CyberWire Daily – Episode Summary: "China’s Shadow over U.S. Telecom Networks"

Release Date: January 6, 2025
Host: Dave Bittner, N2K Networks

1. Introduction

In this episode of CyberWire Daily, host Dave Bittner delves into a range of pressing cybersecurity issues, with a primary focus on China’s increasing influence and cyber activities targeting U.S. telecom networks. The episode also covers significant vulnerabilities, emerging cyber threats, policy developments, and notable industry news, providing listeners with comprehensive insights into the current cybersecurity landscape.

2. China's Shadow Over U.S. Telecom Networks

Overview: China’s sophisticated cyber operations are increasingly targeting critical U.S. telecom infrastructure. Recent reports highlight the activities of two prominent Chinese hacking groups, Volt Typhoon and Salt Typhoon, underscoring the national security implications of their actions.

Key Points:

• Volt Typhoon: Responsible for the 2022 cyberattack on Guam’s Power Authority (GPA), Volt Typhoon is linked to over 100 intrusions aimed at disrupting U.S. military operations in the Indo-Pacific region. This strategy potentially serves to disable U.S. responses in the event of a conflict over Taiwan.

  "The GPA incident is particularly alarming since it serves the US Navy. Highlighting the national security stakes, the US has made countering Volt Typhoon a priority," [03:03] Dave Bittner.

• Salt Typhoon: This group has infiltrated at least nine major U.S. telecom companies, including AT&T, Verizon, and T-Mobile, with recent victims being Charter Communications, Consolidated Communications, and Windstream. The 2021 Port Houston attack, where a disguised attacker accessed a password reset server, exemplifies their persistent threat.

  "These incidents illustrate China's sophisticated and targeted cyber campaigns with serious implications for US national security," [03:03] Dave Bittner.

• Chinese Denials: China officially denies involvement in these cyberattacks. Liu Pengyu, a Chinese embassy spokesperson, dismissed the allegations as baseless smear campaigns.

3. Vulnerability and Security Concerns

Tenable's Nessus Agent Vulnerability: Tenable identified a critical issue where Nessus agents went offline during plugin updates, affecting Tenable Vulnerability Management and Security Center. The problem led to halted updates until an patched version was released on January 2, 2025. Organizations are advised to update immediately or downgrade to ensure security integrity.

"The root cause remains undisclosed, with potential customer impacts unclear," [03:XX] Dave Bittner.

NUCLEI Vulnerability: A vulnerability in the open-source Vulnerability Scanner, NUCLEI, allows attackers to bypass template signature verification and inject malicious code by exploiting discrepancies in regex-based signature verification and YAML parser behavior.

"Users should update immediately and isolate NUCLEI to prevent risks," [03:XX] Dave Bittner.

4. Emerging Cyber Threats

Info Stealer Campaign Targeting Gamers on Discord: A new campaign deceives gamers by sending unsolicited messages from fake game developers seeking beta testers. Victims who download the provided installer unknowingly install malware like NovaStealer, AgiosStealer, or HexonStealer, leading to credential theft and financial losses.

"The ultimate goal of these scams is financial theft and account compromise," [03:XX] Dave Bittner.

Fake "Edit this Cookie" Browser Extension: Cybercriminals have created a fraudulent version of the popular "Edit this Cookie" extension, now downloaded over 50,000 times. This fake extension steals login credentials, conducts phishing attacks, and injects advertising scripts.

"This incident underscores ongoing challenges in Google's Chrome Web Store security," [03:XX] Dave Bittner.

ESET’s Warning to Windows 10 Users: With support for Windows 10 ending on October 14, 2025, ESET warns users to upgrade to Windows 11 or switch to Linux to avoid significant security risks from new vulnerabilities, as freeze on free updates makes the OS increasingly insecure.

"Without free updates, Windows 10 users will face significant security risks from newly discovered vulnerabilities," [03:XX] Dave Bittner.

5. Ransomware in Healthcare Sector

West End Dental’s Ransomware Settlement: An Indiana-based dental practice, West End Dental, agreed to pay a $350,000 settlement following allegations of a ransomware cover-up from a 2020 attack. The practice failed to conduct a forensic investigation or notify affected individuals, violating HIPAA and state breach laws.

"The case highlights the growing enforcement of data privacy regulations in health care," [03:XX] Dave Bittner.

6. United Nations Cybercrime Treaty Discussion with Tim Starks

Interview with Tim Starks: Senior reporter Tim Starks from CyberScoop provides an in-depth analysis of the newly adopted United Nations Cybercrime Treaty, highlighting its origins, controversies, and potential implications for global cybersecurity.

Key Insights:

• Origins and Controversies: Initiated by Russia and supported by other authoritarian regimes, the treaty has raised concerns about potential abuses related to human rights and press freedoms.

  "The potential for harm with something like that is very deep," [15:26] Tim Starks.

• Ratification Challenges: With a requirement of 40 nations to ratify for enforcement, uncertainty remains, especially regarding the United States’ participation amid political resistance.

  "It's going to be difficult for it to happen in the United States," [17:46] Tim Starks.

• Implementation and Enforcement: Even after ratification, the treaty’s effectiveness will depend on how countries implement and enforce its provisions, which may vary significantly across different political landscapes.

Outlook for 2025: Starks anticipates a tumultuous year in cybersecurity policy, influenced by the new U.S. administration’s approaches and the unpredictable nature of cyber threats.

"Policymaking wise, it's going to be really fascinating to watch what happens on the threat side," [21:01] Tim Starks.

7. Outlook for 2025

Predictions and Areas of Focus:

• Policy Developments: A new, potentially erratic U.S. administration's impact on cybersecurity regulations and international alliances.
• Emerging Threats: Unpredictable cyberattack vectors and evolving spyware threats despite ongoing regulatory efforts.
• Telecommunications Security: Continued vulnerability in telecom networks, emphasizing the need for robust defenses against state-sponsored attacks.

"You just never know what day somebody's going to use some kind of strange vector to attack somebody you didn't expect to get attacked," [21:01] Tim Starks.

8. Tribute to Amit Yoran and Tenable Update

Passing of Amit Yoran: Cybersecurity leader Amit Yoran, Chairman and CEO of Tenable, passed away at 54 after battling cancer. His contributions to the industry, including founding RSA Security NetWitness and serving as National Cybersecurity Director at DHS, left a lasting impact.

Company Transition: Following Yoran’s passing, Tenable appointed CFO Steve Vince and COO Mark Thurmond as interim co-CEOs, with Art Coviello set to chair the board, ensuring continued stability and adherence to Yoran’s legacy.

"The cybersecurity community mourns the loss of a true visionary and leader," [23:XX] Dave Bittner.

Conclusion

This episode of CyberWire Daily provides a comprehensive overview of critical cybersecurity issues, highlighting China's sophisticated cyber operations targeting U.S. telecom infrastructure, emerging vulnerabilities, and evolving cyber threats. The discussion with Tim Starks sheds light on the controversial UN Cybercrime Treaty and its potential implications. Additionally, the industry mourns the loss of a key leader, Amit Yoran, whose contributions have significantly shaped the cybersecurity landscape.

By addressing these multifaceted topics, CyberWire Daily ensures that listeners are well-informed about the dynamic and often unpredictable nature of cybersecurity in 2025.

Notable Quotes:

• "These incidents illustrate China's sophisticated and targeted cyber campaigns with serious implications for US national security," – Dave Bittner [03:03]

• "The potential for harm with something like that is very deep," – Tim Starks [15:26]

• "You just never know what day somebody's going to use some kind of strange vector to attack somebody you didn't expect to get attacked," – Tim Starks [21:01]

Resources and Further Reading:

For detailed insights and access to all stories discussed in this episode, visit the CyberWire daily briefing at thecyberwire.com.

Produced by Liz Stokes, mixed by Trey Hester, with music and sound design by Elliot Peltzman. Executive Producer: Jennifer Iban. Executive Editor: Brandon Karp. President: Simone Petrella. Publisher: Peter Kilpe.