Crypto news

Cybersecurity continues to demonstrate its complexity and multifaceted nature: from government operations to clean up botnets to absurd yet telling attacks on emergency alert systems. As an analyst, I see a common trend in these events — attackers are becoming increasingly inventive, exploiting vulnerabilities in outdated equipment as well as psychological tricks, including manipulation of AI systems.

Canada: A Precedent for Remote Device Cleaning

The Canadian Security Intelligence Service has, for the first time in history, obtained a court warrant for remote intervention in the operation of infected citizen devices. This concerns servers, home routers, and IoT devices — doorbells, cameras, televisions. Botnets operating on a relay scheme used compromised equipment to mask attacks on critical infrastructure, including the energy sector and government agencies. The Federal Court declassified the ruling only in mid-June 2026, although the warrant was issued over two years ago. It is emphasized that personal data was not intercepted, and accidentally collected information was destroyed.

Outdated D-Link Routers Under Attack by AryStinger

XLab specialists discovered the AryStinger botnet targeting old D-Link DIR-850L and DIR-818LW models. During the campaign, over 4,000 routers were compromised and turned into proxy servers for traffic relay. The malware not only uses the devices as a launchpad for attacks but also intercepts DNS queries, browser sessions, and all network traffic. About 48% of infections occurred in South Korea, China, Sweden, Malaysia, and Singapore. This once again confirms: outdated equipment with factory passwords is the primary vector for modern botnets.

macOS Gaslight: Fake Errors Against AI Analysis

SentinelOne researchers have identified a new infostealer for macOS called Gaslight, which specifically targets AI-based automated code analysis tools. Inside the file, a 3.5 KB loader is hidden, containing 38 fabricated system messages formatted in Markdown. These strings mimic developer logs, memory overflow errors, and token expiration warnings. The goal is to force the LLM model to abort analysis, truncate the report, or refuse to process the "corrupted" sample. Hackers, likely from North Korea, use prompt injections to bypass automated checks.

Europol: Dismantling the Amadey and StealC Distribution Network

Europol, together with law enforcement from a dozen countries and Microsoft, dismantled the distribution network for the SocGholish, Amadey, and StealC malware. The Amadey trojan gained initial access, after which the StealC infostealer was deployed, specializing in stealing passwords, credit card data, and cryptocurrency wallet seed phrases. The operation's results are impressive: 326 servers and 142 domains were seized, cryptocurrency assets worth over $47 million were frozen, a database with 27 million stolen credentials was confiscated, and about 15,000 WordPress sites used for covert virus distribution were cleaned.

Brazil: Hackers Warn of "Alien Attack"

On the night of June 19-20, 2026, Brazil's national emergency alert system, Defesa Civil Alerta, suffered a cyberattack. Attackers compromised Civil Defense employee accounts and sent 10 highest-priority messages (Alerta Extremo), bypassing smartphone system sound restrictions. Residents of several states received notifications with incoherent text containing the word "misanthropy," and in some regions, warnings of an "alien attack." To stop the spam attack, authorities were forced to forcibly shut down servers at 1:30 AM. The platform was partially restored, but the right to send alerts was left only to the National Center for Risk Management.

ZachXBT Reveals Identity of Polish Hacker

European law enforcement, with support from the FBI, arrested four members of a hacker group suspected of SIM-swapping attacks, stealing digital assets from cryptocurrency exchanges, and money laundering. The attackers used social engineering to compromise the IT infrastructure of telecommunications companies, cloned victims' phone numbers, and bypassed two-factor authentication. The total amount of laundered funds is estimated at tens of millions of Polish zlotys. On-chain researcher ZachXBT identified one of the detainees as Wojtek Kulish, known by the alias Merry, by matching designer items from a search video with his Instagram account.

My analysis: This week shows that cyber threats are becoming increasingly sophisticated — from AI manipulation to the use of government alert systems. The vulnerability of IoT devices and outdated equipment is particularly concerning: as long as users do not update firmware and change factory passwords, such botnets will multiply. The attack on Defesa Civil Alerta is a stark example of how even critical infrastructure can be used for chaos, and this requires an immediate review of security protocols.