Cyber Brief: Russian hosting network and nuclear sector governance

Yesterday saw developments that directly impact UK organisations, from the disruption of Russian cybercrime infrastructure to active exploitation of a widely used archiving tool and progress within the nuclear sector. These updates highlight the need for organisations to stay ahead of both technical vulnerabilities and governance expectations.

UK sanctions Russian hosting network enabling ransomware activity

The UK has issued coordinated sanctions against a Russian based hosting provider accused of offering so called bulletproof hosting services that enabled ransomware, phishing and wider cybercrime operations targeting UK organisations. Working with partners in Australia and the United States, UK authorities highlighted the provider’s role in supporting well known criminal groups by offering hard to take down infrastructure used to launch attacks against both public and private sector networks.

This action signals a shift in government strategy by targeting the infrastructure that enables criminal activity rather than solely pursuing individuals. Bulletproof hosting continues to be a core dependency for threat groups, providing anonymity and low enforcement risk. By disrupting these services, authorities aim to increase the operational cost of cybercrime and reduce the scale of attacks on UK businesses.

Why it matters
For UK organisations, this highlights the importance of understanding the upstream infrastructure behind cyberattacks. Vendor risk assessments should include considerations for hosting providers, content delivery networks and external services that may be leveraged by attackers. Improved visibility of outbound connections and proactive supplier monitoring will help organisations identify hidden risks within their digital ecosystem.

Source
GOV UK

7Zip vulnerability now actively exploited in the wild

A newly disclosed vulnerability in 7Zip, tracked as CVE 2025 11001, has been confirmed as actively exploited by threat actors. The flaw relates to unsafe handling of symbolic links within ZIP archives, creating an opportunity for directory traversal and arbitrary code execution. Attackers can craft malicious ZIP files that escape expected extraction paths and overwrite or plant files elsewhere on a system. Because 7Zip is used widely across enterprises, including by automated workflows, the attack surface is significant.

Security researchers who identified the vulnerability confirmed exploitation in real world scenarios, meaning organisations relying on unpatched versions may already be exposed. The vendor has released an updated version that addresses the issue, and organisations are advised to roll out the latest patch without delay.

Why it matters
Tools like 7Zip are often overlooked during patching cycles, yet they are deeply embedded across desktops, servers and automated file processing systems. Successful exploitation can provide attackers with a foothold inside corporate networks or enable lateral movement. Organisations should prioritise patching, review systems that use automated extraction workflows and monitor for unusual file writes caused by directory traversal.

Source
The Hacker News

Sellafield sees improved cyber governance recognition

The Office for Nuclear Regulation has formally recognised improvements in the cyber governance of Sellafield Ltd, reducing its regulatory attention level following sustained progress across leadership engagement, risk management and cyber assurance processes. The uplift reflects changes in senior leadership structure, including a strengthened CISO function, and improvements in how cyber risk is reported and governed across both IT and operational technology environments.

This announcement is notable because nuclear sector organisations operate under some of the UK’s strictest regulatory expectations. Sellafield’s improvements demonstrate that measurable progress in governance and culture can materially influence regulator confidence and oversight levels.

Why it matters
For organisations in other regulated sectors such as energy, finance or healthcare, this reinforces the value of visible board engagement, clear governance structures and frequent assurance reporting. As cyber risk continues to be treated as a business risk, regulators are placing increasing emphasis on leadership accountability and strategic cyber investment. Organisations can use this update as a prompt to review their own governance maturity and ensure senior leadership maintains an active role in cyber decision making.

Source
Office for Nuclear Regulation

Today’s Key Actions

1. Review vendor and infrastructure dependencies and assess exposure to high risk hosting providers.
2. Patch all instances of 7Zip and audit any automated archive extraction processes.
3. Evaluate cyber governance reporting and ensure leadership oversight aligns with regulatory expectations.
4. Strengthen monitoring for suspicious archive activity and outbound connections to unknown infrastructure.
5. Use these developments as a prompt to refresh risk registers and board level cyber updates.

Secarma Insight

The events of yesterday underline a consistent theme across the industry. Resilience now depends on understanding both direct vulnerabilities and the wider ecosystem that supports cybercrime. Organisations that maintain strong governance, stay ahead of patch cycles and actively monitor supplier dependencies place themselves in a stronger position to grow with confidence in an increasingly complex environment.

Get in touch with us to strengthen your patch-governance and supplier-risk management processes.