Silver prices rose more than 3% to $90 per ounce by 0308 GMT.
Spotsilver jumped above the key $90 an ounce level for the first time as soft US inflation data cemented interest rate cutbets by the US Federal Reserve on the back of geopolitical tensions, robust industrial and investment demand and tightening inventories.
Silver prices rose more than 3% to $90 per ounce by 0308 GMT.
Published on January 14, 2026
The precious metals complex continued its sparkling run on Tuesday, with gold topping $4,600 an ounce and silver soaring to a new high over $88 an ounce on geopolitical crisis, particularly in the background of the brewing Iranian crisis.
In India, too, silver in the Mumbai spot market ended at a new high of ₹2,63,062 a kg, while March futures on MCX ruled at ₹2,79,419. At 2000 hours IST, silver ruled at $88.47 an ounce and February futures at $88.30.
Gold ruled at $4,625 an ounce and March gold futures were quoted at $4,635.29. In the Mumbai spot market, gold ended at ₹1,40.284 per 10 gm and February futures on MCX ruled at ₹1,42,858 per 10 gm.
Arthi Ramalingam, Founder & CEO, Eternz, said the current surge in gold and silver prices reinforces their role as trusted stores of value for Indian households amid geopolitical and macroeconomic uncertainty.
“At Eternz, we’ve seen a 20–30 per cent rise in demand for lightweight jewellery, while wedding and festive demand remains resilient,” she said.
Renisha Chainani, head of research at Augmont, said gold has decisively broken above its earlier resistance at $4,570, opening the door to higher levels. The next key targets are $4,745–4,750 (78.6% Fibonacci extension, ~₹1,46,000) and $4,966–4,970 (100% Fibonacci extension, ~₹1,52,500).
“Silver’s rally also looks set to extend further. Fibonacci projections point towards $88 (₹2,78,000) and $93 (₹2,93,000) in the coming weeks, while $70 remains a strong support zone,” she said.
Platinum and palladium, too, rose in line with gold and silver. Platinum was quoted at $2,388.50 an ounce and palladium at $1,919.50 an ounce.
Since the beginning of the year, the yellow metal has gained 7 per cent, the white precious metal over 24 per cent and platinum and palladium over 16.5 per cent.
Published on January 13, 2026
Gold surged past $4,600 an ounce for the first time on Monday, driven by heightened safe‑haven demand, expectations of US Federal Reserve rate cuts and geopolitical uncertainty, including unrest in Iran and escalating international tensions. | Photo Credit: Hiba Kola/Reuters
Gold broke through $4,600/ounce for the first time on Monday, while silver also jumped to an all-time high, bolstered by geopolitical and economic uncertainties and growing bets of US interest rate cuts.
FUNDAMENTALS
* Spot gold was up 1.5% at $4,478.79 per ounce, as of 0127 GMT. Bullion hit a record high of $4,600.33 earlier in the session.
* US gold futures for February delivery firmed 2% to $4,591.10.
* Unrest in Iran has killed more than 500 people, a rights group said on Sunday, as Tehran threatened to target US military bases if President Donald Trump carries out his renewed threats to strike the country on behalf of protesters.
* Iran’s unrest comes as Trump flexes US muscles internationally, having ousted Venezuelan President Nicolas Maduro, and discussing acquiring Greenland by purchase or force.
* US employment growth slowed more than expected in December, data showed on Friday, amid job losses in the construction, retail and manufacturing sectors.
* However, a decline in the unemployment rate suggested the labor market was not rapidly deteriorating.
* Investors currently expect at least two Federal Reserve rate cuts this year. A softer job market makes rate cuts more likely.
* Fed Chair Jerome Powell said on Sunday the Trump administration had threatened him with a criminal indictment and served grand jury subpoenas over Congressional testimony he gave last summer regarding a Fed building renovation project, an action Powell called a “pretext” aimed at putting further pressure on the central bank to lower rates.
* Non-yielding assets tend to do well in a low-interest-rate environment and during geopolitical or economic uncertainties.
* Gold prices could rise to $5,000 an ounce in the first half of 2026 on rising geopolitical risks and debt, HSBC said.
* Spot silver rose 4.4% to $83.50 per ounce after hitting an all-time high of $83.96 earlier in the day.
* Spot platinum added 2.9% to $2,338.54 per ounce after scaling a record peak of $2,478.50 on December 29.
* Palladium gained 4.2% to $1,892.18 per ounce
Published on January 12, 2026
In the international market, gold futures jumped by $171.3, or 4%, over the week to finish at $4,500.90 per ounce on Friday. | Photo Credit: Ravitaliy
Gold and silver prices are expected to sustain positive momentum next week amid heightened geopolitical tensions and the uncertainty surrounding the US Supreme Court’s imposing decision on President Donald Trump’s tariff policy, analysts said.
The release of inflation data from major economies, including the US, India, and Germany, along with trade and investment numbers from China and commentary from some Federal Reserve officials, will also be closely watched by the traders, they added.
“The bullions are expected to continue their positive momentum and corrective moves should be a buying opportunity, as focus again will remain on the US Supreme court hearing in the Trump’s trade tariffs case and the geopolitical issues surrounding US President Donald Trump’s actions and comments,” Pranav Mer, Vice President, EBG – Commodity & Currency Research, JM Financial Services Ltd, said.
On the Multi Commodity Exchange (MCX), gold futures climbed by ₹3,058, or 2.25 per cent, over the past week and settled at ₹1,38,819 per 10 grams on Friday.
Gold prices on the MCX have been volatile this week; however, the trend remains firm as prices closed positively at the end of the week, and the precious yellow metal ended at around ₹1,38,800 per 10 grams level, Prathamesh Mallya, DVP – Research, Non-Agri Commodities and Currencies, Angel One, said.
Dollar movement, Federal Reserve’s next moves, inflation and jobs data are going to be the movers for the bullion prices in the short-term, he added.
From a technical perspective, Mallya expects gold to move higher towards ₹1,41,000 per 10 grams next week.
In the international market, gold futures jumped by $171.3, or 4 per cent, over the week to finish at $4,500.90 per ounce on Friday.
“Gold futures continued their positive momentum and closed the week higher by more than 2 per cent, with prices in the overseas market closing near $4,500 per ounce,” Pranav Mer of JM Financial Services said.
Meanwhile, silver futures on the MCX also witnessed significant upside last week, with the white metal ending near record levels. The metal surged ₹16,409, or 6.94 per cent. It had zoomed to a record high of ₹2,59,692 per kg before closing at ₹2,52,725 per kg on Friday.
The white metal, over the past week, increased by $8.32, or nearly 12 per cent, before closing at $79.34 per ounce in the overseas trade.
Mer said bullion prices were supported by safe-haven demand amid heightened geopolitical tensions and mixed economic data. However, gains have been tempered at times by intermittent strength in the US dollar.
He added that exchange-traded funds (ETFs) continued to see inflows into gold and silver as investors seek portfolio protection.
On the geopolitical front, Mer pointed to rising tensions following the capture of Venezuela’s President and control over the country’s oil flows, escalation in the Russia-Ukraine conflict, unrest in Iran and broader regional frictions, all of which have supported safe-haven buying in bullion markets.
Looking ahead, Mer added that silver’s bullish structure could see prices testing the ₹2,80,000-3,00,000 per kilogram.
With key inflation data this week and the outcome of the Supreme Court tariff hearing likely to stir policy risk sentiment, bullion markets are likely to remain closely aligned to macro and geopolitical developments in the short term.
Published on January 11, 2026
The total assets under management (AUM) more than doubled in 2025 globally, while it nearly tripled in India, data from the World Gold Council (WGC) showed.
Global demand for investments in gold through exchange-traded funds (ETFs) increased by 25 per cent in 2025, even as Indian investors more than tripled inflows into ETFs.
The total assets under management (AUM) more than doubled in 2025 globally, while it nearly tripled in India, data from the World Gold Council (WGC) showed.
As of December 31, 2025, the total assets under management (AUM) in gold ETFs were $558.9 billion, up from $271.8 billion in the year-ago period. Fund flows in 2025 were $88.55 billion against $37.04 billion in 2024. Gold holdings increased by 801 tonnes to 4,025.4 tonnes from 3224.2 tonnes in 2024. In 2024, the holdings dropped by one per cent.
ETF investments in India in 2025 were $4.37 billion, up over three times from $1.28 billion in 2024, and AUM increased to $14 billion from $5.1 billion. Gold holdings increased to 95 tonnes from 57.5 tonnes during the period, registering a 65 per cent rise in gold holdings.
ETF investments by Indians were the third highest for the second year in a row at $4.37 billion, after US and Chinese investors. US overtook China in ETF investments, with inflows rising to $49.82 billion compared with $1.83 billion in 2024. Chinese ETF investments also increased, but it did not keep pace with US inflows. Chinese inflows were $15.47 billion compared with $4.36 billion during the period.
One of the reasons for gold soaring, hitting fresh highs 53 times in 2025, was the investments in ETFs as investors saw it as a haven in view of the geopolitical crisis and trade wars, besides the US Fed’s move to cut interest rates.
At 1900 hours IST, gold ruled at $4,486.43 an ounce, while February gold futures on COMEX were $4,496.76. In India, gold was quoted at ₹1,37,122 per 10 gm in the Mumbai spot market. On MCX, gold February futures were quoted at ₹1,38,597 per 10 gm. The yellow metal has gained over 3.5 per cent since the start of 2026.
Among other countries, in the UK, investors poured in $3,78 billion and in Switzerland, $4.34 billion. Japanese investors’ inflow was $3.12 billion. In France, it was $2.2 billion, and in Korea, it was $2.24 billion.
Meanwhile, global investments in ETFs continued for the seventh month in a row in December, the WGC data showed. Investments were dominated by North American funds, as they had been for the full year.
The WGC said the surge in the precious metals complex in December could result in some near term volatility for gold. “But beyond short-term effects, gold will likely hum to its own tune,” it said.
On the other hand, demand for gold from central banks across the world was firm in November with net purchases totaling 45 tonnes. As of November 30, central banks purchased 297 tonnes.
Emerging-market central banks continued their significant gold buying in 2025, said the WGC. The National Bank of Poland bought 12 tonnes in November, continuing its buying streak since October. The purchase lifted its gold reserves to 543 tonnes, or almost 28 per cent of total reserves at end-November prices.
The Central Bank of Brazil bought gold for the third consecutive month, adding 11 tonnes in November. It has purchased 43 tonnes since September, taking its total gold reserves to 172 tonnes (6 per cent of its total reserves).
Published on January 9, 2026
After one of the most explosive rallies in modern market history, few investors expect gold to pull off a repeat in 2026. But many top money managers are still betting on further gains, arguing that the forces that propelled bullion to a record remain in place.
Gold surged 65 per cent in 2025 — its strongest performance in nearly half a century — as retail and institutional investors piled in alongside central banks. In a year where almost every tailwind supporting the precious metal collided, from falling interest rates to geopolitical tensions, bullion even pushed through an inflation-adjusted high that had held since 1980.
Bloomberg spoke with more than a dozen money managers, whose firms collectively handle trillions of dollars of assets, to gauge sentiment after the historic year. Most of them said they’ve opted not to take too much money off the table, holding conviction in the metal’s longer-term appeal.
“We continue to expect gold to rally in 2026, as the drivers of its strong run remain intact,” said Ian Samson, a portfolio manager at Fidelity International. Samson trimmed his position during a frenzied stretch of October but has since added back, citing central bank buying, declining interest rates and high fiscal deficits as supportive factors.
Investors also pointed to waning confidence in major developed-market currencies — driven by attacks on central bank independence and rising sovereign debts — as a key pillar of support for bullion. Swelling public debt in advanced economies fueled political discord through last year, from a congressional standoff in the US and paralysis in France, to scrutiny of a record budget under Japan’s new leadership.
Gold is “basically an anti-fiat currency play now more than anything else,” said Mike Wilson, chief investment officer and strategist for Morgan Stanley. That view gained traction in the latter months of 2025, as the so-called debasement trade took hold and investors from Ken Griffin to Ray Dalio pointed to gold’s rise as a warning signal.
Wilson advises allocating 20 per cent of one’s portfolio into real assets, including gold, as a hedge against inflation, replacing the traditional 60/40 stocks and bonds mix with a 60/20/20 split. He noted that the debasement story has gone mainstream.
“When everybody understands the story, you have to ask yourself: Well, is it priced now?” Wilson said. “I don’t think it’s fully priced, only because I don’t see the change in behavior yet. I don’t see the fiscal discipline anywhere in the world. In fact, I see the opposite.”
Darwei Kung, head of commodities and a portfolio manager at DWS Group, said his firm is holding a slightly larger-than-usual allocation to gold-related investments and expects to maintain that stance into 2026.
Kung sees the metal’s price increasing modestly by the end of the year. But he also expects short-term trading opportunities as gold is buffeted by broader market forces.
Pension and insurance funds showed increasing interest in gold through 2025, with some that had never held the asset before taking positions of around 5 per cent of their strategic asset allocation, said Massimiliano Castelli, head of global sovereign markets strategy at UBS Asset Management. They were drawn by strong returns and gold’s potential to hedge against downside elsewhere in their portfolio, he added.
“Of course, we don’t see the same upside potential of last year, when gold was basically the best asset class of all,” said Castelli. “But we are still bullish on gold.”
History offers a note of caution. Outsized rallies have often been trailed by long stretches of lacklustre performance. Bullion hit a record $1,921 an ounce in 2011, driven by fallout from the global financial crisis, but it took another nine years to return to that level. A prolonged bear market also followed gold’s record 127 per cent surge in 1979.
Even so, gold remains lightly owned by US investors. Despite the record rally, gold exchange-traded funds account for just 0.17 per cent of private US financial portfolios, according to a December Goldman Sachs Group Inc. analysis — six basis points below the 2012 peak. The bank estimates that each bout of buying that increases gold’s share of US portfolios by 0.01 per cent would lift prices by about 1.4 per cent.
Continued central bank buying is expected to remain the most significant driver of further price gains, with Goldman Sachs expecting purchases of about 80 tonnes a month in 2026. The pace of buying jumped in 2022, after the immobilisation of Russia’s foreign-exchange reserves underlined the appeal of bullion, which cannot be frozen.
Gold is one of the few assets that allows investors to build “liquid wealth outside of the US sphere of influence,” said Thomas Roderick, a portfolio manager at hedge fund Trium Capital LLP, who has pared his gold position slightly since October but still has “decent risk in the trade.”
For Roderick, China’s accumulation of gold in particular sits at the core of his bullish thesis, as the country looks to deploy proceeds from vast trade surpluses into assets insulated from US interference.
China won’t say “gold is too expensive, let’s accumulate more Treasuries,” Roderick said. “That just doesn’t work for them from a geopolitical perspective.”
Central banks rarely sell their positions, meaning demand from the institutions is seen as a stable source of support for prices. But while the monetary institutions may have lit the fuse for gold’s rally, rapid inflows from institutional and retail investors helped supercharge it through the second half of last year.
The more gold held by speculative investors, the higher its correlation becomes to other risk assets, according to Shaniel Ramjee, co-head of Multi-Asset at Pictet Asset Management.
Still, Ramjee currently holds a weighty 8 per cent allocation to gold, paring back during October’s spike in speculative activity before adding back through December as more fast money was washed out.
“In this environment where we see the majority of the buying from big central banks, that keeps us more comfortable having a higher weight in the portfolio,” Ramjee said. “We think gold will be moving higher this year, but in a much more careful and steady pace.”
More stories like this are available on bloomberg.com
©2026 Bloomberg LP
Published on January 10, 2026
Silver prices rebounded sharply in the national capital on Friday, rising ₹6,500 to ₹Rs 2.50 lakh per kg after a steep fall in the previous session, while gold advanced ₹1,200 to ₹Rs 1,41,700 per 10 grams on renewed safe-haven demand. | Photo Credit: ANGELIKA WARMUTH/Reuters
Silver rebounded by Rs 6,500 to Rs 2,50,000 per kg in the national capital on Friday, while gold advanced to Rs 1,41,700 per 10 grams on renewed demand for the safe-haven asset amid global uncertainty, according to the All India Sarafa Association.
In the previous session, the white metal had tanked by Rs 12,500, or nearly 5 per cent, to Rs 2,43,500 per kilogram, due to profit booking by the traders. It had touched a record Rs 2,56,000 per kg on Wednesday.
Gold of 99.9 per cent purity jumped by Rs 1,200 to Rs 1,41,700 per 10 grams (inclusive of all taxes) compared to the previous close of Rs 1,40,500 per 10 grams.
“Gold advanced on Friday, buoyed by renewed haven demand and positive inflow from exchange-traded funds,” Saumil Gandhi, Senior Analyst – Commodities at HDFC Securities, said.
He noted that markets were weighing threats from US President Donald Trump against Iran, while traders also positioned themselves to hedge against key event risks and anticipated volatility ahead of US Supreme Court rulings on tariff decisions.
“These factors combined to strengthen hedging demand for gold, reinforcing its role as a preferred haven amid rising uncertainty,” Gandhi added.
However, an expert said that “if the court rules against the tariffs, concerns over an intensifying global trade war could ease, potentially limiting further upside in gold and silver prices in the near term.” On the global front, spot gold was marginally trading higher at USD 4,479.38 per ounce while silver went up by USD 1.37, or 1.79 per cent, to USD 78.38 per ounce.
The white metal had plunged by USD 4.32, or 5.53 per cent, to hit an intraday low of USD 73.83 per ounce before settling at USD 76.92 per ounce in the international trade.
Kaynat Chainwala, AVP Commodity Research, Kotak Securities, said the safe-haven demand for gold and silver was supported by reports that US President Trump is considering imposing steep tariffs, potentially as high as 500 per cent, on countries that continue to buy Russian oil.
Meanwhile, US Senator Lindsey Graham said such sanctions would give Trump leverage over major buyers such as China, India, and Brazil, pressuring them to halt purchases of discounted Russian crude that helps finance the war in Ukraine.
Given the potential impact on key Russian energy customers, the move could escalate US-China trade tensions, thereby supporting the safe-haven appeal for bullion prices, Chainwala said.
Praveen Singh, Head of Commodities, Mirae Asset ShareKhan, said gold prices have held firm so far despite index rebalancing-led selling and encouraging US ISM services data.
Published on January 9, 2026
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.
Although initial reports focused on Cyberhaven’s security-focused extension, subsequent investigations revealed that the same code had been injected into at least 35 extensions collectively used by roughly 2,600,000 people.
From reports on LinkedIn and Google Groups from targeted developers, the latest campaign started around December 5th, 2024. However, earlier command and control subdomains found by BleepingComputer existed as far back as March 2024.
“I just wanted to alert people to a more sophisticated phishing email than usual that we got that stated a Chrome Extension policy violation of the form: ‘Unnecessary details in the description’,” reads the post to Google Group’s Chromium Extension’s group.
“The link in this email looks like the webstore but goes to a phishing website that will try to take control of your chrome extension and likely update it with malware.”
The attack begins with a phishing email sent to Chrome extension developers directly or through a support email associated with their domain name.
From emails seen by BleepingComputer, the following domains were used in this campaign to send the phishing emails:
supportchromestore.com
forextensions.com
chromeforextension.com
The phishing email, which is made to appear as if it comes from Google, claims that the extension is in violation of Chrome Web Store policies and is at risk of being removed.
“We do not allow extensions with misleading, poorly formatted, non-descriptive, irrelevant, excessive, or inappropriate metadata, including but not limited to the extension description, developer name, title, icon, screenshots, and promotional images,” reads the phishing email.
Specifically, the extension’s developer is led to believe their software’s description contains misleading information and must agree to the Chrome Web Store policies.
If the developer clicks on the embedded ‘Go To Policy’ button in an effort to understand what rules they have violated, they are taken to a legitimate login page on Google’s domain for a malicious OAuth application.
The page is part of Google’s standard authorization flow, designed for securely granting permissions to third-party apps to access specific Google account resources.
On that platform, the attacker hosted a malicious OAuth application named “Privacy Policy Extension” that asked the victim to grant permission to manage Chrome Web Store extensions through their account.
“When you allow this access, Privacy Policy Extension will be able to: See, edit, update, or publish your Chrome Web Store extensions, themes, apps, and licenses you have access to,” reads the OAuth authorization page.
Multi-factor authentication didn’t help protect the account as direct approvals in OAuth authorization flows aren’t required, and the process assumes the user fully understands the scope of permissions they’re granting.
“The employee followed the standard flow and inadvertently authorized this malicious third-party application,” explains Cyberhaven in a post-mortem writeup.
“The employee had Google Advanced Protection enabled and had MFA covering his account. The employee did not receive an MFA prompt. The employee’s Google credentials were not compromised.”
Once the threat actors gained access to the extension developer’s account, they modified the extension to include two malicious files, namely ‘worker.js’ and ‘content.js,’ which contained code to steal data from Facebook accounts.
The hijacked extension was then published as a “new” version on the Chrome Web Store.
While Extension Total is tracking thirty-five extensions impacted by this phishing campaign, IOCs from the attack indicate that a far greater number were targeted.
According to VirusTotal, the threat actors pre-registered domains for targeted extensions, even if they did not fall for the attack.
While most domains were created in November and December, BleepingComputer found that the threat actors were testing this attack in March 2024.
Analysis of compromised machines showed that the attackers were after the Facebook accounts of users of the poisoned extensions.
Specifically, the data-stealing code attempted to grab the user’s Facebook ID, access token, account info, ad account information, and business accounts.
Additionally, the malicious code added a mouse click event listener specifically for the victim’s interactions on Facebook.com, looking for QR code images related to the platform’s two-factor authentication or CAPTCHA mechanisms.
This aimed to bypass 2FA protections on the Facebook account and allow the threat actors to hijack it.
The stolen information would be packaged together with Facebook cookies, the user agent string, Facebook ID, and the mouse click events and exfiltrated to the attacker’s command and control (C2) server.
Threat actors have been targeting Facebook business accounts via various attack pathways to make direct payments from the victim’s credit to their account, run disinformation or phishing campaigns on the social media platform, or monetize their access by selling it to others.
The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens’ personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela.
“This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our adversaries exploiting Americans’ most sensitive personal data,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division.
“This powerful new national-security program is designed to ensure that Americans’ personal data is no longer permitted to be sold to hostile foreign powers, whether through outright purchase or other means of commercial access.”
Back in February 2024, U.S. President Joe Biden signed an executive order to address the national risk posed by unauthorized access to Americans’ sensitive personal and government-related data for malicious activities, such as espionage, influence, kinetic, or cyber operations.
Furthermore, the order noted that the countries of concern can leverage their access to bulk data to develop or refine artificial intelligence and other advanced technologies, as well as purchase such information from commercial data brokers and other companies.
“Countries of concern and covered persons can also exploit this data to collect information on activists, academics, journalists, dissidents, political opponents, or members of nongovernmental organizations or marginalized communities to intimidate them; curb political opposition; limit freedoms of expression, peaceful assembly, or association; or enable other forms of suppression of civil liberties,” the DoJ said.
The rule issued by the DoJ is expected to become effective in 90 days. It identifies certain classes of prohibited, restricted, and exempt transactions; sets bulk thresholds for triggering the rule’s prohibitions and restrictions on covered data transactions involving bulk sensitive personal data; and establishes enforcement mechanisms such as civil and criminal penalties.
This covers data spanning six categories: personal identifiers (e.g., Social Security numbers, driver’s license etc.), precise geolocation data, biometric identifiers, human ‘omic (genomic, epigenomic, proteomic, and transcriptomic) data, personal health data, and personal financial data.
However, it bears noting that the rule neither imposes data localization requirements, nor does it prohibit U.S. citizens from conducting medical, scientific, or other research in countries of concern.
“The final rule also does not broadly prohibit U.S. persons from engaging in commercial transactions, including exchanging financial and other data as part of the sale of commercial goods and services with countries of concern or covered persons, or impose measures aimed at a broader decoupling of the substantial consumer, economic, scientific, and trade relationships that the United States has with other countries,” the DoJ said.
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea.
One of several selfies on the Facebook page of Cameron Wagenius.
Cameron John Wagenius was arrested near the Army base in Fort Hood, Texas on Dec. 20, after being indicted on two criminal counts of unlawful transfer of confidential phone records.
The sparse, two-page indictment (PDF) doesn’t reference specific victims or hacking activity, nor does it include any personal details about the accused. But a conversation with Wagenius’ mother — Minnesota native Alicia Roen — filled in the gaps.
Roen said that prior to her son’s arrest he’d acknowledged being associated with Connor Riley Moucka, a.k.a. “Judische,” a prolific cybercriminal from Canada who was arrested in late October for stealing data from and extorting dozens of companies that stored data at the cloud service Snowflake.
In an interview with KrebsOnSecurity, Judische said he had no interest in selling the data he’d stolen from Snowflake customers and telecom providers, and that he preferred to outsource that to Kiberphant0m and others. Meanwhile, Kiberphant0m claimed in posts on Telegram that he was responsible for hacking into at least 15 telecommunications firms, including AT&T and Verizon.
On November 26, KrebsOnSecurity published a story that followed a trail of clues left behind by Kiberphantom indicating he was a U.S. Army soldier stationed in South Korea.
An 18-year-old Cameron Wagenius, joining the U.S. Army.
Ms. Roen said Cameron worked on radio signals and network communications at an Army base in South Korea for the past two years, returning to the United States periodically. She said Cameron was always good with computers, but that she had no idea he might have been involved in criminal hacking.
“I never was aware he was into hacking,” Roen said. “It was definitely a shock to me when we found this stuff out.”
Ms. Roen said Cameron joined the Army as soon as he was of age, following in his older brother’s footsteps.
“He and his brother when they were like 6 and 7 years old would ask for MREs from other countries,” she recalled, referring to military-issued “meals ready to eat” food rations. “They both always wanted to be in the Army. I’m not sure where things went wrong.”
Immediately after news broke of Moucka’s arrest, Kiberphant0m posted on the hacker community BreachForums what they claimed were the AT&T call logs for President-elect Donald J. Trump and for Vice President Kamala Harris.
“In the event you do not reach out to us @ATNT all presidential government call logs will be leaked,” Kiberphant0m threatened, signing their post with multiple “#FREEWAIFU” tags. “You don’t think we don’t have plans in the event of an arrest? Think again.”
Kiberphant0m posting what he claimed was a “data schema” stolen from the NSA via AT&T.
On that same day, Kiberphant0m posted what they claimed was the “data schema” from the U.S. National Security Agency.
On Nov. 5, Kiberphant0m offered call logs stolen from Verizon’s push-to-talk (PTT) customers — mainly U.S. government agencies and emergency first responders. On Nov. 9, Kiberphant0m posted a sales thread on BreachForums offering a “SIM-swapping” service targeting Verizon PTT customers. In a SIM-swap, fraudsters use credentials that are phished or stolen from mobile phone company employees to divert a target’s phone calls and text messages to a device they control.
The profile photo on Wagenius’ Facebook page was deleted within hours of my Nov. 26 story identifying Kiberphant0m as a likely U.S. Army soldier. Still, many of his original profile photos remain, including several that show Wagenius in uniform while holding various Army-issued weapons.
Several profile photos visible on the Facebook page of Cameron Wagenius.
November’s story on Kiberphant0m cited his own Telegram messages saying he maintained a large botnet that was used for distributed denial-of-service (DDoS) attacks to knock websites, users and networks offline. In 2023, Kiberphant0m sold remote access credentials for a major U.S. defense contractor.
Allison Nixon, chief research officer at the New York-based cybersecurity firm Unit 221B, helped track down Kiberphant0m’s real life identity. Nixon was among several security researchers who faced harassment and specific threats of violence from Judische and his associates.
“Anonymously extorting the President and VP as a member of the military is a bad idea, but it’s an even worse idea to harass people who specialize in de-anonymizing cybercriminals,” Nixon told KrebsOnSecurity. She said the investigation into Kiberphant0m shows that law enforcement is getting better and faster at going after cybercriminals — especially those who are actually living in the United States.
“Between when we, and an anonymous colleague, found his opsec mistake on November 10th to his last Telegram activity on December 6, law enforcement set the speed record for the fastest turnaround time for an American federal cyber case that I have witnessed in my career,” she said.
Nixon asked to share a message for all the other Kiberphant0ms out there who think they can’t be found and arrested.
“I know that young people involved in cybercrime will read these articles,” Nixon said. “You need to stop doing stupid shit and get a lawyer. Law enforcement wants to put all of you in prison for a long time.”
The indictment against Wagenius was filed in Texas, but the case has been transferred to the U.S. District Court for the Western District of Washington in Seattle.