Rostec Readies Ruble‑Backed RUBx for National Roll‑out
RUBx will be launched on the Tron blockchain and strictly pegged 1:1 to the ruble, backed by legally governed obligations maintained in a treasury account. Rostec will act as the sole issuer, with the structure codified by law to ensure robustness and transparency. The smart-contract code is expected to be made available on GitHub and independently audited by CertiK, reinforcing compliance with Russian financial regulations.
RT‑Pay, designed to integrate seamlessly with Russia's existing banking rails, will enable transactions outside standard banking hours and facilitate smart-contract functions. Rostec says it has built the platform to adhere to anti‑money‑laundering and counter‑terrorism financing norms and to satisfy all Bank of Russia requirements.
ADVERTISEMENT
A phased launch is anticipated, initially targeting sectors where efficiency gains can be rapidly realised before expansion to broader corporate and retail use. The move dovetails with Russia's broader strategy to enhance crypto infrastructure, including the central bank's separate digital ruble pilot and the recent authorisation for institutions to offer crypto-related investment products.
Rostec, known for its significant role in defence and high-tech manufacturing, leveraged its credentials as a trusted state entity to assure users of RUBx's legitimacy. 'Each RUBx is backed by real obligations in rubles,' Rostec officials emphasise, underscoring the token's legal anchor.
This initiative aligns with a trend of expanding digital payment solutions amid geopolitical and economic pressures. Russian financial institutions such as Sberbank and Moscow Exchange have already introduced crypto-linked offerings, and some state entities reportedly used crypto instruments to facilitate oil trade and bypass sanctions.
Economists and fintech experts note that the introduction of state-backed digital infrastructure like RUBx and RT‑Pay marks a departure from pilot programs. They highlight the potential for stablecoins—with legal and technological safeguards—to provide a credible alternative to traditional payment systems. By utilising a blockchain infrastructure like Tron, Rostec leans on a mature ecosystem, which may support rapid adoption.
Nevertheless, independent analysts caution that integration risks remain. They point to the need for robust cybersecurity measures, systemic risk controls, and interoperability standards with domestic and international payment systems. Successful implementation will require coordinated efforts among regulators, banks, and end users.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
TECHx
7 hours ago
- TECHx
Hidden Dangers: Supply Chain Cyberattacks in 2025
Home » Editor's pick » Hidden Dangers: Supply Chain Cyberattacks in 2025 Supply chain cyberattacks are rising fast in 2025, exposing enterprises to hidden threats through trusted vendors, weak links, and third-party vulnerabilities. In 2025, it's not the hackers breaching your firewalls that should keep you up at night. It's the vendors you trust the most, the small software firm managing your data sync, the overseas hardware supplier, or even your outsourced payroll provider. Cybercriminals are no longer attacking the front doors of the world's most secure enterprises. They're slipping through the side gates, quietly piggybacking on the digital supply chains that keep global business ticking. Verizon's 2025 Data Breach Investigations Report (DBIR) highlights this troubling trend with hard numbers: one in three breaches now involves a third party. The percentage of incidents tied to partners or suppliers has doubled from the previous year, underscoring how deeply embedded these risks have become. What's more, ransomware, often delivered via these indirect attack paths has seen a 37% increase, now factoring into nearly half of all reported breaches. The Hertz-Cleo Fallout Take the Hertz incident earlier this year. The car rental giant itself wasn't hacked. Instead, the Russian-linked ransomware gang Clop infiltrated Cleo Communications, a trusted third-party file transfer provider used by Hertz and gained indirect access to sensitive customer information. By exploiting an unknown vulnerability in Cleo's software, the attackers avoided Hertz's own hardened defenses altogether. This tactic, often called a supply chain attack, isn't new. But what's changed is how quickly it's become the go-to method for sophisticated cybercriminals, including state-backed groups. Why try to breach a billion-dollar enterprise with enterprise-grade security, when you can compromise a smaller supplier with minimal resistance and get the same prize? The damage from these attacks goes far beyond lost data or a ransom paid. They undermine trust in entire ecosystems. If an organization can't vouch for its vendors' security posture, how can it vouch for its own? A Threat Hiding in Plain Sight Supply chains have always been complex. But now it has also become invisible. Many large enterprises now rely on thousands of vendors, software-as-a-service providers, open-source libraries, cloud partners, APIs, and more, creating sprawling digital ecosystems where a single weak link can compromise an entire network. Recent data shows that software supply chain incidents are sharply on the rise. According to Cyble, the average number of such attacks per month increased by 25% from late 2024 to mid-2025. In the last two months alone, this number nearly doubled. Attackers are getting more strategic, more patient, and more effective at exploiting interdependencies between systems that most companies barely map, let alone monitor. Credential abuse remains a leading cause of breaches, with nearly a quarter of attacks stemming from stolen or weak credentials. Vulnerability exploitation is close behind, accounting for 20%. These numbers reflect a sobering reality: as businesses grow more interconnected, the attack surface is no longer within their walls. Sectoral Impact: Healthcare, Manufacturing, and More Certain sectors are feeling the burn more than others. Healthcare, with its sensitive patient data and critical uptime requirements, remains a prime target. The DBIR found 1,710 incidents in the sector this year, with over 1,500 involving confirmed data disclosure. The most compromised data types? Medical and personal. Manufacturing is facing a different but equally insidious threat: espionage. Breaches in the industry nearly doubled this year, and for the first time, 20% were tied to espionage, up from just 3% the year before. Analysts believe this rise is likely linked to state-sponsored actors targeting supply chains to access emerging technologies and industrial secrets. Meanwhile, the financial and education sectors continue to grapple with familiar foes: phishing campaigns, credential stuffing, and basic web application attacks. But the thread tying all of these sectors together is supply chain vulnerability. Regardless of industry, the weakest point isn't the organization, it's often the people and partners just outside of it. Why We're Still Behind Despite years of warnings and a growing pile of headlines, many organizations still don't conduct comprehensive security reviews of their suppliers. Some don't even know how many third-party services are connected to their systems. A recent survey found that fewer than 30% of enterprises require a Software Bill of Materials (SBOM), a basic inventory of components used in applications, from their vendors. The regulatory landscape is beginning to catch up. New compliance mandates in the U.S., EU, and GCC region are placing greater onus on companies to verify vendor security. In the UAE, cybersecurity requirements tied to national digital transformation efforts are already pushing public and private organizations to step up. But policy alone won't solve the problem. Security teams must rethink their architecture from the ground up. The old model, perimeter defense, no longer applies in an age where the perimeter includes thousands of third parties. Strategies like Zero Trust architecture, real-time threat intelligence sharing, and continuous monitoring of third-party behavior are no longer 'nice to haves.' They are essential. A Chain Only as Strong as… The phrase 'a chain is only as strong as its weakest link' is now a cybersecurity cliché. But in 2025, it's painfully accurate. As enterprises double down on digital transformation, AI tools, and cloud-first strategies, their reliance on supply chains will only deepen. That means vigilance can't stop at the firewall, it must extend across every digital handshake. Because in today's cyber era, the breach you didn't notice might just be the one that shuts everything down.
Zawya
a day ago
- Zawya
Kaspersky discovered cyberattacks that sourced information from GitHub, Quora and social networks to target organizations
Kaspersky detected a complex attack sequence that involved retrieving information from legitimate services such as GitHub, Microsoft Learn Challenge, Quora, and social networks. The attackers did this to avoid detection and run an execution chain to launch Cobalt Strike Beacon, a tool to remotely control computers, execute commands, steal data, and maintain persistent access within a network. The attacks were detected in the second half of 2024 in organizations across China, Japan, Malaysia, Peru and Russia, and persisted into 2025. The majority of victims were large to medium-sized businesses. To infiltrate victims' devices, the attackers sent spear phishing emails which were disguised as legitimate communications from major state-owned companies, particularly within the oil and gas sector. The text was phrased to look like there was interest in products and services of the victim organization to convince the recipient to open the malicious attachment. The attachment was an archive with what looked like PDF files containing requirements for the requested products and services – but in fact some of these PDFs were executable EXE and DLL files containing malware. The attackers leveraged DLL highjacking techniques and exploited the legitimate Crash reporting Send Utility which is originally designed to help developers get detailed, real-time crash reports for their applications. To function, the malware also retrieved and downloaded a code that was stored in public profiles on popular legitimate platforms to avoid detection. Kaspersky found this code encrypted inside profiles on GitHub, and links to it (also encrypted) – on other GitHub profiles, Microsoft Learn Challenge, Q&A websites, and even Russian social media platforms. All of these profiles and pages were created specifically for this attack. After the malicious code was executed on victims' machines, Cobalt Strike Beacon was launched, and the victims' systems were compromised. ' While we didn't find any evidence of the attackers using real people's social media profiles, as all the accounts were created specifically for this attack, there's nothing stopping the threat actor from abusing various mechanisms these platforms provide. For instance, malicious content strings could be posted in comments on legitimate users' posts. Threat actors are using increasingly complex methods to conceal long-known tools, and it's important to stay up to date with the latest threat intelligence to be protected from such attacks,' comments Maxim Starodubov, Malware Analyst Team Lead at Kaspersky. The method used to retrieve the download address for the malicious code is similar to what was observed in the EastWind campaign linked to Chinese-speaking actors. Kaspersky recommends that organizations follow these security guidelines to stay safe: Track the status of digital infrastructure and continuously monitor the perimeter. Use proven security solutions to detect and block malware embedded within bulk email. Train staff to increase cybersecurity awareness. Secure corporate devices with a comprehensive system, such as Kaspersky Next, that detects and blocks attacks in the early stages. About Kaspersky Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and over 200,000 corporate clients protect what matters most to them. Learn more at
Arabian Post
a day ago
- Arabian Post
OPEC+ Set to Approve Oil Output Hike Amid Supply Fears
OPEC+ members are poised to approve a significant increase in oil output at a crucial meeting scheduled for Sunday. Sources indicate that the group will likely raise production, though discussions are still ongoing over the exact size of the hike for September. The decision follows rising concerns about global oil supplies and the potential for further disruptions from Russia. This move comes as the international community grapples with the impacts of sanctions and geopolitical tensions, including the ongoing conflict between Russia and Ukraine. The oil cartel, comprising the Organization of the Petroleum Exporting Countries and other non-member allies like Russia, has been accelerating production increases over the past few months. The decision stems from a combination of factors, with an acute focus on the global oil stockpiles, which have remained low despite efforts to stabilize supply. The urgency is compounded by seasonal slowdowns in demand, which have raised questions about balancing supply with market conditions. OPEC+ leaders have also been closely monitoring the evolving situation in Russia, which continues to face economic and energy sanctions from Western nations. These sanctions, aimed at curbing Russia's oil exports, have prompted the Kremlin to seek alternative buyers for its crude oil. At the same time, the United States has renewed its calls for India to reduce its purchases of Russian oil, intensifying diplomatic pressure. Washington's strategy is driven by its broader geopolitical objective of isolating Moscow economically while pushing for a peaceful resolution to the Ukraine conflict. ADVERTISEMENT This dynamic has placed India in a delicate position. As one of the largest consumers of Russian oil, India has maintained its imports despite mounting external pressure. This situation has intensified after the European Union's sanctions on Russia, forcing some Indian state refiners to suspend their purchases of Russian oil. With OPEC+ members aware of the broader geopolitical context, their decisions will be shaped not just by market conditions but also by the complex web of international relations and the shifting allegiances in global energy trade. In recent months, the collective oil production of OPEC+ members has become a focal point in global discussions on energy security. The cartel's decisions carry significant weight in influencing oil prices, particularly as economies emerge from the pandemic and recover from inflationary pressures. The oil market has shown signs of volatility, with fluctuations in prices reflecting both the tightening supply and rising concerns about geopolitical tensions. The meeting scheduled for Sunday will likely be decisive for OPEC+ members, many of whom are keen to boost production to meet global demand. Saudi Arabia, as the group's leading producer, has expressed concerns about the pace of supply increases, but has also indicated its willingness to cooperate on finding a balanced approach. The UAE and other Gulf states have similarly shown a commitment to addressing market imbalances, although there are notable differences in opinion regarding how aggressively the group should ramp up output. A key issue at the heart of the debate is the uncertainty surrounding the Russian supply. Moscow's ability to maintain its oil exports amid sanctions has been questioned by some members, and the broader impact of any further disruptions is a critical point of discussion. Russia's oil output has remained relatively stable despite sanctions, but the ongoing conflict in Ukraine and potential future sanctions may disrupt this trend. Further complicating the situation is the fact that some OPEC+ members, such as Iraq and Algeria, have been more cautious about increasing output due to concerns over market stability. They argue that the global oil market remains fragile, and any major increase in production could lead to oversupply, ultimately lowering prices and undermining efforts to stabilize the market.
