Sign in Subscribe
5 min read

No Human in the Loop – 10th May 2025

No Human in the Loop – 10th May 2025
Even Hackers get Hacked…

Dispatches from the Algorithmic Front

Week of 3rd May - 9th May 2025

Introduction

There’s a particular kind of irony in a world where ransomware gangs are getting hacked, cybersecurity firms are being investigated by the government, and the companies meant to defend us from all this are losing billions in market value because someone clicked the wrong link.

This week, the algorithmic front was more of a high-wire act than usual. Behind the headlines, the connective tissue of cyber confidence—who we trust, how we secure, and what happens when things go wrong—was laid bare. Add to that a new Russian malware strain, a wrecking-ball ransomware hit on M&S, and the ghosts of procurement deals past haunting CrowdStrike, and it’s fair to say the cyber-industrial complex had a wobble.

Let’s get into it.

Top AI, War and Cyber Events of the Week

1. Lockbit Ransomware Group Gets Breached

The Lockbit ransomware gang—arguably the most prolific cybercrime outfit of the past three years—has been hacked. A leak on their own dark web site revealed internal chat logs between Lockbit members and victims, exposing tactics, payment negotiations, and operational details. The breach is being described as either a rival attack or an insider leak, and the incident has sent shockwaves through the criminal underworld. It may not mean the end of Lockbit, but it’s a reputational body blow—and one that could shift the balance of power in ransomware-as-a-service circles.

2. CrowdStrike Faces Scrutiny over $32 Million IRS Deal

CrowdStrike, a cybersecurity juggernaut long seen as the grown-up in the room, is now the subject of a joint DOJ and SEC investigation. The focus? A $32 million deal with the IRS that reportedly never delivered a product. To make matters worse, the transaction was routed through a third-party reseller, muddying the audit trail. The company has responded by laying off 5% of its workforce. For a firm that built its brand on transparency and defence integrity, this investigation—regardless of the outcome—raises serious questions about procurement practices and internal governance.

3. M&S Cyberattack Unleashes Chaos and a £30 Million Hit

Marks & Spencer, the UK’s retail darling, has been hammered by a ransomware attack likely orchestrated by the Scattered Spider group using DragonForce malware. Online orders ground to a halt, fridges were monitored manually to avoid food spoilage, and backend logistics systems failed across the board. The estimated weekly financial damage: £15 million. The incident triggered responses from the National Cyber Security Centre and National Crime Agency, and has become a cautionary tale about retail sector exposure and the domino effect of digital dependencies.

4. Google Uncovers Cold River’s New Malware Campaign

Google’s Threat Analysis Group has identified a fresh malware variant called LOSTKEYS, deployed by the Russian state-linked group Cold River (aka Callisto or Star Blizzard). The malware is designed to exfiltrate sensitive files and device information from targeted systems and is now being used in campaigns aimed at Western military analysts, NGO workers, and Ukraine-linked advisory networks. Cold River is no newcomer—they were behind the 2023 NATO credential-stealing campaigns and are increasingly focusing on quieter, more surgical operations that blend espionage with influence.

5. US Marine Corps Releases AI Integration Roadmap

Not to be left behind, the U.S. Marine Corps has released its AI implementation plan—part blueprint, part battle cry. It outlines how the Corps will use artificial intelligence to accelerate decision-making, improve logistics, and enhance tactical situational awareness. The document doesn’t shout autonomy, but it does make clear that from battlefield supply chains to command-level planning, the Marine Corps intends to integrate AI in a way that supports human judgement, not replaces it. It’s a clear nod to where military doctrine is headed: man-machine teaming, not man-out-of-loop.

How These Events Connect (or Don’t)

At first glance, it’s a potpourri: a military roadmap, a botched government deal, a high-street meltdown, and a Russian malware drop. But dig deeper, and a pattern emerges—it’s all about systemic trust.

  • Lockbit’s exposure reminds us that even the criminal elite can fall victim to their own overconfidence—and that operational security is often the weakest link, even among hackers.
  • CrowdStrike’s probe shows that institutional trust isn’t immune either. As AI and cyber tools become embedded in public sector infrastructure, the margin for procedural ambiguity is shrinking.
  • M&S’s downfall is less about retail and more about interdependence. Supply chains and point-of-sale systems are now indistinguishable from the national digital fabric—and when they fail, the consequences aren’t just commercial. They’re civil.
  • Cold River’s latest evolution signals that malware is no longer just about disruption—it’s about access, influence, and stealth. Espionage is going algorithmic.
  • And the Marine Corps plan? That’s the long game. It’s a strategic hedge: build in AI before it becomes a battlefield liability not through lack of ethics, but lack of capability.

Together, these events suggest we’re entering a phase where trust—between institutions, systems, and even adversaries—is being rewritten not in treaties, but in code.

Predictions for the Month Ahead

  • Cyber Defence as Brand Equity
    Following the M&S crisis, expect more companies to publicly tout their cybersecurity posture—not just to regulators, but to customers and shareholders. Cyber risk is now reputational risk.
  • Supply Chain Attacks Will Get Quieter and Smarter
    With Cold River’s targeted approach, we’re likely to see a shift away from noisy ransomware and toward bespoke attacks that exploit exactly one or two key people inside a system. Quiet access, not chaos.
  • More Public Sector Contract Probes Incoming
    CrowdStrike won’t be the last high-profile firm to face scrutiny. Expect a cascade of FOIA requests, audits, and parliamentary pressure around tech procurement—particularly where AI is involved.
  • Criminal Groups Will Fragment
    The Lockbit leak may trigger a diaspora of affiliate groups creating splinters, leading to more disorganised—but potentially more unpredictable—campaigns. This could also muddy attribution further.
  • Military AI Integration Will Speed Up, Then Hit the Human Wall
    The Marine Corps plan is ambitious, but the bottleneck isn’t code—it’s culture. Expect progress reports by summer, but don’t be surprised if uptake is slower than planned due to human trust and institutional friction.

Fun Fact of the Week

In a delightful turn of digital irony, one of the leaked Lockbit chat logs shows a threat actor expressing frustration that their victim was using two-factor authentication. The attacker complained it was “slowing things down” and making negotiations “unnecessarily formal.”

There’s something oddly reassuring about that: even cybercriminals get flustered by login screens. The modern equivalent of a burglar grumbling because you remembered to lock the front door.

Dispatch Ends

Published by:

John Blamire