InfiniteEyes News (2025)

09/10/2025

The new wave of digital insurgents: Scattered Spider, LAPSUS$, ShinyHunters, now scattered lapsus$ hunters, operate less like organized syndicates and more like philosophical experiments in entropy. Methods of extortion, social engineering, SIM Swaps, and data leaks are flexing power in an age defined by surveillance and spectacle.

Arrests across the U.S., U.K., and Baltics have exposed a network responsible for over $100M in corporate intrusions, yet their true significance lies beyond financial damage. These actors merge cybercrime with accelerationist thought, adopting a posture of anti-ideological revolt, where chaos itself becomes a medium, and maximum damage, with maximum noise, and maximum profit becoming guiding motives.

Now joining forces with newly identified Crimson Collective, both group’s Telegram broadcasts echo Marinetti’s Futurist exaltation of aggression and velocity—but transposed into the digital domain, most recently against open-source software/ cloud infrastructure provider RedHat. Breaches and criminal acts have since become performance art. What links them is not loyalty or formal organization but a shared nihilist accelerationist impulse: to intensify collapse, to weaponize spectacle, to turn every system against itself, in the corporate domain, and sometimes IRL.

Beyond the showmanship, the Scattered Lapsus$ Hunters are also sharing tools and techniques. They have advertised a range of exploits for sale or use, claiming to possess zero-day exploits for enterprise software. They also claim to be building supercharged ransomware-as-a-service targeting VMware instances at the kernel level, with potential for lease to affiliates. This may just be talking big, but the intent has been noted.

scattered lapsus$ hunters have regardless targeted critical infrastructure alongside airlines, retail giants, and transport networks like Transport for London using low-tech but deeply human tactics: voice phishing, impersonation, and psychological manipulation. In this way, they are decentralized, adaptive, and recursive, mirroring the systems they infiltrate. One thing is certain, these are not the hackers of ten or twenty years ago.

05/09/2025

High-level overview of OFFZONE Security Conference. Review the sessions at offzone. moscow, or see selected key addresses and analysis on the Substack.

Moscow’s OFFZONE 2025 wasn’t just another hacker conference, it was a stage where Russia’s cyber strategy came into a new view. Hosted by BI.ZONE (a Sberbank subsidiary tied to WEF’s Cyber Polygon), the event highlighted how AI, hardware exploitation, and state-run cryptography are shaping an ecosystem where private industry, academia, and intelligence converge.

Behind the technical talks lie a system where the FSB and FSTEC control cryptographic standards, licensing, and surveillance, ensuring every company aligns with state interests, BI.ZONE and Kaspersky included. This model powers both digital defense and offense, fortifying Russian networks and supply chains at home while probing weaknesses abroad.

The bigger story: OFFZONE reflects a global trend toward digital sovereignty and surveillance consolidation, from Russia’s “Sovereign Internet” to Western digital ID and Big Tech-government partnerships. Different language, same direction. Same digitization of ledgers and human processes.

The question is: are we watching innovation, or rehearsals for control under the guise of collaboration?

05/09/2025

High-level overview of OFFZONE Security Conference. Review the sessions at offzone. moscow, or see selected key addresses and analysis on the Substack.

Moscow’s OFFZONE 2025 wasn’t just another hacker conference, it was a stage where Russia’s cyber strategy came into a new view. Hosted by BI.ZONE (a Sberbank subsidiary tied to WEF’s Cyber Polygon), the event highlighted how AI, hardware exploitation, and state-run cryptography are shaping an ecosystem where private industry, academia, and intelligence converge.

Behind the technical talks lie a system where the FSB and FSTEC control cryptographic standards, licensing, and surveillance, ensuring every company aligns with state interests, BI.ZONE and Kaspersky included. This model powers both digital defense and offense, fortifying Russian networks and supply chains at home while probing weaknesses abroad.

The bigger story: OFFZONE reflects a global trend toward digital sovereignty and surveillance consolidation, from Russia’s “Sovereign Internet” to Western digital ID and Big Tech-government partnerships. Different language, same direction. Same digitization of ledgers and human processes.

The question is: are we watching innovation, or rehearsals for control under the guise of collaboration?

25/08/2025

Full article and sources: infiniteeyesnews.substack.com.
//
In early July, Senator Tom Cotton, chair of chamber’s intelligence committee, also serving on its Armed Services Committee, sent a letter to Defense Secretary Pete Hegseth about Microsoft’s reported practices with the Chinese Communist Party, per Reuters.

“The U.S. government recognizes that China’s cyber capabilities pose one of the most aggressive and dangerous threats to the United States, as evidenced by infiltration of our critical infrastructure, telecommunications networks, and supply chains,” Cotton wrote in the letter. The U.S. military “must guard against all potential threats within its supply chain, including those from subcontractors”.

In a matter of weeks, Microsoft’s on-premises SharePoint servers suffered, and continue to suffer widespread, active attack due to a cluster of critical security flaws collectively dubbed “ToolShell”. These include critical vulnerability exploits CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771, with attacks attributed to CCP’s APT27 & APT31. These vulnerabilities affect Microsoft SharePoint Enterprise Server 2016, 2019, and, specifically for CVE-2025-49706 and CVE-2025-53770, the SharePoint Server Subscription Edition. The only patch offered from Microsoft so far is for 2016 Enterprise Servers and older, causing continued attacks as recently as last Monday.
Dutch cybersecurity firm Eye Security first detected ToolShell exploitation in July, followed by CheckPoint Research’s further analysis.
A threat actor using the alias ‘cnkjasdfgd’ and claiming to be a member of the WarLock ransomware gang claimed an attack and offered to sell for $200,000 a batch of one million documents allegedly stolen from C**t, a UK Telecommunications firm.
Several data samples have also been published to prove the validity of the files, with attacks dating back to March in Croatia, Turkey, and Portugal. According to the individual, some stolen files include financial, employee, customer, and executive data, internal emails, and software development information.

Warlock claimed 16 victims across government, finance, and manufacturing in its first month.

08/08/2025

The Syrian Telecommunications Company announced on Saturday that “a major disruption affected several communication circuits, causing partial outages in internet and landline services in Damascus and Aleppo”, coincidentally the same night violence surfaced between Druze militias, the New Syrian Government, and Christian and Sunni bedouin tribes in the Suwayda governate.

Despite these claims that the disruptions were due to “technical and logistical challenges,” including a fuel shortage, multiple accounts from residents and activists indicate that the blackout was deliberate and occurred in parallel with military activity. “The internet shutdown was part of the attack,” people told SMEX.

21/07/2025

DefenseNews: A jamming attack in March was triangulated to the harbor town of Baltiysk, which is also home to the Russian Baltic Fleet and its electronic-warfare complex, a military facility packed with antennas and mobile EW units, although the triangulation appeared to resolve to a point southwest of the city, closer to the harbor.
GPS jammers and spoofers can be very small, even those with a large range, and might be easily overlooked in satellite imagery. Ziebold, a German researcher, said his team had purchased jammers the size of a shoe box that had a range of many kilometers.
This also means that they can be mobile. The jammer that has been plaguing Estonia, for example, appears to have moved from southwest of Saint Petersburg to northwest of the city.
This emerges from data shared by open-source intelligence researcher auonsson, who is part of a network of social media activists examining the jamming saga on a technical level. The person behind the social media handle spoke Defense News on the condition of remaining anonymous.
Auonsson used aircraft-transmitted data to create a heatmap of possible jammer locations around Russia’s imperial city. The flight information transmitted by planes and used for live airplane tracker maps also contains information about the quality of GPS data; when an aircraft’s GPS quality suddenly drops, this suggests that a jammer has come up over the plane’s horizon. By plotting the horizons of thousands of flights when they first encountered jamming, a heat map can be created, allowing for an approximate idea of where the offending transmitter might be located. The source code for this experiment is available on GitHub, (github.com/jpajala/GpsJammerLocator) and the data (airplanes.live) on which the investigation is based is publicly available.
“I don’t consider the exact source very relevant for the public discussion,” the person behind the auonsson handle said. “The country is, though,” they added, referring to Russia.
——
See infiniteeyesnews.substack.com for full sources and analysis including the scope of GNSS disruptions, how R-Mode is becoming critical to navigational security, and Russia’s Baltic EW capabilities.

05/07/2025

Full article and sources: infiniteeyesnews.substack.com

——/1
Last Sunday, the last pro-democracy party in Hong Kong, the League of Social Democrats, disbanded, along with other crucial civil society organizations amongst a wave of new disappearances under the city’s new National Security law. Under the law, police have arrested around 330 individuals, prosecuted 189, and secured convictions against 165 under opaque justification.
Privacy and civil liberties are taking a massive hit as well as China’s policing surveillance dragnet expands to the shores of Europe, Iran, and Hong Kong. iFlyTek is funding research from York and Queen’s universities in Canada, while Hikvision, ZTE, Huawei, Tiandy provide CCTV backbones. iFlyTek voice pattern recognition, national biometrics databases, AI pattern detection models can retroactively track movement on a persistent basis.
The Chinese government has been investing heavily in AI-driven biometric data capturing over the past decade. Facial recognition, thermal cameras, AI object and movement detection, and surveillance technologies such as “smart cities,” integrate into the CCP’s Sharp Eyes program, which can monitor all aspects of an individual’s public life are all on the docket, according to Wenhao Ma of VOA’s China Division. Hong Kong authorities used evidence from AI surveillance cameras installed last year to prosecute six people for monkey feeding, while using thermal cameras and AI data aggregation to target rat populations.
——/1

17/06/2025

Full sources and commentary: infiniteeyesnews.substack.com.
——/
The simmering geopolitical tensions between Iran and Israel have metastasized into a persistent and escalating cyber conflict that is destabilizing critical infrastructure, economic stability, and regional digital sovereignty. Recent attacks, attribution intelligence, and strategic assessments paint a clear picture: cyberspace is no longer a supporting front—the hybrid is becoming a primary domain of modern warfare, targeting families, using infrastructure used by civilians every day, creating an atmosphere where no one is safe.
Both states have intensified their cyber operations, with Iran’s OilRig and MuddyWater groups targeting Israeli entities, hacktivists affecting satellite and military communications, and suspected Israeli actors deploying tailored cyberweapons to degrade Iranian infrastructure, surveillance networks, implementing agit prop tools, while anti-regime Iranian actors Lab Dookhtegan disrupts communications of 116 Iranian commercial vessels. Reformists are largely sidelined, hardliners fractured. The field is open for a post-Khamenei government. Who will be the next Al-Jolani?

Today, all databases of Sepah Bank, one of the largest central banks in Iran, were erased in a major cyber attack. All its ATMs are non-functional and customers can’t withdraw cash. IDF has proposed a strong media blackout during attacks, specifically surrounding impact sites. Gaza has internet connectivity blackouts due to disrupted telecommunication lines from June 12-15, and is again disrupted on June 17. Iran’s own internet shutdowns, designed to limit dissent and shield state activity, are backfiring economically and tactically. Iran’s reliance on domestic infrastructure like the National Information Network (NIN) and “halal internet” has created a brittle system, costing them $1m a day in lost business, per a new report from Internet Society. Kurdistan seeing daily scheduled internet shutdowns for public school exams until June 29. Minor hacktivist spillover defacement attacks from both pro-Israel and pro-Iran clusters. There are currently 83 groups active, with 3 Russian groups supporting Iran.
——/1

16/05/2025

Full article and sources: infiniteeyesnews.substack.com

——/1 Picture this: you’re wearing headphones that whisper secrets of self-mastery and productivity into your skull, a soft signal gently coaxes you into meditative bliss, your dreams then become advertising space and somewhere in a galaxy far, far away, or maybe just a floor above some server farm—your brainwaves are being commodified like pork futures. Welcome to “neurocapitalism”, what could go wrong? The human mind—the final black box—is being opened with gold-plated crowbars. At the Zhongguancun Forum, at ad agencies in Manhattan, at VR arcades in Seoul, the same future is unfolding: our thoughts as data points. Our emotions as metrics. Our free will as an illusion optimized for ad delivery.
The age of privacy is over. The age of thought-mining has begun.
As consumer neurotechnology moves from science fiction to everyday reality, a comprehensive April 2024 and a recent symposium by the Neurorights Foundation has raised urgent red flags about the unchecked collection and misuse of neural data. Synchron and Apple are making new partnerships, while China’s innovation sector gets more and more public about its goals. Neurorights Foundation’s report, titled “Safeguarding Brain Data: Assessing the Privacy Practices of Consumer Neurotechnology Companies,” evaluates the data privacy policies of 30 global neurotech firms and finds a disturbing lack of transparency, user control, and consent mechanisms surrounding the use of brain data.
29 out of 30 companies (96.67%) have access to consumers’ neural data without meaningful limitations.
Only 22 companies (73.33%) have privacy policies related to their neurotechnology products available on their websites. The remaining 8 companies (26.67%) lack publicly accessible policies specific to their neurotechnology offerings.
While all companies provide a contact method, only 11 (36.67%) responded to inquiries. Just 4 companies (13.33%) meet all standards for transparency, including providing relevant policy documents, responsive communication channels, and notifications of policy changes.

/1

03/05/2025

Fully story and simulated war game with weaponized chatbots, subscribe for free: infiniteeyesnews.substack.com.
(For educational purposes only, *insert nervous chuckle*)
——/1
In the modern era of hybrid warfare, forums are soft targets — digital watering holes where ideas are formed and loyalties tested. China’s People’s Liberation Army (PLA), as well as entities affiliated with Russia’s Internet Research Agency, have long been accused of seeding misinformation online. But the evolution of AI chatbots supercharges this playbook. AI chatbots, particularly those powered by LLMs, can simulate persuasive and coherent conversation at scale. When integrated into coordinated influence operations, they become instruments of manipulation, disinformation, and societal disruption. This weaponization manifests in several key domains including disinformation campaigns, phishing social engineering, “flooding and drowning” or poisoning the well, and targeted manipulation through psychographic profiling.
Imagine a forum thread discussing vaccine safety, crypto, or regional politics. Imagine the type of demographic browsing these forums. A single well-tuned chatbot can post in favor of a specific angle, engage with dissenters, simulate consensus, and shift the Overton window—all without being flagged by typical moderation filters. At scale, this becomes a weaponized consensus engine.
Already, open-source tools like Auto-GPT and GPT-Agents have shown how autonomous AI actors can be configured to perform persistent, goal-driven tasks online. An adversarial state could unleash thousands of such agents into targeted forums to influence diaspora communities, sway regional elections, or destabilize activist organizing spaces.
A recent study by researchers at the University of Zurich has reignited concern over these ghosts in the threads, showing that even today’s publicly available AI tools can pass as convincing forum participants. But what happens when such tools fall into the hands of nation-states, extremists, or information warfare units?
——/1

02/05/2025

Full article: infiniteeyesnews.substack.com
——/1
One of the most insidious dimensions of China’s cyber ecosystem lies in its weaponization of spyware against domestic and diasporic targets. The Integrated Joint Operations Platform (IJOP) in Xinjiang (exposed in the International Consortium of Independent Journalists’ 2017 China Cables releases) - a big-data policing system deployed in the region, collects real-time surveillance data on individuals’ movements, communications, and behavior patterns. It is supported by spyware implanted in Android apps disguised as prayer guides, job boards, or educational tools, and these apps have seen a resurgence of spyware in recent months.
The UK’s National Cyber Security Centre (ACSC), alongside its Five Eyes intelligence partners, issued a stark advisory confirming the resurgence of two highly sophisticated spyware frameworks: BadBazaar and Moonshine. Both have been directly implicated in campaigns targeting Uyghur, Tibetan, and Taiwanese individuals, with BadBazaar being primarily deployed on Android devices and Moonshine affecting both Windows and Android platforms. These spyware tools have capabilities that go far beyond basic surveillance. Once installed, BadBazaar can harvest contact lists, track real-time location data, monitor SMS and messaging apps, record phone calls, and upload files to remote servers—essentially turning the user’s phone into a 24/7 spy device. Moonshine, which often spreads via malicious websites or pirated software, similarly allows for full system compromise and ongoing data exfiltration.

MOONSHINE has extensive surveillance capabilities such as:
    •    location data including real time tracking
    •    live audio and photo capture
    •    downloading files from device
    •    retrieving device information
    •    playing audio on the device
(Continued in comments)

InfiniteEyes News

09/10/2025

05/09/2025

05/09/2025

25/08/2025

08/08/2025

21/07/2025

05/07/2025

17/06/2025

16/05/2025

03/05/2025

02/05/2025

Address

Website

Alerts

Contact The Business

Shortcuts

Share