Established in 2024, the People's Liberation Army Cyberspace Force merges cyber and electronic warfare to disrupt, deter, and dominate in future conflicts.
With the launch of its Cyberspace Force, China has elevated the digital domain to a theatre of war. The Cyberspace Force of the People’s Liberation Army (PLA) is China’s newest military branch, launched on 19 April 2024.
Based in Haidian District, Beijing, and with five antennas across the country, it operates under the direct authority of the Central Military Commission (CMC).
Its creation followed the dissolution of the Strategic Support Force (SSF) and shows a broader shift in China’s approach to modern warfare. The force is tasked with both defending and attacking in the cyber domain. Additionally, it covers:
Network security
Electronic warfare
Information dominance
The Cyberspace Force plays a central role in China’s preparation for future conflicts, particularly in what the PLA calls “informatised warfare”, a doctrine focused on controlling the flow of information across all domains. By placing the unit directly under the CMC, China ensures centralised control, operational discipline, and strategic reach in cyberspace.
On 19 April 2024, the CMC formally dissolved the SSF and created three independent forces:
This marked the first time China designated cyberspace as an independent warfare domain with dedicated command, personnel, and budgetary autonomy. The Cyberspace Force now operates as a Corps Leader-grade service, headquartered in Beijing. It is led by Lieutenant General Zhang Minghua, with Lieutenant General Han Xiaodong serving as its political commissar. Its emergence reflects a shift from fragmented technical capabilities to centralised, strategic integration of cyber warfare into China’s military planning.
Today, Microsoft Threat Intelligence Center is excited to announce the release of RIFT, a tool designed to assist malware analysts automate the identification of attacker-written code within Rust binaries. Known for its efficiency, type safety, and robust memory safety, Rust has increasingly become a tool for creating malware, especially among financially motivated groups and nation-state entities. This shift has introduced new challenges for malware analysts as the unique characteristics of Rust binaries make static analysis more complex.
One of the primary challenges in reverse engineering malware developed with Rust lies in its layers of abstraction added through features such as memory safety and concurrency handling, making it more challenging to identify the behavior and intent of the malware. Compared to traditional languages, Rust binaries are often larger and more complex due to the incorporation of extensive library code. Consequently, reverse engineers must undertake the demanding task of distinguishing attacker-written code from standard library code, necessitating advanced expertise and specialized tools.
To address these pressing challenges, Microsoft Threat Intelligence Center has developed RIFT. RIFT underscores the growing need for specialized tools as cyber threat actors continue to leverage Rust’s features to evade detection and complicate analysis. The adoption of Rust by threat actors is a stark reminder of the ever-changing tactics employed in the cyber domain, and the increasing sophistication required to combat these threats effectively. In this blog post, we explore how threat actors are increasingly adopting Rust for malware development due to its versatility and how RIFT can be used to combat this threat by enhancing the efficiency and accuracy of Rust-based malware analysis.
Switzerland says a ransomware attack on the non-profit health foundation Radix that involved data being stolen and encrypted had also affected the federal administration.
The Radix Foundation, a not-for-profit organisation active in the field of health promotion, has been the victim of a ransomware attack, it was confirmed on Monday. The criminals stole and encrypted data, which they then published on the darknet.
The foundation contacted the National Cybersecurity Centre (NCSC) after carrying out an initial analysis of the situation, it announced on Monday. Radix’s clientele also includes various administrative units of the federal administration.
The aim is to determine which services and data are actually affected by the cyber attack. At no time were the hackers able to penetrate the systems of the federal administration, as the Radix Foundation itself does not have such direct access, the centre pointed out.
On 12 June 2025, dozens of anonymous X (formerly Twitter) accounts advocating Scottish independence abruptly went silent. Many had posted hundreds of times per week, often using pro-independence slogans, anti-UK messaging, and identity cues like “NHS nurse” or “Glaswegian socialist.”
Their sudden disappearance coincided with a major Israeli airstrike campaign against Iranian military and cyber infrastructure. Within days, Iran had suffered severe power outages, fuel shortages, and an internet blackout affecting 95 percent of national connectivity.
What appeared at first glance to be a curious coincidence has since emerged as the most visible rupture to date in a long-running foreign influence operation.
A cartel affiliate notified an FBI agent about a hacker who infiltrated cameras and phones to track an FBI official’s meetings, the DOJ inspector general said.
A hacker working on behalf of the Sinaloa drug cartel infiltrated cameras and phones to track an FBI official in Mexico investigating the drug lord El Chapo, then used data from that surveillance to kill and intimidate potential sources and witnesses the agent was meeting with, a Justice Department watchdog report revealed.
An FBI case agent learned about the hacker from someone affiliated with the cartel in 2018, according to the inspector general report released Friday.
“That individual said the cartel had hired a ‘hacker’ who offered a menu of services related to exploiting mobile phones and other electronic devices,” the report states. “According to the individual, the hacker had observed people going in and out of the United States Embassy in Mexico City and identified ‘people of interest’ for the cartel, including the FBI Assistant Legal Attache (ALA T), and then was able to use the ALA T’s mobile phone number to obtain calls made and received, as well as geolocation data, associated with the ALAT’s phone.
Unidentified hackers breached a Norwegian dam's control system in April, opening its valve for hours due to a weak password.
In a concerning incident this April, unidentified hackers managed to breach the control systems of a Norwegian dam. Reportedly, hackers breached the control systems of a Norwegian dam, causing its water valve to open fully. The incident occurred at the Lake Risevatnet dam, situated near the city of Svelgen in Southwest Norway. The valve remained open for four hours before the unauthorized activity was detected.
According to the Norwegian energy news outlet, Energiteknikk, the hack did not pose a danger, as the water flow barely exceeded the dam’s minimum requirement. The valve released an additional 497 litres per second, but officials noted that the riverbed could handle a much larger volume, up to 20,000 litres per second.
The incident was discovered on April 7 by the dam’s owner, Breivika Eiendom. Norwegian authorities, including NSM (National Security Authority), NVE (Norwegian Water Resources and Energy Directorate), and Kripos (a special agency of the Norwegian Police Service), were alerted on April 10, and an investigation is now underway.
Officials suspect the breach occurred because the valve’s web-accessible control panel was protected by a weak password. Breivika technical manager Bjarte Steinhovden speculated this was the likely vulnerability. The initial point of entry allowed attackers to bypass authentication controls and gain direct access to the operational technology (OT) environment.
An intern at Société Générale is believed to have facilitated the theft of more than EUR1mn (USD1.15mn) from the bank's customers.
A business student who was interning at Société Générale, a leading multinational bank headquartered in France, is believed to have fed information to SIM swappers who stole from 50 customers of the bank, reports Le Parisien. The intern’s arrest prompted officers from France’s fraud police (La Brigade des Fraudes aux Moyens de Paiement, BFMP) to identify a series of alleged accomplices, including one person who specialized in taking control of the phone service of victims.
Using information provided by the intern, the SIM swapper would call the comms providers that provided service to customers of Société Générale. He would pretend to be the legitimate phone user, and that his phone had been lost so a replacement SIM would be issued to him. Having taken control of the victim’s phone service, the SIM swapper would then receive the one-time passwords sent to those numbers by Société Générale. With these codes, the gang were able to withdraw money from the bank accounts of victims. In total, it is believed that more than EUR1mn (USD1.15mn) was stolen this way.
