The Cyber Express Weekly Roundup: Major State Threats, Crypto Attacks, and Legal Gaps

State‑sponsored cyber operations are evolving beyond traditional espionage, with APT28’s recent campaign exploiting vulnerable routers to hijack DNS queries and intercept Outlook credentials. By targeting the backbone of internet traffic, attackers can conduct large‑scale man‑in‑the‑middle operations without needing direct system compromise, forcing enterprises to reassess router firmware hygiene and adopt zero‑trust networking models. This shift signals that critical infrastructure will remain a prime vector for nation‑state actors seeking intelligence and financial gain.

The $285 million breach of Drift Protocol, the largest perpetual futures platform on Solana, illustrates the high‑velocity risk inherent in decentralized finance. Attackers drained half of the exchange’s value in just twelve minutes, exposing weaknesses in smart‑contract governance and liquidity controls. In response, the U.S. Treasury’s Office of Cybersecurity and Critical Infrastructure Protection launched a Digital Asset Cybersecurity Initiative aimed at standardizing security best practices, fostering public‑private collaboration, and encouraging robust audit frameworks across the crypto ecosystem. Industry participants now face heightened scrutiny and a push toward greater resilience.

Regulatory uncertainty compounds technical challenges. The expiration of the EU’s temporary CSAM scanning framework leaves tech firms without clear authority to employ hash‑matching or other detection tools, potentially hampering law‑enforcement efforts against illegal content. Simultaneously, an FBI investigation revealed that iOS notification storage can retain fragments of deleted Signal messages, highlighting how operating‑system design can unintentionally preserve sensitive data. Together, these legal and privacy gaps underscore the need for coordinated policy development that balances security imperatives with user privacy rights.