Iran’s digital threat after U.S. strikes. - CyberWire Daily

Summary9 min read

CyberWire Daily Summary: Iran’s Digital Threat after U.S. Strikes
Release Date: June 24, 2025
Host: N2K Networks

1. Iran’s Digital Retaliation Following U.S. Strikes

In the wake of the U.S. bombing of Iranian nuclear sites on Saturday, cybersecurity experts have raised alarms about potential Iranian retaliation in the digital realm. Dave Bittner highlights that while Iran responded with a symbolic missile attack on U.S. forces in Qatar, the cyber threat remains significant.

“Iran responded with a largely symbolic missile attack on US forces in Qatar, but experts caution that digital retaliation is still likely.” – Dave Bittner [02:30]

The Department of Homeland Security has issued warnings about possible cyberattacks and associated violence. Former CISA head Jenn Easterly emphasized the urgency for critical infrastructure operators to bolster their cybersecurity measures.

“Critical infrastructure operators must secure their systems against potential Iranian cyber threats.” – Jenn Easterly [04:15]

Although Iran's cyber capabilities are deemed second-tier, their tactics—such as social engineering and custom malware targeting U.S. fuel systems—can still cause substantial disruption. Activist groups aligned with Iran have intensified online propaganda, blurring the lines between psychological warfare and actual cyber threats. Experts warn that Iran might deploy destructive malware similar to past wiper attacks, making the current threat a blend of perception and potential cyber damage.

2. Sabotage Disrupts NATO Summit in The Hague

A significant act of sabotage occurred during the NATO summit in The Hague when a fire damaged nearly 30 railway cables, effectively halting train services between Amsterdam and The Hague. This incident happened as over 45 world leaders were arriving, creating a major security concern.

“A potential act of sabotage disrupted the NATO summit in the Hague after a fire damaged nearly 30 railway cables.” – Dave Bittner [05:50]

Dutch Justice Minister David van Weil suggested sabotage as the likely cause, although the exact source remains unidentified. In response, approximately 27,000 police and military personnel were deployed in what was termed the largest security operation in Dutch history. Pro-Russian hacktivists claimed responsibility, attributing the disruption to DDoS attacks aimed at the summit.

This event aligns with NATO's increasing concerns over Russian hybrid threats, reminiscent of previous incidents like France's 2023 railway disruptions before the Olympics. NATO officials have since cautioned about a growing campaign by Russia targeting Western infrastructure.

3. Salt Typhoon Breaches Canadian Telecom Provider

In February 2025, Canadian cybersecurity officials uncovered that Salt Typhoon, a Chinese state-sponsored hacking group, had breached a major Canadian telecom provider. The attackers exploited an outdated Cisco vulnerability that remained unpatched despite known threats.

“Salt Typhoon took advantage of an old Cisco vulnerability that had remained unpatched long after its discovery.” – Dave Bittner [08:20]

Once inside the network, the group accessed sensitive configuration files to establish a GRE tunnel, likely intended to siphon off network traffic. This wasn’t Salt Typhoon’s first intrusion; the group had previously targeted U.S. telecom giants and was under Canadian surveillance for earlier reconnaissance activities. Despite these warnings, critical infrastructure remains vulnerable.

Authorities from the Canadian Center for Cybersecurity and the FBI have cautioned that the threat persists, with Salt Typhoon continuing to target telecoms and other sectors, particularly focusing on edge devices like routers and VPNs.

4. US House Prohibits WhatsApp on Government Devices

The U.S. House of Representatives has officially banned the use of WhatsApp on all government-issued devices due to concerns over data transparency, insufficient encryption, and associated security risks.

“The Office of Cybersecurity called the app high risk and ordered its removal from house managed phones and computers.” – Dave Bittner [09:50]

This decision is part of broader efforts to restrict the use of potentially risky technologies, including certain AI tools. Meta, WhatsApp’s parent company, disputed the ban by emphasizing its end-to-end encryption features. Approved alternatives now include Microsoft Teams, Signal, and iMessage. Additionally, government staffers have been cautioned against potential phishing threats associated with WhatsApp usage.

5. APT28 Exploits Signal for Phishing Campaigns Against Ukraine

APT28, a Russian-backed advanced persistent threat group, has been leveraging Signal chats in sophisticated phishing campaigns targeting Ukrainian government entities. The group disseminates malicious documents embedded with macros that deploy advanced malware.

“APT28 has been using Signal chats in phishing campaigns targeting Ukrainian government entities.” – Dave Bittner [11:15]

The malicious documents initiate the download of Covenant, a memory-resident loader that further deploys Beardshell—a C malware variant designed to retrieve encrypted PowerShell scripts and communicate with command and control servers via the IceDrive API. Beardshell maintains persistence through Windows Registry COM hijacking. Additionally, another tool, Slim Agent, captures and encrypts screenshots for data exfiltration.

These evolving tactics, uncovered by Cert UA with assistance from ESET, demonstrate APT28’s adaptability in cyber espionage. Previously, the group exploited Wi-Fi proximity in their campaigns. Ukrainian officials have criticized Signal for not effectively mitigating such abuses, while Signal maintains that its strong encryption and privacy measures are vital, despite challenges posed by espionage activities.

6. China-Linked APT UAT5918 Constructs Espionage Network

A China-linked advanced persistent threat group, identified as UAT5918, has established a covert network comprising over 1,000 compromised devices, referred to as "lapdogs," for long-term espionage purposes.

“UAT5918 has built a covert network of over 1,000 compromised devices dubbed lapdogs for long-term espionage.” – Dave Bittner [12:40]

The group primarily infected small office and home office (SOHO) routers, notably Ruckus and Buffalo models, utilizing a custom backdoor named Shortleash. These devices, exploited through outdated vulnerabilities, now function as stealthy relay nodes. The espionage campaign targets sectors such as IT and media across the U.S. and Asia, with indications that the lapdogs initiative began in late 2023. While related to the larger PolarEdge network, UAT5918 operates distinctly within it.

Security researcher Mr. Dox provided insights into this operation, underscoring the persistent threat posed by state-sponsored espionage networks.

7. FileFix: A Novel Phishing Technique

Security researcher Mr. Dox has introduced "FileFix," a browser-based phishing method that represents an evolution of the traditional ClickFix technique.

“FileFix abuses the file upload features in browsers to execute PowerShell code without the user leaving their browser.” – Dave Bittner [13:05]

Unlike ClickFix, which tricks users into executing malicious commands via the Windows Run dialog, FileFix employs social engineering to persuade users to paste a malicious command into the File Explorer address bar. This command triggers PowerShell code execution seamlessly within the browser environment. The attack cleverly disguises the command behind a decoy file path and utilizes browser scripting to copy the payload to the clipboard.

A second variation of FileFix demonstrates how launching executables via File Explorer can bypass Windows’ web protection measures by stripping security flags from downloadable files. These variations highlight the escalating sophistication of social engineering tactics, emphasizing the critical need for enhanced user awareness and stringent monitoring of browser-generated system processes.

8. Spark Kitty Spyware Targets Mobile Users in Southeast Asia and China

Kaspersky has uncovered a spyware campaign named Spark Kitty, which targets Android and iOS users primarily in Southeast Asia and China. Active since early 2024, the campaign distributes malicious apps masquerading as legitimate tools, such as TikTok mods or cryptocurrency applications, through both official and unofficial app stores.

“Spark Kitty steals images from device galleries to extract cryptocurrency wallet information using optical character recognition.” – Dave Bittner [14:00]

On iOS devices, attackers exploit Apple's Enterprise program and modified open-source libraries to circumvent App Store restrictions. One particularly malicious Android app amassed over 10,000 downloads on Google Play before its removal. Similar threats have emerged as progressive web apps linked to scams and Ponzi schemes. Kaspersky associates Spark Kitty with the earlier Spark Cat campaign, noting that both utilize image theft and OCR to harvest sensitive crypto-related data from mobile users. Importantly, the malicious code is embedded directly into the apps rather than being introduced via third-party SDKs, indicating a more targeted and deliberate approach.

9. Coinbase Users Lose $4 Million to Phishing Scam

Blockchain investigator ZackxBT has exposed a sophisticated scam orchestrated by Christian Neves, also known as DayTwo, which resulted in the theft of $4 million from Coinbase users. Neves and his associates impersonated Coinbase support staff to deceive victims into creating wallets with pre-compromised seed phrases on phishing websites.

“Neves and his group tricked victims into creating wallets with pre-compromised seed phrases on phishing sites.” – Dave Bittner [14:35]

An accomplice, known as Paranoia, specifically targeted an elderly victim, stealing $240,000. Much of the stolen cryptocurrency was subsequently gambled away or laundered using Monero. Despite clear on-chain evidence, law enforcement authorities have yet to file charges, and the majority of the funds remain unrecoverable. This case underscores the persistent risks associated with phishing attacks and the challenges in prosecuting cybercriminals in the cryptocurrency space.

10. Threat Vector Interview: Thought Leadership vs. Echo Chambers in Cybersecurity Marketing

In the Threat Vector segment, host David Moulton engages in a deep conversation with Tyler Shields, Principal Analyst at ESG, about the delicate balance between genuine thought leadership and the formation of echo chambers within the cybersecurity industry.

“Thought leadership could be simple definitions of something if the audience doesn't understand that, or it could be very deep research that pushes the boundaries.” – Tyler Shields [16:33]

Tyler Shields emphasizes that true thought leadership revolves around providing unique and valuable insights to the audience, rather than merely recycling existing ideas. He advocates for pushing boundaries and innovating within marketing strategies to foster genuine engagement and trust.

“When you're doing thought leadership from a marketing vantage point, it's about providing value to someone else.” – Tyler Shields [17:39]

Shields discusses the challenges faced by security professionals in articulating new ideas without falling into the trap of repetitive echo chambers. He encourages both individuals and corporations to embrace forward-thinking approaches, even at the risk of making mistakes, as long as these attempts are grounded in thorough research and genuine intent to add value.

“I love to push the boundaries. I love companies that recognize their brand can help and back those pushes and become innovative and forward thinking.” – Tyler Shields [18:01]

Looking ahead five years, Shields predicts that the biggest challenges for security marketers will involve maintaining uniqueness and providing exceptional value amidst a crowded and evolving market landscape.

“Their marketing should be highly successful by being very aggressive and trying things and letting things fly.” – Tyler Shields [20:01]

The interview underscores the importance of authenticity and innovation in cybersecurity marketing to avoid becoming trapped in unproductive echo chambers.

11. War Thunder Gamers Leak Military Documents

The digital battlefield of the online military combat game War Thunder has faced another breach, not from cyberattacks but from overzealous forum participants sharing restricted military documents.

“An enthusiast uploaded handling materials for the AV8B and TAV8B Harriers, leading to a temporary ban and forum cleanup.” – Dave Bittner [21:30]

While the documents shared were not classified, they were marked for limited distribution, resulting in the offender receiving a temporary ban and prompting a thorough cleanup by the game's developers. Similar incidents involving disclosures of Russian tanks and U.S. armored vehicles have occurred previously, eliciting mixed reactions from moderators and military personnel. An RAF engineer succinctly commented on the matter:

“These aren't exactly earth-shattering disclosures, but rules are rules.” – RAF Engineer [22:00]

The recurring nature of such leaks suggests that as long as the game remains popular, moderators will continue to face challenges in enforcing distribution policies.

Conclusion

The June 24, 2025 episode of CyberWire Daily delivered a comprehensive overview of pressing cybersecurity threats and incidents, ranging from state-sponsored cyber retaliation and sophisticated phishing campaigns to innovative malware tactics and insider threats within digital communities. The in-depth discussions, particularly the Threat Vector segment, provided valuable insights into the evolving landscape of cybersecurity marketing and its challenges. As cyber threats continue to adapt and proliferate, the importance of proactive defense measures, informed marketing strategies, and community vigilance remains paramount.

For more detailed information on the topics covered, please refer to the full transcript or listen to the episode directly through your preferred podcast platform.

Loading summary

Transcript13 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. Hey everybody, Dave here. I've talked about Deleteme before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites and and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now our listeners get a special 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K Cybersecurity warnings about possible Iranian retaliation have surged. A potential act of sabotage disrupts the NATO summit in the Hague. Canadian cybersecurity officials discover Salt Typhoon breached a major telecom provider. The US House bans WhatsApp from all government devices. ABT28 uses Signal chats and phishing campaigns targeting Ukrainian government entities. A China linked APT has built a covert network of over 1000 compromised devices for long term espionage. FileFix is a new variant of the well known click fix method. Spark Kitty targets Android and iOS users for image theft. Scammers steal $4 million from Coinbase users by posing as support staff on today's threat Vector host David Moulton sits down with Tyler Shield, principal analyst at esg, to discuss the fine line between thought leadership and echo chambers in the industry. And War Thunder gamers just can't resist state secrets. It's Tuesday, June 24th, 2025. I'm Dave Bittner and this is your Cyberwire intel brief. Following the US bombing of Iranian nuclear sites on Saturday, cybersecurity warnings about possible Iranian retaliation have surged. Iran responded with a largely symbolic missile attack on US forces in Qatar, but experts caution that digital retaliation is still likely. The Department of Homeland Security warned of possible cyberattacks and violence, while former CISA head Jenn Easterly urged critical infrastructure operators to secure their systems. Though Iranian cyber capabilities are considered second tier, they can be disruptive using tactics like social engineering and custom malware. Including tools targeting US Fuel systems. Activist groups aligned with Iran have already ramped up online propaganda and and made questionable claims of cyber attacks. Experts note that much of Iran's cyber response may be psychological warfare, but real threats remain, particularly if Iran deploys destructive malware like past wiper attacks. The current threat is as much about perception as it is about real cyber damage. A potential act of sabotage disrupted the NATO summit in the Hague after a fire damaged nearly 30 railway cables, halting train service between Amsterdam and the Hague. The blaze early Tuesday severely impacted transport just as over 45 world leaders were arriving. Dutch Justice Minister David van Weil suggested sabotage, though the source remains unclear. Around 27,000 police and military personnel were deployed for what authorities called the largest security operation in Dutch history. Pro Russian hacktivists also claimed DDoS attacks tied to the summit. This comes amid rising concerns over Russian hybrid threats, with NATO citing recent malign activities across member states. The sabotage mirrors past incidents, including France's 2023 railway disruptions before the Olympics, as NATO warns of a growing campaign by Russia targeting Western infrastructure. Back in February of this year, Canadian cybersecurity officials discovered that Salt Typhoon, the Chinese state sponsored hacking group, had breached a major Canadian telecom provider. The attackers took advantage of an old Cisco vulnerability that had remained unpatched long after its discovery. Once inside, they accessed sensitive configuration files to set up a GRE tunnel likely to siphon off network traffic. This wasn't Salt Typhoon's first move. The group had previously hit US Telecom giants and was already under Canadian surveillance following earlier reconnaissance activity. Yet despite warnings, critical infrastructure remained vulnerable. Now, the Canadian center for Cybersecurity and the FBI warn that the threat is far from over. Salt Typhoon continues to target telecoms and other sectors, focusing on edge devices like routers and VPNs. The US House has banned WhatsApp from all government devices, citing concerns over data transparency, lack of stored data encryption and potential security risks, Axios reports. The Office of Cybersecurity called the app high risk and ordered its removal from house managed phones and computers. The move aligns with broader efforts to limit risky tech, including AI tools. WhatsApp's parent company Meta, strongly disagreed, pointing to its end to end encryption. Approved alternatives include Microsoft Teams, Signal and iMessage. Staffers were also warned about phishing threats. Russia backed APT28 has been using signal chats in phishing campaigns targeting Ukrainian government entities, delivering two newly discovered malware Beardshell and Slim Agent. While Signal itself wasn't compromised, attackers used it to send a malicious document with embedded macros that launched Covenant, a memory resident loader. Covenant deployed Beardshell, a C malware that downloads encrypted PowerShell scripts and communicates with its command and control server via IceDrive API. Beardshell maintains persistence using Windows Registry com hijacking. Another tool, Slim Agent captures and encrypts screenshots for exfiltration. These attacks uncovered by Cert UA with ESET's help reflect APT28's evolving tactics. Previously, the group exploited WI fi proximity in cyber espionage campaigns. Ukrainian officials have criticized Signals lack of cooperation in blocking Russian abuse. Acclaim Signal denies this reflects broader concerns over the messaging platform's role in modern espionage despite its strong encryption and privacy stance. A China linked APT, identified as UAT5918, has built a covert network of over 1,000 compromised devices dubbed lapdogs for long term espionage. The group infected small office and home office routers, mainly Ruckus and Buffalo models, with a custom backdoor called shortleash. These devices, exploited via old vulnerabilities, now serve as stealthy relay nodes. The campaign targets IT, media and other sectors across the US and Asia. Lap dogs likely began in late 2023 and appears connected, though distinct from from a larger network called PolarEdge. Security researcher Mr. Dox has introduced a new phishing technique called the FileFix attack, a browser based variation of the well known ClickFix method. While ClickFix relies on tricking users into executing malicious commands via the Windows Run dialog, FileFix instead abuses the file upload features in browsers. The method uses social engineering to coax users into pasting a malicious command into the File Explorer address bar triggered through a fake file sharing page, ultimately executing PowerShell code without the user leaving their browser. The attack cleverly masks the command behind a decoy file path and uses browser scripting to copy the payload to the clipboard. A second variation shows how launching executables via File Explorer can bypass Windows mark of the way web protections stripping security flags from downloadable files. While simple, both variations demonstrate how social engineering can effectively drive execution, reinforcing the need for awareness and monitoring of browser spawned system processes. Kaspersky has uncovered a Spyware campaign called SparkKitty targeting Android and iOS users primarily in Southeast Asia and China. Active since early 2024, the campaign uses fake apps, often TikTok mods or cryptocurrency tools distributed via both official and unofficial app stores. The malware steals images from device galleries likely to extract cryptocurrency wallet info using optical character recognition. On iOS, attackers use Apple's Enterprise program and modified open source libraries to to bypass App Store restrictions. One infected Android app had over 10,000 Google Play downloads before removal. Related malicious apps also appeared as progressive web apps tied to scams and Ponzi schemes. Kaspersky links Spark Kitty to the earlier Spark Cat campaign, both using image theft and OCR to harvest sensitive crypto related data from mobile users. The malicious code was embedded directly into the apps, not via third party SDKs. Blockchain investigator ZackxBT has exposed a scam allegedly run by Christian Neves, also known as DayTwo, who stole $4 million from Coinbase users by posing as support staff. Neves and his group tricked victims into creating wallets with pre compromised seed phrases on phishing sites. One accomplice, paranoia, stole $240,000 from an elderly victim. Much of the stolen crypto was gambled away or laundered via Monero. Despite solid on chain evidence, authorities have yet to charge anyone and most of the funds are unrecoverable. Coming up after the break, David Moulton sits down with Tyler Sh from ESG to discuss the fine line between thought leadership and echo chambers in the industry and War Thunder gamers just can't resist state secrets. Stay with us. And now a word from our sponsor, ThreatLocker keeping your system secure shouldn't mean constantly reacting to threats. ThreatLocker helps you take a different approach by giving you full control over what software can run in your environment. If it's not approved, it doesn't run. Simple as that. It's a way to stop ransomware and other attacks before they start without adding extra complexity to your day. See how ThreatLocker can help you lock down your environment at www.threatlocker.com.
[13:19]
David Moulton
Foreign.
[13:25]
Dave Bittner
Compliance.
[13:26]
Tyler Shields
Regulations, third party risk, and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you've ever found yourself drowning in spreadsheets, chasing down screenshots or wrangling manual processes just to keep your GRC program on track, you're not alone. But let's be clear. There is a better way. Vanta's trust management platform takes the headache out of governance, risk and compliance. It automates the essentials from internal and third party risk to consumer trust, making your security posture stronger. Yes, even helping to drive revenue. And this isn't just nice to have. According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity. That's not a typo, that's real impact. So if you're ready to trade in chaos for clarity. Check out Vanta and bring some serious efficiency to your GRC game. Vanta GRC how much easier trust can be? Get started at vanta.com cyber.
[14:44]
Dave Bittner
On today's threat Vector segment, host David Moulton sits down with Tyler Shields, principal analyst at esg, to discuss the fine line between thought leadership and echo chambers.
[15:00]
David Moulton
Hi, I'm David Moulton, host of the Threat Vector podcast where we go deep on today's biggest cybersecurity challenges and what it really takes to lead in this industry. In our newest episode, I sat down with Tyler Shields, principal analyst at ESG and former cmo, to talk about a topic that most people get wrong but you can't afford to how to build real trust in cybersecurity marketing. Tyler brings the heat with some brutally honest insights from his career as a hacker turned analyst turned marketer. He's seen it all, from startups that send 100,000 cold emails into the void to big name vendors that confuse echo chambers for thought leadership. If you're in cybersecurity marketing or trying to break into it, this episode is a must. It's fresh, sharp, and it might just change how you think about your role. So thought leadership, you know, it's a word that gets thrown around quite a bit. A buzzword, if you will. We hear it all over the place, but I think it is a meaningful term. Done right. I've actually written a memo on it when I got here to Palo Alto on what I think is and isn't thought leadership, because a lot of things that weren't thought leadership were getting tagged as thought leadership. But I'm wondering, what does that word mean for you?
[16:34]
Tyler Shields
Yeah, it's an interesting question, right? Because you posed that question to me prior, and I had to put a little bit of thought into how I wanted to describe it because it's not just like, well, duh, it's this, right? It's kind of a gray term, which is why you're asking the question. To me, the key thing about thought leadership is providing value to the listener. And I know that's kind of a weird way to look at it, but it's actually how I anchor all of my marketing efforts. If you provide value to the other side, the listener, the person that you're trying to reach, that's the ultimate marketing. And so when you're doing thought leadership from a marketing vantage point, it's about providing value to someone else. So thought leadership could be, you know, simple definitions of something. If the audience doesn't understand that. Or it could be very deep research that pushes the boundaries and drives the market and discusses innovation and, you know, new topics and that that's where I tend to live. Given my background as an R and D person, that's where I tend to live. But my, my view of thought leadership is about providing value to the audience that you can't really get anywhere else.
[17:40]
David Moulton
So as security professionals, we have this opportunity to say new things, but it can be scary. You're not sure how it's going to be received, if it's going to upset comms or PR teams. How do we lean into actual thought leadership rather than that echo chamber of recycled ideas?
[18:02]
Tyler Shields
So I think you can answer that question in a couple different ways. There's the individual version of that. As an individual person, it's about pushing boundaries and learning new things and expressing those new things as value to the audience. But then there's also the corporate version of that question, right? And I think oftentimes that forward thinking, pushing the boundaries view can be neutered a bit by corporate risk and corporate not wanting to say thing that's going to turn off the audience or you know, get, get any kind of negative brand impact. And within reason, I don't necessarily think that's the right way to do things as a brand. Right. I think the brand marketing is about being true to yourself. And if your company is just an extremely risk averse, stodgy old company that doesn't want to have a brand of innovation, fine, then you're never going to get that out. But I think most cyber companies want that forward thinking brand and so push the boundaries, right? It's okay to be wrong. It's okay to state something that may not be completely accurate as long as you've done the research and you explain how you got there. People make mistakes, companies make mistakes, right? And you can recover from that. Now obviously you can't go out there and say something that's like so horribly awful that it, you know, is irreparable to the brand. But I don't think anybody would do that anyway. So for me, I love to push the boundaries. I love companies that recognize their brand can, can help and back those pushes and become innovative and forward thinking. You know, there's, there's a couple of big companies in the market, you know, one of which you guys work for. I think that does a really good job of pushing that brand.
[19:39]
David Moulton
Tyler, let's look to the future a little bit and we'll go five years, right? This feels like an impossible question, but we'll come back in five years and if you got it right, gold stars for you. And if not, nobody will know. But if you look ahead, what do you think the biggest challenges are for security marketers in this medium period of the next five years?
[20:02]
Tyler Shields
Yeah, that's a good question. It's interesting. When I became a CMO the first time, actually, I've maybe had three jobs in marketing, a VP role, and two CMO roles. I was never a line marketer, right? So the first role I had was a CMO role at a startup that sold for about 800 million. We ended up running that one up and doing a really good job of it. So I took everything down to first principles, right? Literally, because I didn't know what I was doing. It was like, hey, how do I do this? Well, let's start with this, right? So everything came down to first principles, and what I ended up doing was pushing the boundaries. I was one of the first people who did a cabana at Black Hat. I was one of the first people. I think I was the first person or first company to give away Yetis when they were just coming out, right? Because they were like 30 bucks a pop and people were like, God, that's so expensive. I'm like, yeah, but imagine the value provided and the brand impact. So, you know, I think the key thing is somehow staying in front of and remaining unique in what you're putting out and providing value in that unique way. And here's the interesting thing, like, I'm afraid to go be a CMO one more time because I don't have that newbie mindset where I can just do stuff that seems off the wall because I've never done it before, right? I'll talk myself out of it sometimes because that shouldn't work. As you know, I've done it for 10 years. That shouldn't work, but in reality it does. So I think that the trick is being very aggressive and trying things and letting things fly. So if you want to succeed in the next five years, I would argue that the CMOs and the CY companies that let stuff fly and say, hey, we're going to be who we are and we're going to be the bananas, whether it's because they're funny or whether it's because they're super technical or whatever it is, but we're going to let it fly and we're going to let it rip. Those are the ones that are going to stand out. Will they be successful companies? Maybe, maybe not. It highly depends on the tech, the product, the market and other things, but their marketing should be highly successful.
[22:08]
David Moulton
The episode is called Cut the Noise, Ditch the Nonsense, Earn the Trust and it dropped June 19th. Find it in your Threat Vector feed and hear why fear might be your biggest marketing risk.
[22:26]
Dave Bittner
Be sure to check out the complete episode of Threat Vector right here on the N2K CyberWire network or wherever you get your favorite podcast. And now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic Identity Threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire and finally, once again, the digital battlefield of the online military combat game War Thunder has been ambushed. Not by tanks or jets, but by yet another overzealous forum poster waving around restricted military documents like their Pokemon cards. This time an enthusiast uploaded handling materials for the AV8B and TAV8B harriers, which, while not classified, are marked for limited distribution. The documents earned him a temporary ban and a polite forum cleanup from the game's developer. It's not the first time, and certainly not the last. Similar leaks involving Russian tanks and US Armored vehicles have popped up before, each time greeted with the same weary sigh from moderators and military types alike. As one RAF engineer dryly noted, these aren't exactly earth shattering disclosures, but rules are rules, and if history's any guide, someone will break them again by next Tuesday. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August of this year. There's a link in the show Notes. Please do check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Gilpie is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Sempras created Purple Night, the free security assessment tool that scans your active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Knight to stay ahead of threats. Download it now at sempris.com purple-knight that's semperis.com purple night.