Dialysis down, data out. - CyberWire Daily

Summary9 min read

CyberWire Daily: "Dialysis Down, Data Out"
Release Date: August 14, 2025
Host: Dave Bittner, N2K Networks

1. Ransomware Attack on DaVita Exposes VA Patients' Medical Records

A significant ransomware attack targeted DaVita, a leading dialysis provider collaborating with the Department of Veterans Affairs (VA). Approximately 1 million VA patients' personal medical records were compromised, including sensitive information such as Social Security numbers, lab results, and insurance details. Additionally, names, check images, and tax IDs may have been exposed.

Impact on Services: The breach specifically affected VA patients receiving dialysis and lab services through the Veteran Community Care program.
Financial and Investigative Response: The VA had previously paid DaVita $206 million in early 2025 for their services. Notably, DaVita’s internal systems remained unaffected by the breach. Forensic teams and the FBI are currently investigating the incident.
Mitigation Measures: DaVita has restored the affected systems and is offering 12 months of free credit monitoring to the victims. Given that kidney disease prevalence is higher among veterans, with the VA caring for about 600,000 affected individuals nationwide, the breach has far-reaching implications.

Quote:
"Davita has restored affected systems and will offer 12 months of free credit monitoring to victims."
— Dave Bittner [04:15]

2. Joint Guidance from CISA and NSA on Operational Technology (OT) Asset Inventory and Taxonomy

Agencies including the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and international partners have released new guidance titled "Foundations for OT Asset Inventory Guidance for Owners and Operators." This document underscores the importance of maintaining a comprehensive asset inventory and establishing an OT taxonomy to build a modern, defensible architecture for operational technology.

Key Recommendations:
- Define Governance: Establish clear governance structures, scopes, and roles.
- Identify OT Assets: Catalog assets by collecting key attributes such as IP addresses, manufacturer details, and criticality.
- Create a Taxonomy: Classify assets based on function or criticality, organizing them into zones and conduits.
- Centralize Inventory Data: Manage asset data centrally and implement lifecycle management beyond initial inventory.
Benefits: The guidance aims to enhance information clarity, security posture, and operational resilience for critical OT environments. While the guidance is voluntary and not prescriptive, it provides structured methodologies to improve cybersecurity through vulnerability tracking, performance monitoring, training, and continuous improvement.

Quote:
"This guide aids asset owners in enhancing information clarity, security posture, and operational resilience for critical OT environments."
— Dave Bittner [06:30]

3. UK Government's Data Breach Cover-Up Costs Millions

In a notable incident, the British government reportedly spent £3.2 million to conceal a data breach discovered in August 2023. The breach exposed personal details of 18,700 Afghans who had worked with UK forces, putting them at risk of Taliban reprisals.

Cover-Up Tactics: The government sought a rare contramundum super-injunction to prevent disclosure of the breach details, even to the affected individuals. This legal action remained in place for 18 months until a review by the Labor party in 2024 led to its lifting.
Public and Legal Reaction: The injunction and subsequent cover-up have sparked intense debate over press freedom in Britain. Legal experts highlight the stark contrast with U.S. First Amendment protections, where such gag orders would be untenable. Critics argue that the injunction was primarily a strategy to avoid political embarrassment rather than a necessary security measure.
Consequences: The breach necessitated a £400 million secret relocation program for 4,500 Afghans, marking the case as unprecedented in scope within the UK.

Quote:
"Critics argue the order increasingly served to avoid political embarrassment."
— Dave Bittner [09:45]

4. Critical Flaws Identified in Xerox Free Flow Core Print Orchestration Platform

Researchers at Horizon3AI have uncovered two critical vulnerabilities in the Xerox Free Flow Core platform, widely utilized by commercial print shops, universities, and government agencies.

Vulnerabilities:
- XXE Injection: Allows unauthenticated remote attackers to execute arbitrary code by exploiting improperly handled XML entities.
- Path Traversal Flaw: Enables attackers to upload files to arbitrary locations, facilitating web shell deployment and remote execution.
Implications: These vulnerabilities potentially allow for server-side request forgery and complete system takeover.
Response: Xerox has released patches in the latest version of Free Flow Core. Horizon3AI urges immediate upgrades, noting that approximately 2,000 instances are exposed online, primarily in the U.S., Australia, and Germany. The vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities Catalog, with a directive for U.S. federal agencies to patch by August 20.

Quote:
"Both vulnerabilities are patched in the latest version and immediate upgrading is advised."
— Dave Bittner [12:10]

5. Personalized Phishing Attacks on the Rise

Cofense Intelligence reports a significant uptick in phishing attacks that leverage personalization to enhance their effectiveness. Between the third quarter of 2023 and the third quarter of 2024, the most prevalent themes used in customized phishing emails included travel assistance, finance, taxes, and notifications.

Tactics:
- Customized Subjects and Attachments: Attackers tailor email subjects, attachments, and links to resonate with the target’s interests or current events.
- Malware Delivery: Commonly delivered malware includes Vidar Stealer, Picabot, JRAT, and Remcosrat, often disguised within files containing Personally Identifiable Information (PII).
Impact: This personalization increases email engagement rates, facilitating credential theft or providing attackers with brokered access for ransomware operations.

Quote:
"This sort of personalization increases engagement and aiding attackers in stealing credentials or enabling brokered access for ransomware operations."
— Dave Bittner [14:30]

6. Risks Posed by Modern Routing and Jailbreaking Frameworks

Zimperium's Z Labs has highlighted the serious enterprise risks associated with modern routing and jailbreaking frameworks, which are frequently developed without adequate security oversight.

Vulnerabilities:
- Kernel Patching: Tools like KernelSu 5.7 exploit weak authentication between user apps and kernel interfaces, allowing attackers to spoof manager apps and gain root access.
- Common Weaknesses: Other frameworks exhibit similar issues, such as weak password protections and impersonation bugs, making them prone to exploitation.
Recommendations: Z Labs emphasizes the necessity of continuous monitoring to mitigate risks stemming from improper authentication, insecure communication, and poor privileged isolation within routing tools.

Quote:
"Improper authentication, insecure communication, and poor privileged isolation in routing tools create persistent real-world exploitation opportunities."
— Dave Bittner [16:45]

7. Fortinet Alerts on Critical Command Injection Vulnerability

Fortinet has issued a warning regarding a critical, remote unauthenticated command injection flaw in FortiSIM, a security monitoring platform used by governments, enterprises, and Managed Security Service Providers (MSSPs).

Vulnerability Details: The flaw allows attackers to execute unauthorized commands via crafted CLI requests without requiring authentication. There are no distinctive Indicators of Compromise (IOCs) for detection.
Affected Versions: Multiple versions of FortiSIM are impacted. Only supported releases will receive patches, and Fortinet advises administrators to upgrade immediately or restrict access to the PH monitor on port 7900. Older, unsupported versions remain vulnerable indefinitely.
Active Exploitation: Exploit code targeting this vulnerability is already active in the wild, posing a significant security threat.

Quote:
"Only supported releases will receive patches. Admins should upgrade immediately to fixed versions or restrict access to PH monitor on port 7900."
— Dave Bittner [18:20]

8. Estonians Sentenced in a $500 Million Cryptocurrency Ponzi Scheme

Sergey Potapenko and Ivan Torogin, Estonian nationals, were sentenced in Washington State for orchestrating a $500 million cryptocurrency Ponzi scheme that began in 2013.

Scheme Mechanics:
- Hashcoins Sales: They initially sold Bitcoin mining equipment under the brand Hashcoins but failed to maintain adequate inventory.
- Hashflare Launch: Later, they introduced Hashflare, offering remote mining contracts that promised substantial profits by showcasing fabricated mining capacity.
Asset Seizure and Compensation: Assets worth over $450 million were seized to compensate the victims of the scheme. Prosecutors sought 10 years in prison, and the Department of Justice may consider an appeal against the sentence.

Quote:
"The crew also linked to a $1.4 billion Bitbit hack, secured freelance roles to siphon millions more."
— Dave Bittner [20:02]

9. Interview with Michaela Campobasso on Vibe Hacking and Blockchain Bandits

Guest: Michaela Campobasso, Senior Researcher at Forescout
Topic: Separating the hype from reality around vibe hacking and exploring the activities of blockchain criminals in Pyongyang.

Understanding Vibe Hacking

Michaela defines vibe hacking as the utilization of generative AI tools by attackers to conduct sophisticated cyberattacks without in-depth prior knowledge.

Quote:
"Vibe hacking is the concept of attackers being able to rely massively on generative AI to conduct sophisticated attacks, cyber attacks in this case, without having any specific and prior knowledge on the topic."
— Michaela Campobasso [13:24]

Research Methodology and Findings

Scope of Study: The research encompassed 50 Language Learning Models (LLMs), including commercial, underground (accessible via Dark Web or Telegram), open-source, and gray-area models offered by specialized services.
Testing Parameters: The LLMs were evaluated on two primary tasks:
1. Vulnerability Research: Identifying vulnerabilities within code.
2. Exploit Development: Creating actual exploits based on identified vulnerabilities.
Results:
- Vulnerability Research: Commercial and gray-area LLMs performed reasonably well in simpler vulnerability identification tasks.
- Exploit Development: Success rates plummeted, with only 50% of commercial models producing usable exploits and a mere 20% handling more complex tasks effectively.

Quote:
"The best group of LLMs was by far the commercial solutions, which was surprising, honestly, because arguably they should prevent an arbitrary user to state..."
— Michaela Campobasso [17:39]

Implications and Takeaways

While LLMs can assist in automating certain aspects of cyberattacks, the current sophistication level remains limited. Vibe hacking primarily benefits opportunistic attackers with average skills by speeding up their workflow rather than enabling highly sophisticated breaches.

Quote:
"The level of sophistication that you can reach with an LLM without being an expert already on the subject is fairly low."
— Michaela Campobasso [21:04]

10. North Korean Blockchain Bandits Exposed

In the latest episode of "North Korea Does Remote Work," crypto investigator Zach XBT exposes a six-person IT squad from the DPRK involved in a $680,000 cryptocurrency hack in June. Operating under 31 fake identities, these individuals posed as blockchain developers with fabricated resumes, including fake experiences at reputable firms like OpenSea and Chainlink.

Operational Details:
- Tools Used: Coordination occurred via Google Drive, AnyDesk, VPNs, and Google Translate.
- Budget Constraints: They operated on a modest $1,489 monthly expense budget.
Linked Activities: The team is also connected to a $1.4 billion hack targeting BitBit and has taken on secured freelance roles to siphon millions more.
Modus Operandi: Their scams rely on high volume and exploit sloppy hiring practices, rather than high-tech methods.

Quote:
"Their CVs boasted experience at OpenSea and Chainlink, and one even interviewed at Polygon Labs."
— Dave Bittner [23:00]

Conclusion

The episode of CyberWire Daily delves into a range of pressing cybersecurity issues, from ransomware attacks affecting vital healthcare services to sophisticated phishing strategies and vulnerabilities in widely-used platforms. The in-depth interview with Michaela Campobasso provides valuable insights into the realistic capabilities and limitations of generative AI in facilitating cyberattacks. Additionally, the exposure of North Korean blockchain criminals underscores the persistent global challenges in combating cybercrime.

For more detailed information on these topics, listeners are encouraged to refer to CyberWire's daily briefing and participate in their annual audience survey to provide feedback.

Produced by Alice Carruth, Liz Stokes, Trey Hester, Jennifer Ivan, and published by Peter Kilpie. Original music by Elliot Peltzman.

Loading summary

Transcript19 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network powered by N2K. A ransomware attack exposes personal medical records of VA patients New joint guidance from CISA and the NSA emphasize asset inventory and OT taxonomy the UK government reportedly spent millions to cover up a data breach. Researchers identified two critical flaws in a widely used print orchestration platform. Phishing attacks increasingly rely on personalization. Routing and jailbreaking frameworks pose serious enterprise risks. Fortinet warns of a critical command injection flaw. Estonian nationals are sentenced in a crypto Ponzi scheme. Michaela Campobasso from Forescout joins us to separate the hype from reality around vibe hacking and meet the blockchain bandits of Pyongyang Foreign It's Thursday, August 14, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. A ransomware attack on Davita, a major dialysis provider contracting with the Department of Veterans affairs, exposed about 1 million medical records, including veterans Social Security numbers, lab results and insurance details. The breach affected VA patients receiving dialysis and lab services through the Veteran Community Care program. Additional data such as names, check images and tax IDs may have been compromised. The VA paid DaVita $206 million in early 2025 for services, but its internal systems were not impacted. Forensic teams and the FBI are investigating. Davita has restored affected systems and will offer 12 months of free credit monitoring to victims. Kidney disease is more prevalent among veterans, with the VA caring for about 600,000 affected individ nationwide. New joint guidance from agencies including CISA, the NSA, EPA and international partners emphasizes that building a modern, defensible architecture for operational technology relies on a well maintained asset inventory and OT taxonomy. Titled Foundations for OT Asset Inventory Guidance for Owners and Operators, the document outlines a structured, multi step process, define governance, scope and roles, identify OT assets and collect key attributes like IP addresses, manufacturer and criticality. Create a taxonomy classifying assets by function or criticality and organizing them using zones and conduits. Manage inventory data centrally and apply lifecycle management beyond inventory. It guides organizations in improving cybersecurity through vulnerability tracking, performance monitoring, training and continuous improvement. Appendix examples include conceptual taxonomies for oil and gas, electricity and water infrastructure. While voluntary and not prescriptive, this guide aids asset owners in enhancing information clarity, security posture and operational resilience for critical OT environments. Separately, CISA warned that attackers are actively exploiting two vulnerabilities in enable's n central remote monitoring and management platform. The flaws which require authentication, could allow command execution and input injection. Enable patched them in the recent version and urged immediate upgrades. About 2,000 instances are exposed online, mostly in the U.S. australia and Germany. CISA added the bugs to its known Exploited vulnerabilities catalog, giving US federal agencies until August 20 to patch and advised all organizations to secure systems promptly to reduce exploitation risk. In 2022, a British military error exposed the personal details of 18,700 Afghans who had worked with UK forces, risking Taliban reprisals, according to the New York Times. The Conservative government sought a rare contra mundum super injunction, barring disclosure even to its victims, spending $3.2 million in legal costs. The breach wasn't discovered until August 2023, when part of the data appeared on Facebook. Journalists who inquired were served with secrecy orders. The injunction lasted 18 months, until Labor's 2024 review prompted its lifting. Critics argue the order increasingly served to avoid political embarrassment. The breach triggered a £400 million secret relocation program for 4,500 Afghans. The case, unprecedented in scope, has sparked debate over press freedom in Britain, with legal experts noting such gag orders would be impossible under U.S. first Amendment protections. Researchers at Horizon3AI have identified two critical flaws in Xerox Free Flow Core, a print orchestration platform widely used by commercial print shops, universities and government agencies. The XXE injection vulnerability and path traversal flaw allow unauthenticated remote attackers to execute arbitrary code on affected systems. One of the vulnerabilities enables server side request forgery via improperly handled XML entities. The other allows attackers to upload files to arbitrary locations, enabling web shell deployment and remote execution. Both vulnerabilities are patched in the latest version and immediate upgrading is advised. The flaws were discovered during an investigation into unusual exploit callbacks and and disclosed under Horizon 3 AI's vulnerability policy. Cofence intelligence reports that subject customization personalizing email subjects, attachments and links is a key phishing tactic for delivering malware, especially remote access trojans and information stealers. From the third quarter 2023 through the third quarter of 2024, the top malware delivery themes with customized subjects were travel assistance, finance, taxes and notification. Travel assistance most often delivered Vidar stealer response used Picabot and Finance commonly used jrat. Customized file names often contained pii, particularly with JRAT and remcosrat in finance or taxes themed emails. This sort of personalization increases engagement and aiding attackers in stealing credentials or enabling brokered access for ransomware operations. Zimperium's Z Labs warns that modern routing and Jailbreaking frameworks, often developed without security oversight, pose serious enterprise risks by enabling malware infections, app compromise, and full system takeover. Many use Android kernel patching, as in Kernel Su, apatch and Skroot, hooking kernel functions to gain root access. Weak authentication between user apps and kernel interfaces creates exploitable flaws. A kernel SU 5.7 vulnerability let attackers spoof the manager app via file descriptor manipulation, bypassing signature checks to gain root before the legitimate manager launched. Similar weaknesses, such as Apache's past weak password protection and Magisk's impersonation bug show these risks are common. Z Labs stresses continuous monitoring as improper authentication, insecure communication, and poor privileged isolation in routing tools create persistent real world exploitation opportunities. Fortinet warns of a critical remote unauthenticated command injection flaw in Fortisim, a security monitoring platform used by governments, enterprises and MSSPs. Exploit code is already active in the wild, allowing attackers to execute unauthorized commands via crafted CLI requests with no distinctive IOCs for detection. Multiple versions are affected. Only supported releases will receive patches. Admins should upgrade immediately to fixed versions or restrict access to PH monitor on port 7900. Older, unsupported versions remain permanently vulnerable. Estonians Sergey Potapenko and Ivan Torogin were sentenced in Washington State to time served for running a $500 million cryptocurrency Ponzi scheme. Starting in 2013. They sold Bitcoin mining equipment via hashcoins but never had adequate inventory. They later launched Hashflare, offering remote mining contracts showing fake profits to investors while operating only a fraction of the claimed capacity. Assets worth over $450 million were seized for victim compensation. Prosecutors sought 10 years and the DOJ may appeal the sentence. Coming up after the Mikayla Campobasso from Forescout joins us to separate the hype from the reality around vibe hacking and meet the blockchain bandits of Pyongyang.
[10:53]
Ben Yellen
I'm Ben Yellen, co host of the Caveat podcast. Each Thursday we sit down and talk about the biggest legal and policy developments affecting technology that are shaping our world. Whether it be sitting down with experts or government officials, or breaking down the latest political developments, we talk about the stories that will have tangible impacts on businesses and people around the world. If you are looking to stay informed on what is happening and how it could impact you, make sure to listen to the Caveat podcast.
[11:30]
Dave Bittner
Compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots and all those manual processes. You're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key areas compliance, internal and third party risk, and even customer trust. So you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo. That's v a n-t a.com cyber Michaela Campobasso is a senior researcher at Forescout. I recently spoke with him about research separating the hype from the reality around vibe hacking.
[13:24]
Michaela Campobasso
So vibe hacking is the concept of attackers being able to rely massively on generative AI to conduct sophisticated attacks, cyber attacks in this case, without having any specific and prior knowledge on the topic. That's kind of the idea of ibacking.
[13:49]
Dave Bittner
Can you give us an idea of how someone might approach this? How would one who doesn't have a lot of experience use an LLM to go at what they want to do?
[13:59]
Michaela Campobasso
Yeah, so for example, one of the cases could be that someone is interested in attacking a given website. Then they resort to ChatGPT and they say, hey, I would like to do a security assessment on this specific website. How should I approach that in the very beginning? And the LLM starts to give you some answers, some generic information you could find online. So you do the process step by step and you start progressing with that. But then once you do the general recon side of things, then you will have to understand what is the technology behind the specific website. And you're facing a moment in which you need to write an exploit some code that is going to attack this website and exploit some vulnerabilities. This is where the thing gets tricky because ideally the person that is using this generative AI doesn't know how the thing looks like the attack looks like. And the LLM very confidently will give some answers which may be wrong. So that's a little bit the issue that we see. And that's the reason why we started to do this research, this line of research, to understand really how good an LLM could possibly be when an attacker with no prior experience wants to perform a malicious activity, some malicious activity.
[15:38]
Dave Bittner
Well, let's dig into the research that you all did here. What was your methodology and what did you discover?
[15:45]
Michaela Campobasso
So we sampled a number of LLMs spanning from commercial solutions, of course, because they are the most famous right now and arguably the most advanced. But we included also underground LLMs that you can find on marketplaces on the Dark web or Telegram. We included also Some open source LLMs you can find in some repositories online and some gray LLMs like services that companies that actually have a fat number so you can buy their services and they offer you specialized LLMs to conduct offensive operations as a researcher, for example. So we've sampled 50 of them and we decided to test them against a test bed of some tasks. And the two tasks that we decided to test these LLMs against were vulnerability research and exploit development. So vulnerability research, in a nutshell, is the process where someone or something looks at some code and then tries to find what are the vulnerabilities in that code and tries to exploit them, or at least pinpoint what are the issues in that code that may lead to an unintended use of that software. And exploit development is the subsequent step, that is, you have some vulnerable codes, you know that it's vulnerable, you know where the issue is. And then you have to write a program that misuses said software in the unintended way to achieve something that the software was not originally designed for. For example, launching commands on a system that was supposed to be just hosting, for example, a website.
[17:38]
Dave Bittner
So how did it go?
[17:39]
Michaela Campobasso
It didn't go that brilliantly. And the reason for that is that for simpler tasks that we had for vulnerability research, they performed somewhat okay, especially those that are commercial solutions and those that are on the gray area in a way. But when we were moving towards the more cognitively complex tasks like exploit development, they started to fail miserably. The best group of LLMs was by far the commercial solutions, which was surprising, honestly, because arguably they should prevent an arbitrary user to state, hey, I'm a security researcher, write me an exploit. Very, very easy to be convinced in that sense. So as I was saying, the commercial solutions performed quite well for vulnerability research in a way. Exploit development, roughly 50% of them managed to produce an exploit that was actually usable and exploiting the intended vulnerability. Whereas a harder task in exploit development was managed from only 20% of them. And we tested like 17 commercial solutions. That's how it went. Was not that great.
[19:03]
Dave Bittner
Yeah, one of the things that struck me in the research was that you all threw multiple iterations at these and you pointed out that some of these tasks required hours and hours of attempts to get something useful out of it.
[19:18]
Michaela Campobasso
Yeah, that's right. And that's one of the caveats of this research. Because I try to pose as someone that doesn't understand much, but at least understands something about what they're doing. I don't want to be just a wannabe hacker. They're testing the LLMs. I want it to be someone that knows how to do things. So whenever I was giving them the task to write an exploit for a given piece of code, I was monitoring the answers, I was performing some minor corrections where needed, and I was nudging sometimes LLMs to go in the right direction because they were easily diverging from the right path. So I was there looking after them carefully. Not too much. Not to be like someone that already knows the solution and then why are you using an LLM in the first place? And I really wanted to give each LLM their best shot at trying to solve the task. So each LLM was given up to five runs to solve each task. Despite all my efforts of pretending to be a somewhat average attacker, these were the results that were not too engrossing. And by the way, the exploit development exercises were taken from some CTFs, so they were not complex code like real case scenarios. We were talking about 10 lines of code in C, nothing too crazy, yet these were the results.
[20:50]
Dave Bittner
So what's the takeaway here for folks who are worried about the potential of these LLMs enabling vibe hacking? Is your sense that we're still a ways off.
[21:04]
Michaela Campobasso
In a way. Yes, I would say that still they are a useful tool. They can replace, basically Google if you want to. You can look for information there. You can ask them to write you skeletons for scripts and develop automated pipelines for conducting some sort of attacks. But the level of sophistication, that's the real difference. The level of sophistication that you can reach with an LLM without being an expert already on the subject is fairly low. And that's why arguably, Viberhacking is not, as of today, a big issue is just giving more wannabe attackers, or someone with opportunistic attackers with average skills some extra tools to be faster at their workflow. But not necessarily making a step forward. Because at the end of the day, even though it's not going any further in terms of sophistication, what you're getting right now in the positive outcomes of my tests is just an exploit. An exploit is literally the same stuff that you would have done by hand. They didn't use any new and undetectable way of exploiting a system. They were doing something that a human would have done because they learned how to do it from humans. So maybe the number of attacks is going to increase. That's most likely. Probably it's happening already right now. But in terms of sophistication, we are seeing the same stuff already as always.
[22:46]
Dave Bittner
I would argue that's Mikayla Campobasso from For Scout.
[23:02]
Ben Yellen
Support for this podcast and the following message comes from America's Navy the Navy offers new graduates hands on training and experience in careers like computer science, aviation and medicine, plus education and sign on bonuses. Parents help your grads start their career today@navy.com Martha listens to her favorite band.
[23:23]
Zach XBT
All the time in the car, gym, even sleeping. So when they finally went on tour, Martha bundled her flight and hotel on Expedia to see them live. She saved so much she got a seat close enough to actually see and hear them. Sort of. You were made to scream from from the front row. We were made to quietly save you more Expedia made to travel savings vary and subject to availability. Flight inclusive packages are atoll protected.
[23:58]
Dave Bittner
And finally, in the latest installment of North Korea Does Remote Work, crypto sleuth Zach XBT has outed a six person DPRK IT squad tied to a $680,000 June crypto hack. Moonlighting as blockchain developers under 31 fake identities, their CVs boasted experience at OpenSea and Chainlink, and one even interviewed at Polygon Labs. Screenshots from a compromised device show them coordinating scams via Google Drive, AnyDesk, VPNs and Google Translate, all on a $1,489 monthly expense budget. The crew also linked to a $1.4 billion Bitbit hack, secured freelance roles to siphon millions more. Zac XBT warns the scams aren't high tech, just high volume and sloppy hiring keeps the DPRK's most committed remote workers. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners we're collecting your insights through the end of this month. There is a link in the show Notes. Please take a moment and check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpie is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
[26:02]
Michaela Campobasso
Sam.