Cyber Security News

Hacking Editorial Brief – April 27, 2026

## Italy Extradites Alleged Chinese APT Operator; Microsoft Entra Flaw Disclosed

Italy has approved the extradition of a Chinese national to the United States on charges related to state-directed hacking operations. The suspect is accused of theft of COVID-19 research and is allegedly linked to the Hafnium threat group. An Italian court approved extradition in January, with the country's top court rejecting the suspect's appeal. Separately, Microsoft disclosed a critical identity management vulnerability in its Entra Agent ID system that enabled tenant takeover through privilege escalation. The flaw allowed attackers to perform Service Principal takeovers—effectively identity theft for application identities—by gaining ownership of the Service Principal and creating their own secret keys for persistent access.

North Korean state actors remain active across multiple theaters. Security researchers attribute a data breach at South Korea's Lee & Lee Country Club to North Korean hackers, with malware believed to have been inserted in October 2025. The breach exposed data belonging to approximately 100,000 individuals. Separately, Russian state actors are suspected in a social engineering campaign targeting German officials through Signal, where attackers impersonated "Signal Support" to harvest PINs and credentials. Additional breaches include the theft of personal data belonging to 350,000 engineers from Thailand's engineering council database, and an escalating series of cryptocurrency thefts—including the $1.5 billion Bybit hack in February 2025 and a $282 million single-holder theft in January—highlighting persistent weaknesses in cryptocurrency security infrastructure.

Sources: UNN · Financial Times · Hackread · DataBreaches.Net · Binance Square · New York Post