CyberWire Daily – Episode: FCC Draws the Line on Chinese Tech Threats Release Date: March 13, 2025
Host/Author: N2K Networks

Introduction

In this episode of CyberWire Daily, host Dave Buettner presents a comprehensive overview of the latest developments in the cybersecurity landscape. The episode delves into the Federal Communications Commission's (FCC) initiatives to counter Chinese cyber threats, ongoing challenges within the Cybersecurity and Infrastructure Security Agency (CISA), notable cyberattacks, and touches on broader industry issues such as vulnerabilities in widely-used software and emerging spyware threats. Additionally, the episode features an insightful interview with Alvaro Alonso Ruiz, co-founder and Chief Commercial Officer (CCO) of LeanSpace, discussing the state of software in the space industry.

FCC's National Security Council to Counter Chinese Cyber Threats

The episode opens with significant news about the FCC establishing a National Security Council aimed at countering Chinese cyber threats and maintaining U.S. leadership in critical technologies like AI, 5G, and quantum computing.

Key Points:

• FCC Chair Brendan Carr emphasizes the council's focus on mitigating cyberattacks, espionage, and reducing supply chain dependencies on adversarial nations.
• Leadership: Adam Chan, a former House China Committee lawyer, will lead the council.
• Scope of FCC: The FCC's expanded role includes overseeing telecom security, drone certification, and subsea cables.
• Early Focus: Addressing the Salt Typhoon cyberattack, a large-scale Chinese operation targeting U.S. telecom networks.

Notable Quote:

"The Council will focus on mitigating cyberattacks, espionage and reducing supply chain reliance on adversaries."
— Brendan Carr, FCC Chair [02:15]

This initiative aligns with broader U.S. efforts, such as the CIA's China Mission Center, aiming to curb Beijing's technological ambitions. In response, China's embassy has dismissed these concerns, advocating for a cooperative approach to U.S.-China relations.

CISA Under Strain: Leadership and Operational Challenges

The podcast highlights a critical perspective on CISA, presented by Eric Geller in Wired, arguing that the agency is in crisis due to mass layoffs and political pressures, particularly under President Donald Trump's administration.

Key Points:

• Employee Morale: Reports of low morale and leadership failures are rampant, weakening cybersecurity defenses.
• Operational Impact: Critical staff dismissals and the suspension of election security efforts have left the U.S. vulnerable to cyber threats from nations like Russia, China, and Iran.
• Budget Cuts: CISA is reducing its annual funding for MS-ISAC and EIS-ISAC Cybersecurity Intelligence groups, which are vital for state and local government defenses.
• Consequences: Defunding these groups could lead to increased vulnerability of election offices to foreign cyberattacks and undermine international anti-cybercrime efforts.

Notable Quote:

"Employees fear political retaliation and the agency's acting director is accused of prioritizing Trump's agenda over national security."
— Eric Geller, Wired [05:42]

Experts warn that the decline of CISA could have dire repercussions for U.S. security and economic stability, with fears that the situation may worsen.

Notable Cyberattacks: Volt Typhoon and UNC3886

The episode details two significant cyber threats attributed to Chinese actors:

1. Volt Typhoon Attack:

   • Target: Littleton Electric, Light, and Water departments in Massachusetts.
   • Duration: Maintained unauthorized access for over 300 days before detection in November 2023.
   • Impact: Compromised operational technology data, including energy grid operations and spatial layouts.
   • Risk: Potential escalation to disrupt critical U.S. infrastructure.
   • Detection: Identified during a Dragos OT security deployment.

   Notable Quote:

   "Volt Typhoon, linked to Chinese espionage, is known for persistent access and data exfiltration."
   — CyberWire Report [08:30]

2. UNC3886 Campaign:

   • Method: Deployment of custom backdoors on end-of-life Juniper Network's MX routers using tiny shell malware.
   • Discovery: Mid-2024 by Mandiant.
   • Capabilities: Allows data exchange and command execution, bypassing Juno OS security and VeraExec protections.
   • Threat Level: Ongoing espionage campaign threatening global networking infrastructure.

   Notable Quote:

   "These hackers bypassed Juno OS security by injecting malicious code into trusted processes."
   — Mandiant Analysis [09:50]

Ukraine's Kyiv International Cyber Resilience Forum

Ukraine hosted its Kyiv International Cyber Resilience Forum, marking an annual cyber conference where European allies took the forefront amidst reduced U.S. participation.

Key Points:

• U.S. Absence: No officials from the Trump administration attended, highlighting geopolitical tensions.
• European Leadership: Emphasis on developing a collective European cybersecurity framework inspired by Ukraine's frontline experiences.
• Partnerships: Collaboration with organizations like Google, Cloudflare, and CrowdStrike, with Mandiant's Sandra Joyce delivering a keynote address.
• Future Collaborations: Ukrainian officials expressed hope for renewed U.S. cyber collaborations, despite halted funding for cyber diplomacy programs.

Notable Quote:

"Ukraine formalized ties with the European Cybersecurity Competence Center, signaling closer European cooperation."
— CyberWire Report [11:15]

Facebook's Critical Vulnerability in FreeType

Facebook disclosed a critical flaw in FreeType, an open-source font rendering library utilized across Linux, Android game engines, and various GUI frameworks.

Key Points:

• Vulnerability Details: Allows arbitrary code execution due to an out-of-bounds write when parsing TrueType, GX, and Variable Font files.
• Scope: Affects all versions up to 2.13, with active exploitation observed.
• Resolution: FreeType patched the bug in February 2023, but older versions remain at risk.
• Recommendation: Developers are urged to update immediately to mitigate potential exploits.

Notable Quote:

"While FreeType patched the bug in February of 2023, older versions remain at risk."
— CyberWire Report [12:40]

New Android Spyware: APT37's Cospy

North Korean threat group APT37, also known as Scarcruft, has deployed Cospy, an Android spyware infiltrating the Google Play Store and APK Pure through malicious apps disguised as file managers and security tools.

Key Points:

• Operation Duration: Active since March 2022.
• Capabilities: Steals SMS call logs, GPS data, files, audio, and keystrokes.
• Evasion Techniques: Utilizes Firebase Firestore and encrypted Command and Control (C2) communications.
• Mitigation: Google has removed the infected apps, but users must manually uninstall them or reset their devices. Google Play Protect assists in blocking known versions of Cospy.

Notable Quote:

"Cospy evades detection by using Firebase Firestore and encrypted C2 communications."
— CyberWire Report [13:20]

Interview: Alvaro Alonso Ruiz on Software in Space

Guest: Alvaro Alonso Ruiz, Co-Founder and CCO of LeanSpace
Interviewer: Maria Vermazes, Host of T Minus Space Daily
Timestamp: [14:07] – [25:27]

In this in-depth interview, Alvaro Alonso Ruiz discusses the critical state of software development within the space industry. Despite advancements in hardware and mission-critical technologies, the software aspect remains languishing, often relying on outdated systems and methodologies.

Key Insights:

1. Stagnant Software Practices:

   • Observation: Space missions are dependent on legacy software, some running as old as Windows 95.
   • Challenge: Maintaining and updating such systems poses significant security risks and operational inefficiencies.

   Notable Quote:

   "There's this new space movement, a lot of new companies spawning, doing amazing stuff. But when I saw that space missions were state of the art in many technologies, but in software they were stuck decades in the past."
   — Alvaro Alonso Ruiz [14:07]

2. Risk-Averse Mindset:

   • Issue: The inherent risk in space missions leads to a risk-averse culture, prioritizing stability over innovation.
   • Consequence: This results in rigid, waterfall-based development processes that are ill-suited for the dynamic needs of modern software development.

   Notable Quote:

   "Every mission was a one off. They were trying to minimize risks all across. They were extremely expensive missions. They took forever."
   — Alvaro Alonso Ruiz [16:00]

3. Need for Agile Methodologies:

   • Comparison with SpaceX: Companies like SpaceX adopt agile methods, allowing for quick iteration and constant innovation.
   • Recommendation: Transitioning to software-focused business models and adopting agile practices can significantly enhance efficiency and adaptability.

   Notable Quote:

   "SpaceX operates in a completely different manner. They run their business as a software business. They launch a lot of satellites and have very quick turnaround. It's like in software development, you work in sprints."
   — Alvaro Alonso Ruiz [17:00]

4. Integration and Modernization Strategies:

   • Educational Efforts: Emphasizing the benefits of modern software technologies to reduce costs, risks, and delays.
   • Phased Transitions: Implementing middleware layers to connect legacy systems with cloud-based applications.
   • Hybrid Cloud Adoption: Leveraging cloud security advantages while maintaining mission-critical systems' integrity.

   Notable Quote:

   "We need phased transitions because we cannot just like disconnect a control center and connect another one. It doesn't work."
   — Alvaro Alonso Ruiz [24:00]

Conclusion of Interview: Alvaro underscores the necessity for the space industry to embrace software modernization to keep pace with technological advancements and reduce vulnerabilities. LeanSpace is at the forefront of facilitating this transformation, aiming to bridge the gap between legacy systems and modern, secure software solutions.

UK Hospital's Network Security Challenges

The episode highlights a concerning revelation from the Princess Alexandra Hospital in the UK, which discovered thousands of unauthorized devices connected to its network.

Key Points:

• Discovery: Between 5,000 to 10,000 unknown devices, including PlayStations, coffee machines, and electric cars, were found connected to the hospital's network.
• Impact: Highlights a massive expansion of the hospital's attack surface amidst a broader tech modernization effort.
• Security Measures: Without a dedicated cybersecurity team, the hospital relies on infrastructure staff to manage security using automated tools, Extended Detection and Response (XDR), and AI-driven protections.
• Zero Trust Security: Although network segmentation has been implemented, achieving Zero Trust Security remains unfulfilled.
• Risk Implications: Deputy Director of ICT, Jeffrey Wood, warns that unsecured networks could lead to attacks that directly harm patients.

Notable Quote:

"There's nothing like a cybersecurity audit to find out your MRI machine shares a network with somebody's PS5."
— Dave Buettner [22:10]

Conclusion

This episode of CyberWire Daily provides a thorough examination of current cybersecurity challenges, from governmental efforts to counteract foreign threats to internal struggles within key agencies like CISA. It underscores the persistent vulnerabilities in critical infrastructure and the urgent need for modernization, both in the space industry and healthcare systems. The insights shared by Alvaro Alonso Ruiz emphasize a broader industry trend towards integrating advanced software solutions to mitigate risks and enhance operational efficiency.

For more detailed information on these topics, listeners are encouraged to visit thecyberwire.com or subscribe to the CyberWire Daily podcast.

Credits:

• Host: Dave Buettner
• Interviewer: Maria Vermazes
• Guest: Alvaro Alonso Ruiz, Co-Founder and CCO of LeanSpace
• Producers: Alice Carruth, Liz Stokes
• Sound Design: Elliot Peltzman
• Executive Producer: Jennifer Ibin
• Publisher: Peter Kilpe

Stay informed with CyberWire Daily – your trusted source for cybersecurity news and analysis.