Major Incidents or Breaches

  • Thirteen Romanian nationals were arrested in coordinated operations involving HMRC and Romanian police for conducting phishing attacks targeting the UK’s tax service (HMRC). The arrests took place in Ilfov, Giurgiu, and Calarasi counties and are linked to a large-scale campaign against UK taxpayers.

Newly Discovered Vulnerabilities

  • A critical vulnerability was identified in Kigen’s eUICC (embedded Universal Integrated Circuit Card) eSIM technology, which is widely used in smartphones and IoT devices. The flaw allows attackers to exploit eSIM provisioning processes, potentially exposing billions of IoT devices to remote attacks.
  • Google Gemini for Workspace contains a flaw that allows attackers to manipulate AI-generated email summaries, embedding malicious instructions or phishing warnings that can redirect users to phishing websites without the need for malicious attachments or links.

Notable Threat Actor Activity

  • The group of Romanian suspects arrested for targeting the UK’s tax service employed phishing techniques to harvest credentials from UK taxpayers, indicating continued international threat actor interest in UK government and financial targets.

Trends, Tools, or Tactics of Interest

  • Researchers highlighted a new hacking technique targeting eSIM provisioning, specifically within Kigen’s implementation, which could be leveraged against large-scale IoT deployments.
  • Attackers are exploiting AI-powered productivity tools, as demonstrated by the abuse of Google Gemini’s email summarisation feature to facilitate phishing without traditional indicators.
  • The release of an experimental suspicious domain feed, aggregating data from ICANN’s centralized zone data service and TLS certificate transparency logs, provides additional resources for tracking potentially malicious newly registered domains.

Regulatory or Policy Developments Affecting the Security Industry

  • The collaboration between HMRC and Romanian authorities in the arrest of cross-border phishing suspects underscores ongoing international law enforcement cooperation in response to cybercrime targeting UK organisations.