In February, a multinational company’s finance team member in Hong Kong made headlines after he transmitted HK$200 million (US$25 million) to cybercriminals who pretended to be the chief financial officer and other colleagues, using deepfake technology, in what the worker thought was a legitimate video conference.
Now it’s been revealed that it was UK engineering group Arup that fell victim to the elaborate scam. When the cybercrime was first brought to light earlier this year, Hong Kong police’s Baron Chan Shun-ching told local reporters: “(In the) multi-person video conference, it turns out that everyone [he saw] was fake.”
Read more…
Source: Insurance Business
Related:
- Secure connectivity principles for Operational Technology (OT)
January 14, 2026
Operational technology (OT) environments – which have long been centred on safety, uptime, and operational continuity – are now more interconnected than ever. Driven by the need for increased efficiency, agility, and integration, these advancements offer significant operational benefits (such as real-time analytics, predictive maintenance and remote monitoring & administration), but they also introduce risks. Organisations ...
- Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response
January 12, 2026
AsyncRAT has emerged as a notable Remote Access Trojan (RAT) used by threat actors for its robust capabilities and ease of deployment. It gained favor for its extensive feature set, which includes keylogging, screen capturing, and remote command execution capabilities. Its modular architecture, typically implemented in Python, provides flexibility and ease of customization, making it a ...
- New Zealand: Second health provider, Canopy Health, hit in major cyber attack
January 12, 2026
Patients caught up in the CanopyHealth data breach are furious that it took the company six months to tell them about it. On Monday, it was revealed the leading private provider doing breast cancer diagnosis and treatment took six months to notify some patients or the public of a major cyber attack on its systems. In ...
- Paris releases Russian athlete accused by Washington of hacking attempts
January 10, 2026
Authorities in France have released a Russian national accused by the United States of participating in hacking attacks on companies for ransom in cryptocurrency. The man has been exchanged for a French citizen held in Russian custody, instead of being handed over to the U.S. The swap has been compared to the Griner case. Daniil Kasatkin, a ...
- UK government exempting itself from flagship cyber law inspires little confidence
January 10, 2026
From May’s cyberattack on the Legal Aid Agency to the Foreign Office breach months later, cyber incidents have become increasingly common in UK government. The scale extends far beyond these high-profile cases: the NCSC reports that 40 percent of attacks it managed between September 2020 and August 2021 targeted the public sector, a figure expected to ...
- Europol: 34 arrests in Spain during action against the ‘Black Axe’ criminal organisation
January 9, 2026
The Spanish National Police (Policía Nacional), in close cooperation with the Bavarian State Criminal Police Office (Bayerisches Landeskriminalamt) and with the support of Europol, has conducted an operation against the international criminal organisation ‘Black Axe’. The action resulted in 34 arrests and significant disruptions to the group’s activities. Black Axe is a highly structured, hierarchical group ...