CyberWire Daily – “Inside job interrupted.”

Date: November 24, 2025
Host: Maria Varmazes (in for Dave Buettner)
Special Guest: Brandon Karpf, leader for International Public Private Partnerships at NTT

Episode Overview

This episode delivers a rapid-fire rundown of the day’s most notable cybersecurity news and provides an expert discussion of maritime GPS jamming and spoofing—an increasingly relevant area of cyber-physical risk for both commercial and military interests. In the latter half, Brandon Karpf joins the show to break down how adversaries are exploiting weaknesses in GPS systems, particularly at sea, the techniques used (jamming, spoofing), and potential mitigations. The episode also covers a fascinating case study of a Russian crime syndicate's integration into the banking system for laundering cybercrime profits.

Key News and Analysis (01:21–11:58)

1. CrowdStrike Insider Incident

• Event: An insider at CrowdStrike was terminated for allegedly sharing internal screenshots with hackers (01:21).
• Claim: Hackers (Scattered Lapsus Hunters, Shiny Hunters) falsely claimed access to systems; CrowdStrike insists customers were protected.
• Details: The group allegedly offered $25,000 for insider access, but CrowdStrike acted before access could be granted.

2. Salesforce Data Breach

• Scope: Google’s Threat Intelligence Group reports hackers leveraged third-party Gainsight apps to access over 200 Salesforce instances (01:57).
• Targets Included: DocuSign, LinkedIn, Verizon.
• Salesforce’s Position: No core Salesforce vulnerability; attack vector was the integrations.

3. Ransomware Hits Cox Enterprises via Oracle EBS Zero-Day

• Breach Impact: Personal data (~9,500 individuals) was compromised (02:32).
• Victim Pool: Part of a wider Clop gang campaign, also targeting Logitech, Harvard, Washington Post, Envoy Air, Mazda.

4. Transport for London Attack – Arrests and Pleas

• Details: Two British teens have pleaded not guilty to charges under the Computer Misuse Act and attempted hacks on US healthcare entities (03:09).

5. WSUS Vulnerability Exploited

• Vuln: Attackers abused a critical Windows Server Update Services flaw (CVE-2025-59287, 9.8 CVSS) (03:42).
• Payload: Deployed the “ShadowPad” backdoor using PowerCat, Certutil, Curl, and DLL sideloading.
• Mitigation: Urgent patching and access restriction advised.

6. Iberia Customer Data Leak

• Details: Names, emails, loyalty card numbers exposed via third-party breach (04:44).
• Response: Airline activated security protocols; forum claims of stolen technical data could not be verified.

7. Harvard University: Voice Phishing Breach

• Incident: Alumni affairs system compromise following vishing attack (05:18).
• Data Involved: Contact, donation, and event records—not financial or SSN data.

8. Cybersecurity Business Activity (Monday Business Briefing, 06:21)

• $180 million+ raised in investments:
  • Doppel raised $70M (social engineering defense)
  • Bedrock Data raised $25M (data security, multi-petabyte scale)
• Acquisitions:
  • Cloudflare to acquire Replicate (AI model dev), aiming for scalable AI application deployment.

Deep Dive: Maritime GPS Jamming and Spoofing with Brandon Karpf

(Starts at 11:58–30:02)

Setting the Stage (12:08)

• Brandon Karpf (C): U.S. Naval Academy grad, maritime expert.
• Topic: How maritime industries and militaries rely on GPS, and how adversaries exploit it through jamming/spoofing.

The Ubiquity and Vulnerability of GPS

• Brandon:
  “Every aspect of our daily lives and economy today relies on this brilliant innovation from the US military… literally trillions of dollars of economic value have been attributed to GPS.” (13:04–13:50)
• Modern GPS offers centimeter-level accuracy, integral for power sectors, autonomous ships, logistics, aviation, and more (13:50–15:05).

The Space Perspective

• Maria Varmazes:
  “There are several different ones. GPS is the US owned one…Galileo is famously the one that Europe has and China has its own…often when you say GPS, people know what you mean…” (15:11–15:55)
• Many markets and technologies are unexpectedly dependent on these satellite constellations.

Why GPS is Easy to Attack

• Brandon:
  “The GPS signal itself is an incredibly low power signal…so again, this is something that you could probably buy maybe $50 of off the shelf equipment and create a spoofed GPS signal.” (16:21–17:17)

  • Even labs use this for testing—technically illegal, but easy and widespread.

• Military and commercial shipping both heavily rely on accurate position data, including for munitions targeting and collision avoidance.

Russian Operationalization of Jamming/Spoofing

• “GPS spoofing and jamming really kind of took off by the Russians in the Eastern Mediterranean during the conflict in Syria...We've seen it in the western Pacific around Taiwan...the Red Sea, the Straits of Hormuz, and recently...off the coast of Venezuela.” (17:43–18:21)

• Notable tactic: When Vladimir Putin is aboard a ship or in remote regions, local GPS service is intentionally disrupted to mask presence or mislead tracking. (18:21–18:36)

Jamming vs. Spoofing: Tactics Explained (19:22)

• Jamming (Barrage and Spot):

  • Barrage: Overwhelming the signal with noise (“like a radio turned up loud during a whispered conversation”) (19:47–20:22)
  • Spot: Targeted noise covering only relevant GPS frequencies—more efficient and targeted.

• Spoofing:

  • Simulating the actual GPS signal (modulation, timing, frequency, power) (21:15–22:28)
  • Sophisticated spoofers can slowly shift a ship’s perceived location, luring vessels into restricted areas or hazards, or just increasing navigational risk.
  • Open-source software and cheap hardware can enable this (22:33).

• Strategic Risks:

  • Spoofing can drag ships into exclusive economic zones or territorial waters, potentially justifying interception or attack by a hostile country (22:45–24:42).

Attack Surface: Mostly Receivers, Not Satellites

• Maria:
  • “It sounds like yet again, it’s really more a terminal, a ground terminal thing…” (24:42–25:07)
• Brandon:
  • “You jam a receiver, not a transmitter. … The GPS constellation is just a whole bunch of transponders in medium earth orbit.” (25:07)
• Solutions may involve Navigation Message Authentication—digital signatures that receivers can verify, used in network and software security—though this adds computational overhead to each terminal.

Military/Commercial Divide

• Dave Buettner:
  • “Does the military have their own separate fallback...?” (26:57)
• Brandon:
  • “The military is very much using the same system that all the rest of us use...” (27:22)
  • Next-gen GPS under development; still early days.

Redundancy and Mitigation Ideas

• Low Earth Orbit (LEO) Ideas:
  • LEO constellations could supplement GPS, possibly for kinetic (anti-satellite weapon) threats, not for spoofing/jamming (28:20–28:52).
  • LEO would need more satellites but offers lower power requirements.
• Terrestrial Alternatives:
  • Legacy tech: LORAN (low-frequency, hard to jam/spoof, but needs big equipment).
  • Quantum and laser-based navigation under research.

Notable Quotes

• “It’s so easy to do…literally $50 of equipment.” — Brandon Karpf (17:12)
• “When you think about maritime, every country who has coastal regions has this thing called an exclusive economic zone…spoofing would affect that.” — Brandon Karpf (23:05)
• “Navigation message authentications…digital signatures using kind of the techniques from authenticating communications and network technologies…might be, I think, the best solution.” — Brandon Karpf (25:07)
• “The military is totally reliant on the legacy GPS architecture.” — Brandon Karpf (27:22)

Money Laundering & Cybercrime: A Russian Bank’s Role

(31:08–end)

• On Christmas 2024, a Russia-linked crime syndicate acquired a 75% stake in Kyrgyzstani’s Mary Bank MIS, using it to launder profits and route funds to Moscow’s war financing (31:08).
• UK’s National Crime Agency: Operation involved cash couriers, crypto conversion, and funneling through the bank to support Russian military lenders.
• Over 120 arrests, millions seized, and six core operatives now sanctioned.
• “The NCA says its crackdown is tightening the pressure. And the money launderers? Oh, yep, they know it.” (32:53)

Notable Quotes and Memorable Moments

• Brandon Karpf on GPS economic value:
  “We've literally gained trillions of dollars [from GPS].” (13:37)
• Maria Varmazes on global system proliferation:
  “There are a lot [of GNSS constellations] and there are going to be increasingly more…” (15:48)
• On ease of spoofing:
  “You can look up, I mean, open source, you know, GitHub repos that do this…software defined radio has the ability to do this.” — Brandon Karpf (22:33)
• Maria's reaction to spoofing attack sophistication:
  “That’s so cool…I hate that.” (22:28–22:31)
• On military reliance:
  “Military is totally reliant on the legacy GPS architecture.” — Brandon Karpf (27:22)

Timestamps for Key Segments

• News Roundup Begins: 01:21
• CrowdStrike Insider Incident: 01:21–01:56
• Salesforce Third-Party Breach: 01:57–02:32
• Cox Enterprises Oracle EBS Breach: 02:32–03:09
• Transport for London Hackers Plead: 03:09–03:42
• WSUS Vulnerability: 03:42–04:44
• Iberia Data Breach: 04:44–05:18
• Harvard Voice Phish Breach: 05:18–06:21
• Business Briefing: 06:21–09:48
• Maritime GPS Jamming/Spoofing Interview Begins: 11:58
• Jamming/Spoofing Tactics: 19:47–22:28
• Mitigation Discussion: 25:07–30:02
• Russian Crime Syndicate Case Study: 31:08

Conclusion

This episode blends urgent cyber threat news with a thorough technical and geopolitical look at GPS vulnerabilities, especially in maritime contexts. The interview with Brandon Karpf provides rare clarity on why GPS jamming/spoofing is both a low-barrier and high-impact threat, how it plays into current military contestations, and what both commercial and defense-focused organizations might do to adapt. The closing case underscores how cyber threats increasingly intersect with real-world geopolitics and financial crime.

For all news links and further analysis, visit thecyberwire.com.