From China with love (and Malware). - CyberWire Daily

Summary7 min read

CyberWire Daily Summary

Title: From China with Love (and Malware)
Host/Author: N2K Networks
Release Date: March 6, 2025

1. Introduction

In this episode of CyberWire Daily, host Maria Varmazes delivers a comprehensive overview of recent cybersecurity developments. The discussion covers a range of topics, including international cyber espionage, emerging threats, vulnerabilities in popular software, and significant legislative movements impacting the cybersecurity landscape.

2. Major Cybersecurity Developments

a. U.S. Justice Department Charges Chinese IT Contractor Employees

The U.S. Justice Department has indicted twelve Chinese nationals for their roles in hacking U.S. entities on behalf of the Chinese government. This group includes two officers from the People’s Republic of China’s (PRC) Ministry of Public Security and eight employees from the IT security contractor Isun. Additionally, two freelancers associated with the APT27 threat actor assisted in operations.

Key Targets:
- U.S. Defense Intelligence Agency
- U.S. Commerce Department
- Major U.S. religious organizations
- News organizations in the U.S. and Hong Kong
- Foreign ministries of India, Indonesia, South Korea, and Taiwan
Operations: From 2016 to 2023, Isun engaged in widespread hacking activities, compromising email accounts, cell phones, servers, and websites under the direction of PRC’s Ministry of State Security (MSS) and Ministry of Public Security (MPS).
Notable Statement: "Isun generated tens of millions of dollars in revenue and at times had over 100 employees," the Justice Department noted in their press release.

b. Microsoft Identifies Evolving Tactics of Silk Typhoon

Microsoft released a report detailing how the Chinese espionage group Silk Typhoon is adapting its strategies to target common IT solutions, including remote management tools and cloud applications, to gain initial access to organizations. Although they haven't directly targeted Microsoft cloud services, Silk Typhoon exploits unpatched applications to escalate access and infiltrate customer networks.

Recent Activity: In December 2024, Silk Typhoon successfully hacked the U.S. Treasury's Office of Foreign Assets Control.

c. Malicious Chrome Extensions Impersonate Legitimate Tools

Researchers at SquareX Labs discovered polymorphic attacks where malicious Chrome extensions mimic legitimate ones like password managers and cryptocurrency wallets. These extensions deceive users into entering sensitive information by replicating the interface of trusted applications.

Technical Insight: These malicious extensions utilize the Chrome Management API or inject resources into visited web pages to identify targets before downloading malicious code.

d. Apache Airflow Misconfigurations Expose Sensitive Credentials

Vulnerabilities in Apache Airflow have been identified, where misconfigurations expose credentials such as API keys and cloud service tokens. These issues primarily affect sectors like finance, healthcare, and e-commerce.

Mitigation Strategies:
- Upgrade to Airflow 2.0 or later
- Implement network segmentation
- Use dedicated secrets management tools
- Conduct thorough code reviews to eliminate hard-coded credentials

e. LibreOffice Vulnerability Enables Script-Based Attacks

A newly discovered vulnerability in LibreOffice allows attackers to execute arbitrary scripts via maliciously crafted macro URLs. This flaw can lead to system compromises, data theft, or further malware deployment.

Recommendations:
- Disable macros
- Restrict execution of untrusted documents
- Ensure LibreOffice is updated to the latest patched version

f. VMware ESXi Instances Vulnerable to Exploits

Tens of thousands of VMware ESXi instances remain susceptible to actively exploited vulnerabilities that allow attackers to perform VM escapes and access the ESXi hypervisor. This access can lead to lateral movement within networks and significant data breaches.

Expert Insight: "Attackers can use that to access every other VM and be on the management network of the VMware cluster," explains security researcher Kevin Beaumont ([Timestamp: 16:31]).

g. NSO Group Executives Indicted in Espionage Case

A Catalan court has indicted three executives from the NSO Group for their involvement in espionage against a lawyer representing Catalan independence leaders. This marks a significant shift from previous rulings that limited accountability to the company and its European subsidiaries.

Context: The indictment is part of the ongoing Catalan Gate scandal, which involved the use of NSO’s Pegasus spyware against at least sixty-five individuals, including politicians and activists.
Human Rights Response: Iridia, representing the affected lawyer, praised the indictments as a crucial step toward addressing unlawful surveillance.

h. Testimony on Federal Workforce Reduction Impacting Cybersecurity

Rob Joyce, former Director of Cybersecurity at the NSA and a White House advisor, testified before the House Select Committee expressing concerns over the Trump administration's plan to mass-fire probationary federal employees. Joyce highlighted that such actions could undermine U.S. cybersecurity and national security efforts, particularly in combating Chinese cyber threats.

i. Financial Sector Pushback on CISA’s Cyber Incident Reporting Rules

Prominent financial organizations have requested the Cybersecurity and Infrastructure Security Agency (CISA) to revise its proposed implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). The financial sector argues that the current rules impose undue burdens and divert resources from effective incident response.

Proposed Rules: Entities must report significant cybersecurity incidents within 72 hours and ransomware payments within 24 hours.
Financial Sector’s Stance: Advocates for a collaborative approach that allows companies to prioritize addressing cyberattacks over fulfilling stringent reporting obligations.

3. In-Depth Interview: Dave Bittner on Adopting Zero Trust Podcast

Dave Bittner, a prominent figure in cybersecurity, joined hosts Elliot Volkman and Neil Dennis on the Adopting Zero Trust podcast at ThreatLocker’s Zero Trust World 2025 event. The conversation delved into the current state and future of cybersecurity, touching upon Zero Trust strategies, AI adoption, and the influence of political dynamics on the field.

Key Discussion Points:

Cybersecurity Landscape:
Dr. Chase Cunningham remarked, "The hottest take right now is just trying to navigate the chaos that's going on in Washington, D.C. and which is directly related to cybersecurity." ([Timestamp: 15:25])
Leadership and Policy Challenges:
Kevin Beaumont criticized current cyber leadership, stating, "I think the leadership style here needs to be fixed, especially in cyber." ([Timestamp: 16:06])
Compliance and Regulatory Shifts:
Discussion on the potential evolution of compliance frameworks like HIPAA, CMMC, and FedRamp. Beaumont highlighted a forthcoming shift: "There’s a sea change that’s lining up which is going to potentially change the way that people view violations and negligence." ([Timestamp: 17:50])
Quantum Computing Concerns:
The panel debated the realistic threats posed by quantum computing, with Beaumont explaining, "Until we crack better ways of cooling, I don't think quantum is a realistic issue that we face anytime soon." ([Timestamp: 20:38])
AI as a Double-Edged Sword:
The rapid deployment of AI tools like ChatGPT has led to their exploitation by threat actors. Neil Dennis noted, "Everybody's trying to figure out ways to make it spit out ransomware." ([Timestamp: 21:53])
Undiscussed Stories in Cybersecurity:
Dave Bittner shared his interest in historical cybersecurity practices, particularly how, during the Apollo program, potential signal interference between U.S. and Russian missions was mysteriously absent. He pondered whether it was a "gentleman’s agreement" between the superpowers. ([Timestamp: 22:35])

4. Notable Quotes

Kevin Beaumont on Leadership:
"The leadership style here needs to be fixed, especially in cyber."
— Kevin Beaumont ([16:06])
Chase Cunningham on Responsibility:
"It is a responsibility that we take very seriously."
— Dr. Chase Cunningham ([19:13])
Beaumont on Quantum Computing:
"I don't think quantum is a realistic issue that we face anytime soon."
— Kevin Beaumont ([20:38])

5. Final Highlight: North Korea’s Lazarus Group Largest Crypto Heist

North Korea’s Lazarus Group has executed what is officially the largest hack in cryptocurrency history, stealing over a billion dollars from the crypto exchange Bybit. Utilizing decentralized finance (DeFi) tools, Lazarus has successfully laundered approximately $400 million at remarkable speed, complicating investigative efforts.

Operational Tactics:
- Leveraging DeFi platforms to obscure the trail of stolen funds
- Rapid and organized laundering process facilitated by underground networks, particularly in China
Industry Response:
Bybit has initiated a bounty program to encourage the tracing of the stolen cryptocurrency, with 77% of the funds still traceable despite the sophisticated laundering techniques.
Implications:
This breach surpasses previous major crypto thefts like those of Ronin Network and Poly Network, signaling heightened vulnerabilities within the crypto market and prompting increased vigilance across the industry.

Conclusion

This episode of CyberWire Daily provides a critical examination of significant global cybersecurity threats, legislative changes, and emerging technologies impacting the field. From indictments of international cyber operatives to the largest cryptocurrency heist orchestrated by a state-sponsored group, the discussions underscore the evolving and complex nature of cybersecurity challenges in 2025.

For more detailed insights and to stay updated on the latest in cybersecurity, subscribe to CyberWire Daily and join the conversation.

Note: Timestamps correspond to the original podcast transcript and are provided for reference.

Loading summary

Transcript61 lines

[00:02]
Maria Varmazes
You're listening to the Cyberwire Network powered by N2K.
[00:14]
Dave Bittner
We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed. Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indee indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need.
[02:01]
Maria Varmazes
U.S. justice Department charges employees of charge Chinese IT contractor Isun Silk Typhoon targets the IT supply chain for initial access Chrome extensions that change shape Attackers Target Airflow misconfigurations LibreOffice vulnerability opens the door to script based attacks NSO group leaders face charges in spyware case today. Our own Dave Bittner is our guest as he appeared on the Adopting Zero Trust podcast at ThreatLocker. Zero Trust World 2025 event with hosts Elliot Volkman and Neil Dennis and guest Dr. Chase Cunningham and turning $1 billion into thin air. Today is March 6, 2025. I'm Maria Varmazes subbing in for Dave Buettner, still out on vacation and this is your Cyberwire intel br thanks for joining us on this lovely Thursday. Let's get into it. The US Justice Department has charged 12 Chinese nationals for their alleged involvement in hacking US entities on behalf of the Chinese government. Two of the individuals are officers with the PRC's Ministry of Public Security and eight are employees of Chinese IT security contractor Isun. Two additional defendants are freelancers tied to the APT27 threat actor who assisted Isoon in some operations. The Justice Department says the Ministry of Public Security and the Ministry of State Security hired Isoon to carry out espionage campaigns against organizations around the globe, including the US Defense Intelligence Agency, the US Commerce Department, a major US Religious organization, and news organizations based in the United States and Hong Kong. ISOON also allegedly hacked the foreign ministries of India, Indonesia, South Korea and Taiwan, the FBI says. Isun's activities have been publicly tracked as Aquatic Panda Red, Alpha Red Hotel, Charcoal Typhoon Red, Skilla, Hassium, Chromium, and TAG22, justice said in a press release. From approximately 2016 through 2023, ISOON and its personnel engaged in the numerous and widespread hacking of email accounts, cell phones, servers, and websites as at the direction of and in close coordination with the PRCs MSS or Ministry of State Security and MPS, or Ministry of Public Security. ISOON generated tens of millions of dollars in revenue and at Times had over 100 employees. Isoon's primary customers were PRC government agencies. It worked with at least 43 different MSS or MPS bureaus and charged the MSS and mps between approximately $10,000 and $75,000 for for each email inbox that it successfully hacked. Isoon sustained a major breach in early 2024 that exposed its inner workings and ties to the Chinese government, as well as its hacking tools and services. Microsoft has published a report on the Chinese espionage actor Silk Typhoon, finding that the group is now targeting common IT solutions like remote management tools and cloud applications to gain initial access, Microsoft states. While they haven't been observed directly targeting Microsoft cloud services, they do exploit unpatched applications that allow them to elevate their access in targeted organizations and then conduct further malicious activities. After successfully compromising a victim, Silk Typhoon uses the stolen keys and credentials to infiltrate customer networks, where they can then abuse a variety of deployed applications, including Microsoft Services and others to achieve their espionage objectives. Bleeping Computer notes that Silk Typhoon recently made headlines for hacking the U.S. treasury's Office of Foreign Assets Control in December 2024. A newly identified polymorphic attack enables malicious Chrome extensions to impersonate legitimate ones such as password managers, cryptocurrency wallets, and banking applications, thereby facilitating the theft of sensitive user information. Researchers at squarex Labs demonstrated that these extensions can detect other installed extensions using the Chrome Management API or by injecting resources into visited web pages. Upon identifying a target, the malicious extension downloads code to replicate the legitimate extension's interface, deceiving users into entering confidential data. Misconfigurations In Apache Airflow, instances have been found to expose sensitive credentials, including login details, API keys, and cloud service tokens due to insecure coding practices and outdated deployments. These vulnerabilities affect sectors such as finance, healthcare, and E commerce with exposed credentials for services like AWS, Slack, PayPal, and internal databases. The primary issues include hard coded secrets in DAG scripts, unencrypted variables and connection metadata, legacy logging vulnerabilities, and exposed configuration files. To mitigate these risks, organizations should Upgrade to airflow 2.0 or later, implement network segmentation, use dedicated secrets management tools, and conduct thorough code reviews to eliminate hard coded credentials. A newly discovered vulnerability in LibreOffice allows attackers to execute arbitrary scripts via maliciously crafted macro URLs, posing a significant security risk. The flaw exploits LibreOffice's handling of macro execution, enabling remote attackers to bypass security warnings and execute malicious code without user consent. If successfully exploited, this vulnerability could allow system compromise, data theft, or further malware deployment. Security researchers recommend disabling macros, restricting untrusted document execution and ensuring LibreOffice is updated to the latest patched version. Organizations should monitor for suspicious document activity and enforce strict macro security policies to mitigate the risk of exploitation. In a follow up to a story from earlier this week, tens of thousands of VMware ESXi instances remain vulnerable to a chain of actively exploited vulnerabilities that were disclosed on Tuesday, according to a report from Security Week, the vulnerabilities can allow an attacker to perform a VM escape and gain access to the ESXI hypervisor. Security researcher Kevin Beaumont explains that attackers can use that to Access every other VM and be on the management network of the VMware cluster. Beaumont added that once you have this level of access, traditionally you'll see groups like ransomware actors steal files and wipe things. While the vulnerabilities are being exposed by unnamed threat actors, details of the exploit aren't yet publicly available. Organizations should prioritize patching before an exploit is released. A Catalan court has indicted three NSO group executives for their alleged involvement in espionage against the lawyer representing Catalan independence leaders. This decision overturns a prior ruling that limited accountability to the company and its European subsidiaries. The court's action is part of a broader investigation into the use of NSO's Pegasus spyware against Catalan separatists, a scandal known as Catalan Gate, which reportedly targeted at least 65 individuals, including politicians, activists and their families. The human rights organization Iridia, representing the lawyer in question, hailed the indictments as a pivotal step towards addressing unlawful surveillance. The court has also sought cooperation from Luxembourg authorities to advance the investigation. Rob Joyce, who is the former director of cybersecurity at the National Security Agency and a White House advisor for the first Trump administration, testified before the House Select Committee. Expressing grave concerns over the Trump administration's initiative to mass fire probationary federal employees. Joyce emphasized that such actions could severely undermine U.S. cybersecurity and national security efforts, particularly encountering Chinese cyber threats. He highlighted that probationary employees often constitute a pipeline of top technical talent essential for identifying and mitigating cyber threats. The administration's aggressive stance on reducing the federal workforce, including attempts to dismiss nearly all probationary employees, has faced legal challenges, with the federal judge temporarily blocking the order due to the overreach by the Office of Personnel Management. Several prominent financial organizations have formally requested that the Cybersecurity and Infrastructure Security Agency, or cisa, revise its proposed implementation of the Cyber Incident Reporting for Critical Infrastructure act of 2022, otherwise known as CIRC. Enacted in March 2022, CIRCIA mandates that critical infrastructure entities report significant cybersecurity incidents within 72 hours and ransomware payments within 24 hours. CISA's current proposal, set to take effect in October 2025, is estimated to impact approximately 316,000 entities. The financial groups argue that the proposed rules deviate from Circe's original intent by imposing undue burdens on organizations, potentially diverting resources from effective incident response and recovery efforts. They advocate for a collaborative approach to develop a rule that allows victimized companies to prioritize addressing cyber attacks over fulfilling reporting obligations. Coming up after the break, Dave Bittner himself joins hosts Elliot Volkman and Neil Dennis on the Adopting Zero Trust podcast from Threat Lockers, Zero Trust World 2025 alongside special guest Dr. Chase Cunningham. And don't miss how one hacker group turned $1 billion into thin air.
[12:09]
Dave Bittner
Your business needs AI solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more@AI.domo.com that's AI.domo.com cyber threats are more sophisticated than ever. Passwords. They're outdated and can be cracked in a minute. Cybercriminals are intercepting SMS codes and bypassing authentication apps. While businesses invest in network security, they often overlook the front door, the login yubico believes the future is passwordless. Yubikeys offer unparalleled protection against phishing for individuals, SMBs and enterprises. They deliver a fast, frictionless experience that users love. Yubico is offering N2K followers a limited buy one, get one offer. Visit yubico.com N2K to unlock this deal. That's Yubico. Say no to modern cyber threats. Upgrade your security Today.
[13:49]
Maria Varmazes
Our very own Dave Buettner joined hosts Elliot Volkman and Neil Dennis on the Adopting Zero Trust podcast at ThreatLocker Zero Trust World 2025. And together they explored the balance between delivering refined news versus raw perspective, the tipping point for AI adoption, and how the current political landscape is shaping cybersecurity. Here's a bit of their conversation.
[14:12]
Elliot Volkman
Hello and welcome to Adoption Zero Trust, live from Zero Trust World or zdw. I'm Ellie Volkman, your producer and media host. I might actually say more than five words as ten we have our wonderful Neil Dennis, I hope you know who Dr. Chase can I am. Or doctors Air trusters. And then Dave, you're new to this, but if you're listening to us and you're not seeing us, I suspect you're going to know his voice more than anything. He is the, I don't know, I would argue, probably the source of all proper cybersecurity news that most of us listen to. Dave, who are you, though?
[14:47]
Neil Dennis
He's the guy Graham absolutely wants to.
[14:48]
Dr. Chase Cunningham
Grow up to be. Oh, wow. Your words, not mine, but okay. Graham will be here, I think later today. So I'm the host of the Cyber Wire podcast, which is a popular daily cyber security news brief enjoyed by many.
[15:02]
Dave Bittner
So thank you for having me.
[15:03]
Elliot Volkman
Just a few, right?
[15:04]
Dr. Chase Cunningham
Just a few. Just a few, yeah. It's nice to be able to help try to make the world a little safer day by day.
[15:10]
Elliot Volkman
I love it. That all said, well, I'll start with some basics. What I would love to do is get your perspective on the world of cyber security that we're in now. What is your maybe lukewarm take on the year ahead for cyber security? Having seen everything and anything in between?
[15:26]
Dr. Chase Cunningham
Well, I think the hottest take right now is just trying to navigate the chaos that's going on in Washington, D.C. and which is directly related to cybersecurity. So the unpredictability of that, things that are happening that we have not seen before in ways that we have not seen before. I think as a friend of mine used to say, do you hear that clicking sound? I say, what are you talking about he'd say we're headed up the first lift hill and hold on to the bar. Here we go. So to me, that's the big disruptor this year and I would love to see it end sooner than later, but I don't have high hopes that that's going to happen.
[16:03]
Elliot Volkman
That sounds reasonable. Chase, I feel like you might have some opinions here.
[16:07]
Kevin Beaumont
Yeah, well, I mean I wrote a piece about the cat that was just appointed to be the director of National Cyber that knows as much about cyber as I do about underwater basket weaving. So I think we're continuing to propagate a lot of the shenanigans in that space, which is not going to help. I think the, the way we're rushing into things. And I'm all for fixing of fraud, waste and abuse because I've been in the government and I've seen this stuff. But the leadership style here needs to be fixed, especially in cyber.
[16:31]
Dr. Chase Cunningham
That's fair.
[16:32]
Elliot Volkman
Can't argue with that. Neil, what are you going to throw at us?
[16:36]
Neil Dennis
I'm with Chase, obviously. I'm working day to day job. There are some things working on that kind of got put on hiatus like most government contracting stuff will do if it hasn't already been signed before. Shifter. But I will say the current future of cisa, which was a pet project six years ago, is no longer seeming to be a pet project anymore. So the outcome of what happens with that particular effort will obviously have massive repercussions for where we go from standards and policy and procedure for the next three, five, ten years even. We were just getting used to cisa. We were just getting things that actually worked with cisa. So it'll be fun to see where that goes in my opinion.
[17:17]
Elliot Volkman
I'm gonna throw out one more lob that I feel like Chase is gonna sink his teeth maybe into a little bit. Then we'll see if you have some context. You want to add Bunny repercussions. So let's say the world of compliance and frameworks is tied to government. How to thin ice? Maybe a little bit. Will HIPAA, CMMC, FedRamp those survive? We don't know. But in past conversations we've talked about repercussions and usually they come in fines and that's like the cost of doing business. Do you feel like there could be any shifts in those wins from being.
[17:50]
Kevin Beaumont
Engaged in some of the working groups that are doing things up on the hill and in those closed door sessions? I say that there's a sea change that's lining up which is Going to potentially change the way that people view violations and negligence, which is something I've been like trying to champion for a long time. So the cost of doing business might include some shiny bracelets here pretty soon, which is the way it ought to be.
[18:17]
Dr. Chase Cunningham
So more than fines, perhaps actually seeing criminal charges for negligence, very much like.
[18:21]
Kevin Beaumont
You have in the airline industry and in every other regulated industry where if you do knowingly negligent stuff, especially for years on end, you don't get to go, oh, sorry, let me cut you a check. You get to go to federal prison for a little while.
[18:34]
Dr. Chase Cunningham
That could move the needle that there's.
[18:36]
Kevin Beaumont
Nothing like prison that will change people's approach to a problem.
[18:39]
Dave Bittner
Yeah.
[18:39]
Elliot Volkman
Dave, I do want to pull back from like your history a little bit and maybe get some perspective from your side. And I'll probably just skip through some of the fluffier stuff, but you probably are privy to a lot of information that the world wants to know. You have to get a certain amount of information before it is ready to, to be released. I'm just curious, like, how do you even begin to manage what is what you are comfortable sharing with the world or how you vet and go through that information? Because obviously we get a little bit of closed door information that's not quite baked in.
[19:12]
Dr. Chase Cunningham
Right?
[19:13]
Elliot Volkman
Yeah.
[19:13]
Dave Bittner
Right.
[19:14]
Dr. Chase Cunningham
Well, I'd say first of all, we think it's really important to have a process and to be careful. We're very deliberate about not dealing in rumors or speculation or gossip or any of that kind of stuff. There's plenty of that out there, but we feel like that's not what people come to us for. It is not unusual for us to hold a story until we can get verification from an additional legit news source that something is actually happening. I think if you build trust with your audience and you're straight with them and you admit when you've made a mistake, then everything will work out fine. But it's a responsibility that we take very seriously. And I feel fortunate we have a really good team to back me up. So I'm glad it's not just me out there doing it.
[20:04]
Elliot Volkman
Right.
[20:04]
Neil Dennis
You got to start somewhere. You have to have a filter. You have to have someone who provides perspective and then you have to be able to provide your own on top of that and make an educated assessment of around what's going on. Yeah, but you have to get to the floor, to the bottom floor of what's there.
[20:16]
Kevin Beaumont
And there's so much now. There's just so much. And it's at such speed, being able to filter down is, is so valuable. I feel that there will be an unrealized benefits of this because people are going to do bad things that can. And that's just the nature since Cain and Abel.
[20:33]
Dave Bittner
Yeah.
[20:33]
Elliot Volkman
I mean it was less than quantum ominator.
[20:36]
Kevin Beaumont
Quantum is. Yeah.
[20:39]
Dr. Chase Cunningham
Quantum Is that, is that, is it somebody just put a check on their bingo card for you. You use the word quantum.
[20:48]
Kevin Beaumont
Yeah, yeah. The biggest thing about quantum that I think a lot of folks don't really get because I was talking with some folks on the MIT side, is it's not even the quantum computing that's the actual problem. It's the cooling. They can't run the machines long enough, keep it cool enough to actually work long enough to be valuable.
[21:04]
Dr. Chase Cunningham
Oh, interesting.
[21:05]
Kevin Beaumont
Yeah. So they have to get them almost degrees Kelvin cold, which is. It's easy to heat stuff up. Cooling it down is a whole other issue, which is why there are people sinking data centers in the ocean to try and cool them off as fast as possible. So until we crack better ways of cooling, I don't think quantum is a realistic issue that we face anytime soon. And from everyone I've talked to that are technologists that actually understand that stuff, they say we're 10 to 20 years out now. I think there will be quantum computations that are going to come and as we get more cloud and more distributed type of infrastructure, it'll solve itself. But quantum computing at its current iteration.
[21:44]
Dr. Chase Cunningham
Yeah, it's like the joke about nuclear fusion that it's always 20 years away, no matter when you ask. Yeah, right, Right.
[21:53]
Neil Dennis
The moment the first public version of ChatGPT went live, two point whatever it was, it was already published inside tour for various threat actors to take advantage of that LLM. Everybody's trying to figure out ways to make it spit out ransomware. On this side, just log into Tor.
[22:10]
Kevin Beaumont
And some other places use your neighbor's WI fi.
[22:11]
Neil Dennis
Yeah, but to your point though, force multipliers, things that lower the barrier to entry on anything, technology wise, they're are always going to be used nefariously and sometimes for fun as well.
[22:23]
Elliot Volkman
But we, we've gone through every buzzword that's currently like brewing.
[22:27]
Kevin Beaumont
Yeah, I was trying to think of what one which one we missed, but.
[22:30]
Elliot Volkman
I think, I think we can deviate away from that. I do want a loud one question your way, Dave and I'll like wrap things up.
[22:36]
Dr. Chase Cunningham
Okay.
[22:36]
Elliot Volkman
You obviously cover in aggregate every news piece that are out there from the cybersecurity perspective, but is there a. That you feel like you would love to tell and just. It's not part of the equation for you, is there? Neil and I, we don't really cover incidents and breaches. Everyone else already does that.
[22:53]
Dr. Chase Cunningham
Right.
[22:53]
Elliot Volkman
What's hiding in the back of your mind that a story that you've been wanting to tell is just not there yet?
[23:00]
Dr. Chase Cunningham
Well, I come at it from a different direction, which is kind of a. There's a historical story that I've. In fits and starts, I've tried to chase a couple times over the years, and I haven't gotten anywhere. And since I first started chasing this story, we started a daily space podcast. So now we have a team who's focused on space news. So the story I was trying to track down was years ago, during the Apollo program. How was it that people didn't basically mess with each other's signals, all that stuff? Because it was analog in the clear. Was this just a gentleman's agreement that we said to the Russians? The Russians said to us, we're going to leave each other alone while we're sending things to the moon.
[23:49]
Elliot Volkman
Right.
[23:50]
Dave Bittner
So it.
[23:51]
Dr. Chase Cunningham
Like it. What intrigues me about it is like somehow, even with the historians, that particular security question hasn't come up that I. That I can tell, or I haven't found it yet. Maybe there's probably a book out there somewhere.
[24:05]
Elliot Volkman
But, yeah.
[24:06]
Dr. Chase Cunningham
Was it just a gentleman's agreement that we're. We're pushing the boundaries here, and I'm not going to jam your space capsule, even though I can.
[24:17]
Maria Varmazes
For the full conversation, be sure to visit our show Notes for links to the Adopting Zero Trust podcast, and you can also check out the video of their discussion to dive deeper into their insights on implementing Zero Trust strategies.
[24:43]
Dave Bittner
Hey, everybody. Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Delete me. I have to say, delete Me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.comN2K and use promo code N2K at checkout the only way to get 20% off is to go to JoinDeleteMe.com N2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.
[25:59]
Maria Varmazes
North Korea's Lazarus Group has swiped over a billion dollars from crypto exchange Bybit, and they're already busy laundering the stolen funds. Using decentralized finance, or DeFi tools to cover their tracks, they've pulled off a lightning fast, highly organized operation that's leaving investigators scratching their heads. The FBI has confirmed Lazarus as the mastermind, and experts say that the group's infrastructure has likely expanded, with underground networks, especially in China, helping them wash the funds. They've already laundered around $400 million, and their sheer speed and volume are creating headaches for anyone that's trying to stop them. Bybit has launched a bounty for those who can help trace the stolen crypto. But with 77% of the funds still traceable, it's a race against time. This hack is officially the largest in crypto history, blowing past even the notorious Ronin Network and Poly network thefts. It is a truly staggering breach, one that'll have the crypto world on high alert for quite some time. And that is the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your teams smarter. Learn how@n2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I am your host, Maria Varmazes in for Dave Pittner. Thanks for listening. We'll see you tomorrow.
[28:48]
Dave Bittner
And now, a message from our sponsor Zscaler, the leader in cloud security. Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools, It's time to rethink your security. Zscaler Zero Trust plus AI stops attackers by hiding your attack surface, making apps and IPs invisible, eliminating lateral movement, connecting users only to specific apps, not the entire network continuously verifying every request based on identity and context simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@Zscaler.com Security.