Ransomware attack linked to gold heist at museum • The Register

Infosec in brief Online criminals prefer to deal in digital assets, but a side effect of a ransomware attack has seen a French museum robbed of $705,000 in physical gold nuggets.

Dozens of French museums fell victim to a ransomware attack in August 2024, and the nation’s Natural History Museum copped another attack in July 2025.

The Museum’s systems were so damaged that it reportedly cancelled an exhibition.

Last week the Museum discovered that thieves had broken into its minerals display section by using an angle grinder to cut through a door, before wielding a blowtorch to open a case containing gold specimens worth about $705,000.

French media report the heist was possible because the July cyberattack broke the Museum’s alarms and video surveillance systems.

Emmanuel Skoulios, deputy director general of the Museum, said thieves stole four nuggets with a combined weight of six kilograms.

He said that the gold had likely been melted down already, making the items impossible to recover. According to a police source, the thieves likely knew the cyberattack had disabled the alarm systems.

FBI crime reporting portal spoofed again

The FBI has warned that “threat actors” are spoofing its Internet Crime Complaint Center (IC3), the service it suggests the public use to report online crimes, and advised netizens to ignore any links to the site generated by search engines or other third parties.

The FBI didn’t identify the attackers but in an alert posted last Friday warned the public that sponsored links produced after searches for the IC3 “are usually paid imitators looking to deter traffic from the legitimate IC3 website.” The alert advises netizens to access IC3 by typing its URL – www.ic3.gov – directly into browsers taking care to check the site that appears uses the .gov domain

“Threat actors create spoofed websites often by slightly altering characteristics of legitimate website domains, with the purpose of gathering personally identifiable information entered by a user into the site, including name, home address, phone number, email address, and banking information,” the FBI alert advises. “For example, spoofed website domains may feature alternate spellings of words or use an alternative top-level domain to impersonate a legitimate website.”

The Feds are advising people to avoid trying to contact the agency through any links that appear on search engines as sponsored search engine results and to check that the URL used is www.ic3.gov with no alterations.

It’s the second time this year that the FBI has warned of bad actors spoofing IC3. In April it discovered over 100 attempts to fool IC3 visitors with bogus URLs. Financial fraudsters also posed as “IC3 Chief Director Jaime Quin” – a fictional identity with no connection to the service – and tried to defraud netizens.

ICE is chill about cracking phones

The US Immigration and Customs Enforcement agency has acquired more commercial spyware.

The agency’s Homeland Security Investigations arm has signed a contract with Magnet Forensics to supply software to unlock suspect phones. Magnet is known as the makers of the Graykey application that the company claims can unlock iOS and Android devices, sometimes in less than an hour.

Magnet Forensics claims [PDF] Graykey “extracts encrypted or inaccessible data from mobile devices” and allows users “to access and extract evidence from mobile devices irrespective of device state.”

At least ICE is buying from a home-grown supplier. At the start of the month it was revealed that the current administration had reversed a Biden-era ban on the use of Israeli-made Paragon surveillanceware, which investigators could install on a suspect’s phone without user interaction.

Luxury brands under attack

French company Kering, owner of luxury goods brands such as Gucci, Balenciaga and Alexander McQueen, last week reported that “an unauthorized third party gained temporary access to our systems and accessed limited customer data from some of our Houses.”

The attackers apparently stole purchase histories, but not financial information.

Jewelry house Tiffany also admitted to a breach affecting over 2,500 customers last week. The attack on the firm, part of the French luxury conglomerate LVMH, was reportedly the work of the Scattered Spider gang. ®