Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

Overview

The U.S. government recently paid $1 million to the data extortion group Kairos after a significant breach. This incident involved the FBI reporting that a group called TeamPCP compromised developer tools, leading to sensitive data being stolen. The impact of this breach extends to various government operations, raising concerns about the security of critical infrastructure and sensitive information. The decision to pay the ransom highlights the ongoing challenges government agencies face in dealing with cyber threats and the difficult choices they must make when confronted with extortion attempts. This situation serves as a reminder for organizations to strengthen their cybersecurity measures and be prepared for potential attacks.

Key Takeaways

  • Affected Systems: U.S. government agencies, developer tools
  • Action Required: Organizations should strengthen cybersecurity measures and conduct regular security audits.
  • Timeline: Ongoing since recent

Original Article Summary

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. Government Agency Paid $1M to Data Extortion Group Kairos FBI: TeamPCP Compromised Dev Tools to […]

Impact

U.S. government agencies, developer tools

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Ongoing since recent

Remediation

Organizations should strengthen cybersecurity measures and conduct regular security audits.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Related Coverage

Week in review: SimpleHelp vulnerability exploited, Oracle EBS Payments flaw under attack

Help Net Security

Last week, vulnerabilities in SimpleHelp and Oracle EBS Payments were actively exploited. The SimpleHelp flaw allows attackers to gain unauthorized access to systems, posing a serious risk to users of the remote support software. Meanwhile, a vulnerability in Oracle's EBS Payments system has also come under attack, potentially compromising financial data for organizations using this enterprise resource planning software. These incidents emphasize the growing challenges in securing software, particularly as companies increasingly integrate AI features, which often introduce new vulnerabilities. Organizations relying on these systems need to prioritize patching and monitoring to protect sensitive information.

Jul 5, 2026

U.S. Government Agency Paid $1M to Data Extortion Group Kairos

Security Affairs

A U.S. government agency has reportedly paid $1 million to the data extortion group Kairos, according to a case study by Ransom-ISAC. This incident marks a significant shift in the tactics employed by cybercriminals, as Kairos focuses on stealing data and extorting victims instead of traditional ransomware attacks. The case study reconstructed the negotiation process using a leaked transcript and blockchain analysis to trace the ransom payment. This situation raises concerns about the security of government data and the lengths to which agencies may go to recover sensitive information. The payment also highlights the growing threat of data extortion, which can have serious implications for public trust and national security.

Jul 4, 2026

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

The Hacker News

A U.S. government entity has reportedly paid around $1 million to a group named Kairos to prevent the release of stolen data. This situation arose from a data theft incident where sensitive files were taken, and negotiations revealed the payment through leaked chat logs and blockchain tracking. Interestingly, it appears that Kairos may not operate like traditional ransomware groups, as there is no evidence of them locking files or demanding ransom in the typical sense. This incident raises concerns about how government entities handle data breaches and the potential for attackers to exploit these situations for financial gain. The event reflects the growing challenge of data protection in the public sector and the lengths to which organizations may go to safeguard sensitive information.

Jul 4, 2026

Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds

Security Affairs

Stelios Kouloglou, a former Member of the European Parliament, was targeted with Pegasus spyware while investigating its use in surveillance. This revelation comes from a report by Citizen Lab, which documented multiple instances of the spyware infecting Kouloglou's devices during his tenure. The irony of a lawmaker probing into the misuse of such technology becoming a victim himself underscores serious concerns about privacy and the misuse of surveillance tools. This incident raises significant questions about the accountability of companies like NSO Group and the implications for individuals involved in political and human rights advocacy. The findings serve as a stark reminder of the potential risks faced by those investigating or opposing powerful surveillance technologies.

Jul 3, 2026

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

The Hacker News

A new cyber threat group called Armored Likho has been linked to attacks against government agencies and the electric power sector in Russia, Brazil, and Kazakhstan. Researchers from Kaspersky report that this group combines financially motivated schemes targeting individuals with cyber espionage aimed at organizations. The BusySnake Stealer malware is being used in these operations, which raises concerns about the potential for sensitive data breaches. The targeting of critical infrastructure like power sectors is particularly alarming, as it can have severe implications for national security and public safety. Organizations in affected regions should bolster their cybersecurity measures to defend against these types of attacks.

Jul 3, 2026

Flock Cameras Can Surveil Cars Without License Plates

Schneier on Security

Flock Safety, a surveillance camera company, has introduced a new feature that allows law enforcement to identify vehicles even when they lack visible license plates. This system, referred to as a ‘Vehicle Fingerprint’, collects data on a vehicle’s decals, bumper stickers, and other unique identifiers, enabling officers to gather more information without complete plate details. Additionally, the technology supports a 'multi geo search', helping police track multiple vehicles believed to be traveling together. This development raises concerns about privacy and the extent of surveillance capabilities available to law enforcement, as it could lead to increased monitoring of individuals who are not necessarily under investigation. As law enforcement agencies adopt these technologies, the implications for civil liberties and personal privacy will be significant.

Jul 3, 2026