Cybersecurity Today

Host: David Shipley (filling in for Jim Love)
Episode: FBI Warns of QR Code Phishing & Europol's Major Cybercrime Crackdown
Date: January 12, 2026

Episode Overview

This episode dives into three major cybersecurity stories:

FBI's Warning on QR Code Phishing: A new, sophisticated phishing campaign leveraging QR codes, attributed to a North Korean state-sponsored group.
Europol’s Major Crackdown on Black Axe: The arrest of major cybercriminals as part of a lengthy and multinational investigation into the Black Axe syndicate.
CISA’s Pre-Ransomware Alert Program in Jeopardy: Uncertainty over the future of a key US ransomware warning initiative after the sudden departure of its lead developer.

Key Discussion Points & Insights

1. FBI Warns of North Korean QR Code Phishing Campaign

[00:20 - 04:30]

Threat Landscape:
The FBI is alerting organizations to a wave of state-backed spear phishing campaigns exploiting QR codes, with a primary focus on US policy-related targets—think tanks, academic institutions, NGOs, advisory firms, and government bodies.
Attack Technique:
- Malicious QR codes are sent via email, disguised as links to questionnaires, secure file shares, or login portals.
- They redirect mobile devices to attacker-controlled sites, which fake Microsoft 365, Google, Okta, or VPN logins.
- Goal: Credential and session token theft—especially dangerous because tokens can bypass MFA undetected.
Social Engineering:
Attackers pose as foreign investors, embassy officials, conference organizers to appear credible.
- Example: Fake conference invitations sent to a US advisory firm, with an embedded QR code leading to credential theft ([02:30]).
Why QR Codes?
- Scanning moves the attack from traditional, more protected desktops to mobile devices, sidestepping email gateway protections and endpoint security.
- Shipley remarks, “The FBI describes this as a Multi Factor Authentication Resilient identity intrusion vector. Say that three times fast.” ([03:50])
Mitigation Steps:
- Train staff to recognize phishing and remain cautious with QR codes.
- Never scan unexpected QR codes, especially from unknown contacts.
- Deploy robust mobile device management (MDM) solutions.
- Continue to enforce MFA, but realize its limits.
- Report incidents to the FBI Cyber Squad or ic3.gov.
Memorable Quote:
- "It doesn't matter that the codes themselves aren't the delivery mechanism for malware. It matters that they can lead people into a trap, particularly on devices that may not have many other security controls." – David Shipley ([04:10])

2. Europol’s Crackdown on Black Axe Cybercrime Group

[04:45 - 07:15]

Law Enforcement Win:
Europol and Spanish authorities arrested 34 people linked to “Black Axe”—a massive West African transnational cybercriminal syndicate.
Operation Details:
- 28 arrested in Seville; additional arrests in Madrid, Malaga, and Barcelona.
- Seizures: €66,000 in cash, nearly €120,000 frozen, evidence of over €5.93 million in fraud (approx. $6.9 million USD).
About Black Axe:
- Founded in Nigeria (1977), now global with an estimated 30,000 members.
- Crimes: Cyber fraud, human trafficking, drug smuggling, violence.
- Typical scams: Business email compromise, romance, inheritance, advance payment fraud; laundered funds via banks and crypto.
Repeated Focus:
- 2022: Operation Jackal led to 75 arrests.
- 2024: Over 400 arrests, $5 million in assets seized.
- This latest effort highlights the persistence and complexity of transnational cybercrime.
Advice for Listeners:
- Authorities urge people and organizations to stay vigilant and report suspicious cyber fraud.
Memorable Quote:
- "Black Axe is one of the most prominent West African transnational organized crime syndicates... The organization has been linked to a wide range of criminal activities including cyber enabled fraud, human trafficking, drug smuggling, and violent crimes." – David Shipley ([05:40])

3. Uncertainty Over CISA’s Pre-Ransomware Notification Program

[07:20 - 09:30]

Program Origins:
- CISA’s Pre Ransomware Notification Initiative (PRNI) launched in 2022, credited with preventing at least $9 billion in damage.
- Operates by analyzing threat intelligence to warn critical organizations (water systems, healthcare, schools, energy) before ransomware hits.
Leadership Crisis:
- David Stern, lead developer and only dedicated CISA staffer, resigned after reassignment.
- The initiative’s continued success is in doubt due to Stern’s unique relationships with private sector threat intel sources.
Industry Reaction:
- Officially, CISA says they’re training new staff, but skepticism remains about replacing Stern’s deep trust network.
- Example: “Some industry insiders remain skeptical. They note that Stern's departure has strained relationships between CISA and its private sector partners, which are a key source of the intelligence that fuels the program.” ([08:50])
Wider Context:
- US also withdrew from several international cyber-cooperation forums last week (e.g., Global Forum on Cyber Expertise, Online Freedom Coalition).
- These organizations play key roles in global cyber defense and policy coordination.
Implication:
- Rising concern over gaps in early warning and international coordination amidst ongoing global ransomware threats.
- “This development underscores the importance of stable leadership and strong partnerships in the fight against ransomware, an ongoing and costly threat to organizations worldwide.” ([09:10])

Notable Quotes & Timestamps

“The FBI describes this as a Multi Factor Authentication Resilient identity intrusion vector. Say that three times fast.” – David Shipley ([03:50])
“It doesn't matter that the codes themselves aren't the delivery mechanism for malware. It matters that they can lead people into a trap, particularly on devices that may not have many other security controls.” – David Shipley ([04:10])
"Black Axe is one of the most prominent West African transnational organized crime syndicates... The organization has been linked to a wide range of criminal activities including cyber enabled fraud, human trafficking, drug smuggling, and violent crimes." – David Shipley ([05:40])
“Some industry insiders remain skeptical. They note that Stern's departure has strained relationships between CISA and its private sector partners, which are a key source of the intelligence that fuels the program.” – David Shipley ([08:50])

Timestamps for Important Segments

[00:20] – FBI QR Code Phishing Warning Breakdown
[02:10] – Example of North Korean QR Code Attack (fake conference invites)
[03:50] – Explanation of MFA-Resilient Intrusion
[04:45] – Europol’s Black Axe Takedown Begins
[05:40] – Black Axe Background and Activities
[07:20] – CISA Pre Ransomware Notification Program at Risk
[08:50] – Community Skepticism about Program’s Future
[09:30] – US Withdraws from International Cyber Orgs

Tone and Style

David Shipley delivers the episode with urgency and clarity, offering actionable advice while highlighting the persistence and sophistication of cyber threats. His commentary occasionally includes dry humor and frank opinions, particularly about misguided cybersecurity advice and government actions.

Summary for Non-Listeners

This episode gives a concise yet revealing look at the latest cyber threats and enforcement actions. Listeners come away with a clear understanding of how QR code phishing is evolving, the global scale and complexity of syndicates like Black Axe, and how changes in leadership and policy might impact the cybersecurity landscape, especially concerning ransomware defense in the United States. The episode is packed with practical tips, grounded analysis, and a reminder of the ongoing need for vigilance, education, and collaboration in defending against cybercrime.

Cybersecurity Today

Host: David Shipley (filling in for Jim Love)
Episode: FBI Warns of QR Code Phishing & Europol's Major Cybercrime Crackdown
Date: January 12, 2026

Episode Overview

This episode dives into three major cybersecurity stories:

FBI's Warning on QR Code Phishing: A new, sophisticated phishing campaign leveraging QR codes, attributed to a North Korean state-sponsored group.
Europol’s Major Crackdown on Black Axe: The arrest of major cybercriminals as part of a lengthy and multinational investigation into the Black Axe syndicate.
CISA’s Pre-Ransomware Alert Program in Jeopardy: Uncertainty over the future of a key US ransomware warning initiative after the sudden departure of its lead developer.

Key Discussion Points & Insights

1. FBI Warns of North Korean QR Code Phishing Campaign

[00:20 - 04:30]

Threat Landscape:
The FBI is alerting organizations to a wave of state-backed spear phishing campaigns exploiting QR codes, with a primary focus on US policy-related targets—think tanks, academic institutions, NGOs, advisory firms, and government bodies.
Attack Technique:
- Malicious QR codes are sent via email, disguised as links to questionnaires, secure file shares, or login portals.
- They redirect mobile devices to attacker-controlled sites, which fake Microsoft 365, Google, Okta, or VPN logins.
- Goal: Credential and session token theft—especially dangerous because tokens can bypass MFA undetected.
Social Engineering:
Attackers pose as foreign investors, embassy officials, conference organizers to appear credible.
- Example: Fake conference invitations sent to a US advisory firm, with an embedded QR code leading to credential theft ([02:30]).
Why QR Codes?
- Scanning moves the attack from traditional, more protected desktops to mobile devices, sidestepping email gateway protections and endpoint security.
- Shipley remarks, “The FBI describes this as a Multi Factor Authentication Resilient identity intrusion vector. Say that three times fast.” ([03:50])
Mitigation Steps:
- Train staff to recognize phishing and remain cautious with QR codes.
- Never scan unexpected QR codes, especially from unknown contacts.
- Deploy robust mobile device management (MDM) solutions.
- Continue to enforce MFA, but realize its limits.
- Report incidents to the FBI Cyber Squad or ic3.gov.
Memorable Quote:
- "It doesn't matter that the codes themselves aren't the delivery mechanism for malware. It matters that they can lead people into a trap, particularly on devices that may not have many other security controls." – David Shipley ([04:10])

2. Europol’s Crackdown on Black Axe Cybercrime Group

[04:45 - 07:15]

Law Enforcement Win:
Europol and Spanish authorities arrested 34 people linked to “Black Axe”—a massive West African transnational cybercriminal syndicate.
Operation Details:
- 28 arrested in Seville; additional arrests in Madrid, Malaga, and Barcelona.
- Seizures: €66,000 in cash, nearly €120,000 frozen, evidence of over €5.93 million in fraud (approx. $6.9 million USD).
About Black Axe:
- Founded in Nigeria (1977), now global with an estimated 30,000 members.
- Crimes: Cyber fraud, human trafficking, drug smuggling, violence.
- Typical scams: Business email compromise, romance, inheritance, advance payment fraud; laundered funds via banks and crypto.
Repeated Focus:
- 2022: Operation Jackal led to 75 arrests.
- 2024: Over 400 arrests, $5 million in assets seized.
- This latest effort highlights the persistence and complexity of transnational cybercrime.
Advice for Listeners:
- Authorities urge people and organizations to stay vigilant and report suspicious cyber fraud.
Memorable Quote:
- "Black Axe is one of the most prominent West African transnational organized crime syndicates... The organization has been linked to a wide range of criminal activities including cyber enabled fraud, human trafficking, drug smuggling, and violent crimes." – David Shipley ([05:40])

3. Uncertainty Over CISA’s Pre-Ransomware Notification Program

[07:20 - 09:30]

Program Origins:
- CISA’s Pre Ransomware Notification Initiative (PRNI) launched in 2022, credited with preventing at least $9 billion in damage.
- Operates by analyzing threat intelligence to warn critical organizations (water systems, healthcare, schools, energy) before ransomware hits.
Leadership Crisis:
- David Stern, lead developer and only dedicated CISA staffer, resigned after reassignment.
- The initiative’s continued success is in doubt due to Stern’s unique relationships with private sector threat intel sources.
Industry Reaction:
- Officially, CISA says they’re training new staff, but skepticism remains about replacing Stern’s deep trust network.
- Example: “Some industry insiders remain skeptical. They note that Stern's departure has strained relationships between CISA and its private sector partners, which are a key source of the intelligence that fuels the program.” ([08:50])
Wider Context:
- US also withdrew from several international cyber-cooperation forums last week (e.g., Global Forum on Cyber Expertise, Online Freedom Coalition).
- These organizations play key roles in global cyber defense and policy coordination.
Implication:
- Rising concern over gaps in early warning and international coordination amidst ongoing global ransomware threats.
- “This development underscores the importance of stable leadership and strong partnerships in the fight against ransomware, an ongoing and costly threat to organizations worldwide.” ([09:10])

Notable Quotes & Timestamps

“The FBI describes this as a Multi Factor Authentication Resilient identity intrusion vector. Say that three times fast.” – David Shipley ([03:50])
“It doesn't matter that the codes themselves aren't the delivery mechanism for malware. It matters that they can lead people into a trap, particularly on devices that may not have many other security controls.” – David Shipley ([04:10])
"Black Axe is one of the most prominent West African transnational organized crime syndicates... The organization has been linked to a wide range of criminal activities including cyber enabled fraud, human trafficking, drug smuggling, and violent crimes." – David Shipley ([05:40])
“Some industry insiders remain skeptical. They note that Stern's departure has strained relationships between CISA and its private sector partners, which are a key source of the intelligence that fuels the program.” – David Shipley ([08:50])

Timestamps for Important Segments

[00:20] – FBI QR Code Phishing Warning Breakdown
[02:10] – Example of North Korean QR Code Attack (fake conference invites)
[03:50] – Explanation of MFA-Resilient Intrusion
[04:45] – Europol’s Black Axe Takedown Begins
[05:40] – Black Axe Background and Activities
[07:20] – CISA Pre Ransomware Notification Program at Risk
[08:50] – Community Skepticism about Program’s Future
[09:30] – US Withdraws from International Cyber Orgs

wavePod

FBI Warns of QR Code Phishing & Europol's Major Cybercrime Crackdown CST Monday Jan 12 2026

Powered by Wave AI

Summary

Cybersecurity Today

Episode Overview

Key Discussion Points & Insights

1. FBI Warns of North Korean QR Code Phishing Campaign

2. Europol’s Crackdown on Black Axe Cybercrime Group

3. Uncertainty Over CISA’s Pre-Ransomware Notification Program

Notable Quotes & Timestamps

Timestamps for Important Segments

Tone and Style

Summary for Non-Listeners

Summary

Cybersecurity Today

Episode Overview

Key Discussion Points & Insights

1. FBI Warns of North Korean QR Code Phishing Campaign

2. Europol’s Crackdown on Black Axe Cybercrime Group

3. Uncertainty Over CISA’s Pre-Ransomware Notification Program

Notable Quotes & Timestamps

Timestamps for Important Segments

Tone and Style

Summary for Non-Listeners