The probe is based on complaints from a lawmaker and an unnamed senior civil servant.
rench prosecutors have opened a criminal investigation into X over allegations that the company owned by billionaire Elon Musk manipulated its algorithms for the purposes of “foreign interference.”
Magistrate Laure Beccuau said in a statement Friday that prosecutors had launched the probe on Wednesday and were looking into whether the social media giant broke French law by altering its algorithms and fraudulently extracting data from users.
The criminal investigation comes on the heels of an inquiry launched in January, and is based on complaints from a lawmaker and an unnamed senior civil servant, Beccuau said.
A complaint that sparked the initial January inquiry accused X of spreading “an enormous amount of hateful, racist, anti-LGBT+ and homophobic political content, which aims to skew the democratic debate in France.”
POLITICO has reached out to X for comment.
The investigation lands as X is increasingly under fire from regulators in Paris and Brussels.
Two French parliamentarians referred the platform to France’s digital regulator Arcom on Thursday following anti-Semitic and racist posts by Grok, the artificial-intelligence chatbot that answers questions from X users.
The European Commission has separately been investigating the Musk-owned platform for almost two years now, on suspicion of breaching its landmark platforms regulation, the Digital Services Act.
The technical infrastructure that underpins Telegram is controlled by a man whose companies have collaborated with Russian intelligence services. An investigation by IStories
Telegram, the wildly popular chat and messaging app, is the pride of the Russian IT industry. According to Pavel Durov, the enigmatic entrepreneur who created the service twelve years ago, it now has over a billion monthly active users around the world.
Among the reasons for this success is Telegram’s reputation for security, coupled with Durov’s image as a free speech champion who has defied multiple governments.
“Unlike some of our competitors, we don’t trade privacy for market share,” he wrote this April. “In its 12-year history, Telegram has never disclosed a single byte of private messages.”
But IStories’ new investigation reveals a critical vulnerability.
When we investigated who controls the infrastructure that keeps Telegram’s billions of messages flowing, we found a man with no public profile but unparalleled access: Vladimir Vedeneev, a 45-year-old network engineer.
Vedeneev owns the company that maintains Telegram’s networking equipment and assigns thousands of its IP addresses. Court documents show that he was granted exclusive access to some of Telegram’s servers and was even empowered to sign contracts on Telegram’s behalf.
There is no evidence that this company has worked with the Russian government or provided any data. But two other closely linked Vedeneev companies — one of which also assigns Telegram IP addresses, and another which did so until 2020 — have had multiple highly sensitive clients tied to the security services. Among their clients is the FSB intelligence agency; a secretive “research computing center” that helped plan the invasion of Ukraine and developed tools to deanonymize internet users; and a flagship state-owned nuclear research laboratory.
Without you, there is no us
Support IStories — it helps us to continue telling the truth
Donate
“If true, this reporting highlights the dangerous disconnect between what many believe about Telegram’s security and privacy features, and the reality," said John Scott-Railton, a Senior Researcher at The Citizen Lab. "When people don't know what is actually going on, but assume they have metadata privacy, they can unknowingly make risky choices, bringing danger to themselves and the people they’re communicating with. This is doubly true if the Russian government sees them as a threat."
A Ukrainian IT specialist who spoke with IStories on condition of anonymity said that the Russian military has used “man-in-the-middle” type surveillance in his country after capturing network infrastructure.
"You get physical access to the data transmission channel and install your equipment there,” he said. “In such an attack, the hackers aren’t even interested so much in the user's correspondence. They get metadata to analyze. And that means IP addresses, user locations, who exchanges data packets with whom, the kind of data it is… really, all possible information.”
Durov is currently under investigation in France after being arrested last August on charges related to the circulation of illegal content on Telegram. The company has since implemented a number of measures to crack down and step up its collaboration with the authorities. Durov has been released under judicial supervision and is allowed to travel.
He did not reply to requests for comment. Vedeneev spoke with IStories but declined to make any of his comments public.
Verisource Services, an employee benefits administration service provider, has determined that a previously announced data breach was far worse than initially thought and has affected up to 4 million individuals. The Houston, Texas-based company detected a hacking incident on February 28, 2024, that disrupted access to some of its systems. Third-party cybersecurity and incident response experts were engaged to investigate the incident and determine the nature and scope of the unauthorized activity.
The forensic investigation confirmed hackers had access to its network and exfiltrated files on February 27, 2024. At the time of the initial announcement, Verisource Services said names, dates of birth, genders, and Social Security numbers had been stolen. The affected individuals included employees and dependents of clients who used its services, which include HR outsourcing, benefits enrollment, billing, and administrative services.
The data breach was initially reported as affecting 1,382 individuals, but as the investigation progressed, it became clear that the breach was worse than initially thought. In August 2024, the data breach was reported to the HHS’ Office for Civil Rights (OCR) as involving the protected health information of 112,726 individuals. The most recent notification to the Maine Attorney General indicates up to 4 million individuals have been affected, a sizeable increase from previous estimates. The OCR breach portal still lists the incident as affecting 112,726 patients and plan members of its HIPAA-regulated entity clients, although that total may well be updated in the coming days.
Verisource Services explained in the breach notice that the data review was not completed until April 17, 2025, almost 14 months after the security incident was detected. Verisource Services reported the security incident to the Federal Bureau of Investigation, and several additional security measures have been implemented to improve its security posture. Notification letters had previously been sent to some affected individuals; however, the bulk of the notification letters have only recently been mailed. Verisource Services said complimentary credit monitoring and identity theft protection services have been offered to the affected individuals, who will also be protected with a $1,000,000 identity theft insurance policy.
On April 26, an unauthorized user exploited a vulnerability with a GitHub workflow to gain unauthorized access to tokens, all of which have now been invalidated. At this time, our investigation has found no evidence of code modifications, unauthorized access to production systems, exposure of customer data, or access to personal information.
Sygnia investigates Weaver Ant, a stealthy China-nexus threat actor targeting telecom providers. Learn how web shells enable persistence and espionage.
In our first investigation into Israel-based spyware company, Paragon Solutions, we begin to untangle multiple threads connected to the proliferation of Paragon's mercenary spyware operations across the globe. This report includes an infrastructure analysis of Paragon’s spyware product, called Graphite; a forensic analysis of infected devices belonging to members of civil society; and a closer look at the use of Paragon spyware in both Canada and Italy.
An investigation into buying access to browsers through extensions
One of the challenges with investigating cybercrime is the infrastructure the adversaries leverage to conduct attacks. Cybercriminal infrastructure has evolved drastically over the last 25 years, which now involves hijacking web services, content distribution networks (CDNs), residential proxies, fast flux DNS, domain generation algorithms (DGAs), botnets of IoT devices, the Tor network, and all sorts of nested services.
This blog shall investigate a small UK-based hosting provider known as BitLaunch as an example of how challenging it can be to tackle cybercriminal infrastructure. Research into this hosting provider revealed that they appear to have a multi-year history of cybercriminals using BitLaunch to host command-and-control (C2) servers via their Anonymous VPS service.
India's Tata Technologies has disclosed a ransomware attack affecting its IT assets.
ICAO says the incident was allegedly linked to a hacker 'known for targeting international organizations'
BeyondTrust identified a security incident that involved a limited number of Remote Support SaaS customers. On December 5th, 2024, a root cause analysis into a Remote Support SaaS issue identified an API key for Remote Support SaaS had been compromised. BeyondTrust immediately revoked the API key, notified known impacted customers, and suspended those instances the same day while providing alternative Remote Support SaaS instances for those customers.
12/12/24 While the security incident forensics investigation remains ongoing, there are no material updates to provide at this time. We continue to pursue all possible paths as part of the forensic analysis, with the assistance of external forensic parties, to ensure we conduct as thorough an investigation as possible. We continue to communicate, and work closely with, all known affected customers. We will continue to provide updates here until our investigation is concluded.
Smartphone apps downloaded from Apple and Google can allow parents and other abusers to connect with pedophiles who pay to watch — and direct — criminal behavior.
iVerify’s Mobile Threat Hunting finds Pegasus spyware is more prevalent and capable of infecting a wide range of devices, not just devices of high-risk users.
Sophos X-Ops unveils five-year investigation tracking China-based groups targeting perimeter devices
Austrian security authorities have identified a Swiss man as the suspect in a series of emails containing bomb threats.
One of Russia’s most prominent pro-democracy organisations, the Free Russia Foundation, announced that it was investigating a potential cyberattack on Friday, following a leak of thousands of emails and documents related to its work.
First and foremost, our thanks go to the threat research team at Silent Push and the security team at Stark Industries Solutions (referred to as “Stark” from this point forwards) for their enthusiastic cooperation in the ‘behind the scenes’ efforts of this blog post.IntroductionIn our opening statement, we also introduce the subject of this post: the cross-team and cross-organization collaborative efforts of Silent Push, Stark, and Team Cymru in taking action against a common and well-known adve
people frequently reach out to me with companies to look into. usually it takes me about 10 minutes before i move on for one reason or another—it's not interesting for a story or has good security, for example. i didnt expect anything different when an acquaintance told me about Tracki, a self-proclaimed "world leader in GPS tracking" that they suspected could be used nefariously.
at first glance, Tracki appeared to be a serious company, maybe even one that cared about security. we could never have guessed what was about to unfold before us.
half a year into our investigation, we'd found it all: a hidden conglomerate posing as five independent companies, masked from governments and customers alike through the use of dozens of false identities, US letterbox companies, and an undeclared owner. a 90s phone sex scheme that, through targeting by one of hollywood's most notorious fixers, spiraled into a collection of almost a hundred domains advertising everything from online dating to sore throat remedies. a slew of device-assisted murder cases, on top of potential data breaches affecting almost 12 million users, ranging from federal government officials to literal infants. and most importantly, a little-known Snoop Dogg song. how in the world did we get here?
starting our descent
