agency’s press service.

The malware enabled criminals to transfer money from victims’ cards through SMS banking. Law enforcement registered over 300 incidents involving the malicious software.

Police seized a command server, computer equipment, storage devices, communication tools, and bank cards from the suspects.

Criminal cases have been opened for fraud and unauthorized access to computer information. The suspects are subject to travel restrictions.

The investigation is ongoing.

Cybercriminals are breaking into smart home systems to turn them into botnets for executing DDoS attacks or mining cryptocurrency. This was reported by TASS, citing materials from the Russian Ministry of Internal Affairs.

Additionally, the goal of these hacks could include surveillance via security cameras and preparation for burglaries. Hackers may determine if homeowners are present through smart devices such as toothbrushes and temperature sensors.

Law enforcement agencies have urged consumers selecting smart home systems to rely on market leaders and continually update their software.

Law enforcement in seven African nations, with the assistance of Interpol and analysts from Group-IB, Kaspersky, and Trend Micro, conducted a series of arrests of alleged participants in a transnational criminal network. Bleeping Computer has reported on this.

From November 2024 to February 2025, authorities confiscated 1,842 devices believed to have been used for crimes involving mobile banking apps, investments, and messaging, impacting over 5,000 victims.

A total of 306 suspects were detained in Benin, Côte d’Ivoire, Nigeria, Rwanda, South Africa, Togo, and Zambia.

Some of the illicit funds were converted into cryptocurrencies, and the involvement of several suspects in human trafficking is also under investigation.

Malwarebytes researchers noted a phishing website using the name DeepSeek featured in sponsored Google ads. The fake page, while different from the legitimate one, appears convincing.

Clicking on the download button installs a Trojan on the user’s device.

As Google is unable to remove fraudulent ads from sponsored search results, experts advise against clicking on advertisements at the top of the results or suggest installing an AdBlock extension. Additionally, verifying the URL and the advertiser’s name can help confirm a site’s authenticity.

Analysts from F6 reported two fraudulent Telegram bots involved in investment scams, utilizing images of both Russian and international celebrities for promotion.

One of these is an economic game called MeowCraft, which falsely lists actor Yuri Borisov as its «ambassador.» Users are lured in with a “promo code for 5,000 rubles,” but the bot actually requires depositing in TRX and prevents asset withdrawals.

Another scam project is a clicking game titled “Our Elephant.” It features a menu for converting earned “elephant coins” to rubles, yet it similarly demands a pre-deposit in TON and steals all transferred funds.

These schemes use images of personalities such as Keanu Reeves, Olga Buzova, and others for promotion.

The design and distribution methods of both bots are similar, leading analysts to believe they are orchestrated by the same individual.

Together with the Mixer.Money team, we are examining how the Bybit incident will impact the reputation of bitcoin mixers and what steps can be taken to mitigate the risks of potential shutdowns.