Cyber Intrusion in Macau: Government Websites Hacked, says Chinese state media
Incident Overview
Earlier this week, the Chinese media reported that several ‘Macau’ government websites were hacked, indicating a significant targeted cyberattack. The hacked website includes those of the office of the Secretary for Security, the public security police, the fire services department and the Security Forces Services Bureau. It was reported that the police have launched a criminal investigation to trace the source of the crime. Furthermore, officials believe the source of the intrusion was likely from overseas, and authorities have carried out an emergency response in conjunction with telecommunication operators to restore affected services on a priority basis. The densely populated Macau is a special administrative region on the south coast of China and the cyber attacks on the essential government website of China raise a serious concern.
Response and Mitigation
Macau's authorities carried out an emergency response in collaboration with telecommunication operators to restore regular services as a distributed denial-of-service attack (DDoS) was reported to be carried out on certain government websites which resulted in the inactivity of those several websites. The country's security forces instructed Macau Telecom to investigate the incident and submit a report and improvement plan to prevent similar attacks in the future.
Context and Implications
The hack on the government websites of Macau is not a single incident; rather, it is a part of an increasing pattern of cyberattacks on the region's vital infrastructure. According to a recent report, the frequency of cybercrimes has tripled since 2020, targeting Macau's critical infrastructure, which is worrying. This pattern draws attention to the growing threats that public sector organisations and governments throughout the world confront.
Final Words
In light of such sophisticated attacks targeting vital infrastructure or critical government operations, it is imperative that the country ensure powerful cybersecurity strategies and measures. Implementing robust cybersecurity measures, developing incident response planning, regular security checks, employee training on cyber hygiene, public awareness and capacity building and international collaboration to jointly develop and plan counteract strategies is a crucial step to build safeguards against such cyber threats.
The incident of a cyberattack on the government websites of Macau serves stark reminder of the evolving threats and cybersecurity challenges, it is a serious concern when critical government websites are compromised by malicious actors. It highlights the necessity for continuous vigilance and cybersecurity measures in place to counter such cyber attacks. A comprehensive approach to cybersecurity, the government can enhance their overall cybersecurity posture, establish resilience against such threats in future, and save the functionality of essential government websites.
References:
- https://macaudailytimes.com.mo/websites-of-office-of-the-secretary-for-security-targeted-in-a-cyber-attack.html
- https://www.reuters.com/world/china/several-macau-government-websites-hacked-says-chinese-state-media-2024-07-11/
- https://4imag.com/several-macau-government-websites-hacked-says-chinese-state-media/
- https://www.aol.com/news/several-macau-government-websites-hacked-001435511.htmlhttps://therecord.media/macau-government-websites-hit-with-cyberattack
- https://macaonews.org/news/city/macau-cyberattacks-cyber-security-attacks-macao/
Related Blogs
A photograph showing Prime Minister Narendra Modi holding a trident and dressed in royal attire is being widely shared on social media. Users circulating the image are claiming that it shows PM Modi in a regal outfit.
However, a verification by the Cyber Peace Foundation’s Research Desk has found that the claim is false. The investigation established that the viral image is not authentic and has been generated using Artificial Intelligence (AI).
Claim:
On January 11, 2026, several Instagram users shared the image with captions describing it as a photograph of Prime Minister Modi in royal attire.
Links and archived versions of the posts, along with screenshots, are provided below.
Fact Check:
To verify the claim, relevant keywords such as “PM Modi holding trishul” were searched on Google. This led to a report published by Navbharat Times on January 10, 2025. The report features photographs of Prime Minister Modi holding a trident during his visit to the Somnath Temple. However, in the original images, he is seen wearing normal attire, not royal clothing as shown in the viral image. Link and screenshot
In the next step of the investigation, the original photograph was traced to the official Instagram account of BJP Gujarat, where it was posted on January 11, 2026. The post clearly identifies the image as being from Somnath Temple. Link and screenshot: https://www.instagram.com/p/DTVlb-9Da1V
A close examination of the viral image raised suspicion about digital manipulation. The image was then analysed using the AI detection tool TruthScan. The tool’s assessment indicated a 97 percent likelihood that the image was AI-generated.
Further comparison between the viral image and the original photograph revealed that all visual elements match except the clothing, confirming that the attire was digitally altered using AI tools.
Conclusion
The claim that Prime Minister Narendra Modi appeared in royal attire is false. The Cyber Peace Foundation’s research confirms that the viral image was created using AI by altering the clothing in an original photograph taken during PM Modi’s visit to Somnath Temple. The manipulated image was shared online to mislead users.
Introduction
The advent of AI-driven deepfake technology has facilitated the creation of explicit counterfeit videos for sextortion purposes. There has been an alarming increase in the use of Artificial Intelligence to create fake explicit images or videos for sextortion.
What is AI Sextortion and Deepfake Technology
AI sextortion refers to the use of artificial intelligence (AI) technology, particularly deepfake algorithms, to create counterfeit explicit videos or images for the purpose of harassing, extorting, or blackmailing individuals. Deepfake technology utilises AI algorithms to manipulate or replace faces and bodies in videos, making them appear realistic and often indistinguishable from genuine footage. This enables malicious actors to create explicit content that falsely portrays individuals engaging in sexual activities, even if they never participated in such actions.
Background on the Alarming Increase in AI Sextortion Cases
Recently there has been a significant increase in AI sextortion cases. Advancements in AI and deepfake technology have made it easier for perpetrators to create highly convincing fake explicit videos or images. The algorithms behind these technologies have become more sophisticated, allowing for more seamless and realistic manipulations. And the accessibility of AI tools and resources has increased, with open-source software and cloud-based services readily available to anyone. This accessibility has lowered the barrier to entry, enabling individuals with malicious intent to exploit these technologies for sextortion purposes.
The proliferation of sharing content on social media
The proliferation of social media platforms and the widespread sharing of personal content online have provided perpetrators with a vast pool of potential victims’ images and videos. By utilising these readily available resources, perpetrators can create deepfake explicit content that closely resembles the victims, increasing the likelihood of success in their extortion schemes.
Furthermore, the anonymity and wide reach of the internet and social media platforms allow perpetrators to distribute manipulated content quickly and easily. They can target individuals specifically or upload the content to public forums and pornographic websites, amplifying the impact and humiliation experienced by victims.
What are law agencies doing?
The alarming increase in AI sextortion cases has prompted concern among law enforcement agencies, advocacy groups, and technology companies. This is high time to make strong Efforts to raise awareness about the risks of AI sextortion, develop detection and prevention tools, and strengthen legal frameworks to address these emerging threats to individuals’ privacy, safety, and well-being.
There is a need for Technological Solutions, which develops and deploys advanced AI-based detection tools to identify and flag AI-generated deepfake content on platforms and services. And collaboration with technology companies to integrate such solutions.
Collaboration with Social Media Platforms is also needed. Social media platforms and technology companies can reframe and enforce community guidelines and policies against disseminating AI-generated explicit content. And can ensure foster cooperation in developing robust content moderation systems and reporting mechanisms.
There is a need to strengthen the legal frameworks to address AI sextortion, including laws that specifically criminalise the creation, distribution, and possession of AI-generated explicit content. Ensure adequate penalties for offenders and provisions for cross-border cooperation.
Proactive measures to combat AI-driven sextortion
Prevention and Awareness: Proactive measures raise awareness about AI sextortion, helping individuals recognise risks and take precautions.
Early Detection and Reporting: Proactive measures employ advanced detection tools to identify AI-generated deepfake content early, enabling prompt intervention and support for victims.
Legal Frameworks and Regulations: Proactive measures strengthen legal frameworks to criminalise AI sextortion, facilitate cross-border cooperation, and impose offender penalties.
Technological Solutions: Proactive measures focus on developing tools and algorithms to detect and remove AI-generated explicit content, making it harder for perpetrators to carry out their schemes.
International Cooperation: Proactive measures foster collaboration among law enforcement agencies, governments, and technology companies to combat AI sextortion globally.
Support for Victims: Proactive measures provide comprehensive support services, including counselling and legal assistance, to help victims recover from emotional and psychological trauma.
Implementing these proactive measures will help create a safer digital environment for all.
Misuse of Technology
Misusing technology, particularly AI-driven deepfake technology, in the context of sextortion raises serious concerns.
Exploitation of Personal Data: Perpetrators exploit personal data and images available online, such as social media posts or captured video chats, to create AI- manipulation violates privacy rights and exploits the vulnerability of individuals who trust that their personal information will be used responsibly.
Facilitation of Extortion: AI sextortion often involves perpetrators demanding monetary payments, sexually themed images or videos, or other favours under the threat of releasing manipulated content to the public or to the victims’ friends and family. The realistic nature of deepfake technology increases the effectiveness of these extortion attempts, placing victims under significant emotional and financial pressure.
Amplification of Harm: Perpetrators use deepfake technology to create explicit videos or images that appear realistic, thereby increasing the potential for humiliation, harassment, and psychological trauma suffered by victims. The wide distribution of such content on social media platforms and pornographic websites can perpetuate victimisation and cause lasting damage to their reputation and well-being.
Targeting teenagers– Targeting teenagers and extortion demands in AI sextortion cases is a particularly alarming aspect of this issue. Teenagers are particularly vulnerable to AI sextortion due to their increased use of social media platforms for sharing personal information and images. Perpetrators exploit to manipulate and coerce them.
Erosion of Trust: Misusing AI-driven deepfake technology erodes trust in digital media and online interactions. As deepfake content becomes more convincing, it becomes increasingly challenging to distinguish between real and manipulated videos or images.
Proliferation of Pornographic Content: The misuse of AI technology in sextortion contributes to the proliferation of non-consensual pornography (also known as “revenge porn”) and the availability of explicit content featuring unsuspecting individuals. This perpetuates a culture of objectification, exploitation, and non-consensual sharing of intimate material.
Conclusion
Addressing the concern of AI sextortion requires a multi-faceted approach, including technological advancements in detection and prevention, legal frameworks to hold offenders accountable, awareness about the risks, and collaboration between technology companies, law enforcement agencies, and advocacy groups to combat this emerging threat and protect the well-being of individuals online.
Introduction
In April 2026, Anthropic revealed Claude Mythos, an artificial intelligence application capable of finding security flaws in computer networks more effectively than human beings. The corporation claimed to have found hundreds of thousands of substantially serious vulnerabilities in established desktop operating systems and web-based browsers that have not been used for at least 20 years. This news has greatly alarmed those responsible for leading financial organisations, banks, and governments throughout the world. Nevertheless, this news demonstrates a much larger problem: we do not have enough cybersecurity professionals trained to do this kind of work. At the current estimate, there are 4.8 million cyber security professionals short of what is needed globally. There is a need to develop different kinds of workforce training programs to help prepare these professionals as we continue to see the emergence of new AI technologies.
What Is Claude Mythos ?
Anthropic created Claude Mythos as part of its Claude AI system, competing against ChatGPT and Google Gemini. In April 2026, expert testing revealed Mythos excelled at identifying problems in legacy code and suggested exploitation methods. It found a vulnerability that had existed for 27 years. Because of these advanced capabilities, Anthropic restricted access through “Project Glasswing,” giving it only to 12 major tech companies and 40 organizations managing critical software. Canadian Finance Minister François-Philippe Champagne called it an “unknown unknown.” Andrew Bailey of the Bank of England said regulators needed to examine what Mythos could mean for financial attacks. The European Union raised concerns. India’s Finance Minister Nirmala Sitharaman warned at SEBI’s Foundation Day on April 25, 2026, that cybersecurity is the single most pressing challenge facing markets today. She stated a single successful cyberattack on a major exchange or large broker could disrupt markets nationally and shake public confidence for years. Sitharaman emphasized that AI tools make attacks faster, more adaptive, and autonomous, capable of discovering system vulnerabilities and manipulating code.
The Real Problem: Discovery Versus Fixing
Mythos highlights a fundamental mismatch in cybersecurity. Finding a vulnerability does not guarantee it will be fixed. Organizations face challenges patching systems. Many use obsolete technology, and updates can break dependent components. Organizations in developing nations often lack financial resources for repairs or downtime. Critical systems like hospitals, banks, and power grids cannot go offline. Before Mythos, human hackers found vulnerabilities slowly. Now AI tools find weaknesses faster than they can be fixed, creating a dangerous gap. Ciaran Martin, former head of the UK’s National Cyber Security Centre, explained that Mythos is “a really good hacker” against unprotected systems. Organizations following basic security practices—regular updates, strong passwords, network protection, trained staff can likely defend against it. The UK AI Safety Institute concluded Mythos poses the biggest threat to poorly defended systems, noting: “We cannot say for sure whether Mythos Preview would be able to attack well-defended systems.”
The Workforce Challenge
The Mythos announcement exposes the real problem: we lack enough trained cybersecurity workers. There is a global shortage of 4.8 million workers against a current workforce of 5.5 million. In AI security specifically, 34 percent of needed skills are missing. But the harder problem is that AI is changing needed skills. Entry-level jobs monitoring security alerts are being automated. These were traditional career starting points. Young people learned basic skills and moved to advanced roles. Now these positions disappear while new AI security jobs emerge for which nobody has training. Organizations cannot hire fast enough for new AI roles because few people have these skills. This leads to a vicious cycle. With fewer entry-level positions available, there will be fewer young adults entering the job market which results in even fewer workers with this skill set; thus, the shortage of qualified applicants increases; this thereby increases organizations’ vulnerability. Without action taken immediately, this issue will continue to worsen
Way Forward
- Clarify What Skills We Need
Governments and industry must work together to define what cybersecurity workers need in an AI world. Currently, aspiring professionals study networking, software, and vulnerability finding, but AI security training barely exists. Governments should work with universities and companies to clarify needed skills: understanding what AI tools can and cannot do in security, finding and fixing AI system problems.
- Support Workers Who Lose Jobs To Automation
Workers who find themselves losing their jobs due to automation will require government support. All too often without an alternative, these skilled and trained workers will leave their profession forever. The government will need to provide funding for training of displaced employees, support for those changing careers to become cyber security professionals.
- Create Clear Rules For AI Security Tools
When companies create powerful security tools, governments must understand their capabilities and risks. Companies should be required to thoroughly test tools before release, clearly explain what tools can do and their limitations, and explain safety and misuse prevention plans. Governments should monitor actual tool usage, not simply trust voluntary compliance.
- Focus On Basic Security First
Most attacks do not need advanced AI tools. They succeed because organizations have not implemented basic security. Some never update software, train employees, use strong passwords, protect data properly, or test defenses. Governments should require organizations, especially those managing critical systems, to implement these basics.
Conclusion
Claude Mythos matters not because it is a weapon of destruction, but because it forces hard questions: Do we have enough skilled workers? Are our systems well-protected? The answer is no. We face a shortage of 4.8 million cybersecurity workers and lack AI security training. Yet this is also an opportunity. Governments can invest in training, strengthen defenses, and create clear rules for AI security tools. Governments, organizations and educational institutions must collaborate to create viable Cybersecurity career pathways. We can act through either creating panic or creating a trained and prepared workforce to meet today’s challenges. The time is now.
References
- https://www.bbc.com/news/articles/crk1py1jgzko
- https://red.anthropic.com/2026/mythos-preview/
- https://www.anthropic.com/project/glasswing
- https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities
- https://www.bsg.ox.ac.uk/people/ciaran-martin
- https://www.isc2.org/Insights/2024/10/Cybersecurity-Workforce-INSIGHTS-October-2024
- https://decrypt.co/364141/anthropic-claude-mythos-serious-threat-overhyped-ai-security-institute
- https://www.businesstoday.in/latest/economy/story/fm-nirmala-sitharaman-wants-sebi-regulated-entities-to-remain-exceptionally-vigilant-heres-why-527437-2026-04-25
- https://www.theweek.in/news/biz-tech/2026/04/25/sebi-38th-anniversary-cybersecurity-concerns.html
