CyberWire Daily – "Just another day of scamming and jamming."
Date: December 3, 2025
Host: Dave Bittner, N2K Networks
Main Interview: Liz Stokes with Christina Amri, CyberXR Technologies
Episode Overview
This episode offers a sweeping look at recent cybersecurity incidents affecting global organizations, legislative moves to bolster cyber defense in the US, and technical deep-dives, topped with an engaging interview on the evolving world of cyber ranges—especially within the space and defense sectors. The episode’s tone is brisk, informative, and neatly balanced between high-level industry news and expert technical insights.
Key News and Discussion Points
U.S. DOJ Shuts Down Myanmar Scam Compound
[03:05]
- The DOJ seized a fraudulent site run by a Myanmar-based scam center imitating the Tickmill trading platform. This group tricked victims into sending money—sometimes cryptocurrency—by faking investment returns.
- The Scam Center was located at the Tai Chang scam compound, recently raided by authorities.
- Mobile apps linked to the scam were removed by Google and Apple.
- Notable Quote:
"Victims were tricked into depositing funds after scammers showed fabricated investment returns and fake account deposits."
— Dave Bittner [03:18]
Mixpanel Data Breach Impacts OpenAI
[04:04]
- Mixpanel quietly disclosed a breach; OpenAI confirmed its developer analytics data was exposed, including names, emails, partial geo/IP data, and device info.
- No regular ChatGPT users affected; OpenAI ceased using Mixpanel.
- Insight: Analytics platforms are increasingly lucrative and risky targets.
New Executive Phishing Campaign
[05:05]
- Trustwave uncovered phishing targeting executives, using fake "Cartier recognition" emails with password-protected zips.
- Attackers employ multi-stage malware (Stellarium infostealer) and steal credentials via Telegram.
- Innovation includes a fake Chrome error, prompting PowerShell download for further compromise.
Senate Bill to Sustain Cybersecurity Grants
[06:07]
- Bipartisan Senators move to reauthorize the State and Local Cybersecurity Grant Program ($1 billion over 4 years).
- Emphasis on supporting digital security for essential services.
- Notable Quote:
"Communities need sustained resources as digital threats grow."
— Paraphrased statement, John Cornyn [06:35]
University Oracle EBS Data Breaches
[07:15]
- University of Pennsylvania and University of Phoenix notify of data breaches tied to Oracle EBS systems.
- Compromised data: Names, SSNs, bank info, etc.
- Over 100 organizations believed affected in ongoing Oracle EBS attacks.
GPS Jamming at Indian Airports
[07:58]
- India’s Civil Aviation Ministry: GPS spoofing reported at 8 airports.
- Past incident forced pilots (carrying EC President von der Leyen) to revert to manual navigation.
- Indian authorities are upgrading defenses and seeking source attribution.
- Notable Moment:
"GPS interference can overwhelm or mimic satellite signals, preventing pilots from relying on navigation systems."
[08:15]
Kaiser Permanente Pixel Tracking Settlement
[09:01]
- Kaiser settles for $47.5M after using website/app tracking pixels that shared patient data, impacting 13.4 million people (the year's second-largest healthcare breach).
- Kaiser denies wrongdoing but has removed tracking tools.
FTC Orders Illuminate to Purge Student Data
[09:44]
- FTC orders cloud provider Illuminate to delete excessive K–12 student data and improve its security.
- Incident involved credentials from former employees, resulting in a breach of 10 million student records.
International Commercial Spyware Guidance
[10:50]
- 27 governments, plus major tech firms, join “Pall Mall Process” (UK/France-led) to shape responsible usage and sales of commercial spyware and cyber intrusion tools.
- Opens consultation with the offensive cyber industry; aims for shared norms and limits misuse.
- Notable Quote:
"Commercial cyber intrusion capabilities ... can support law enforcement and national security, but pose risks without safeguards."
[11:31]
Expert Interview: Cyber Ranges for NATO & Space
Liz Stokes with Christina Amri, Director of Special Programs, CyberXR Technologies
[15:03–26:30]
About CyberXR and Cyber Ranges
- Estonian company operating globally; expertise in cyber range platforms for hands-on defense exercises.
- Not just military—serves 55 countries with preparedness-focused cyber solutions.
- Quote:
"Company on the preparedness side of cybersecurity."
— Christina Amri [15:15]
Space Cybersecurity and Simulation
- Simulated “digital twins” let teams train on functional copies of critical tech, including satellite, ground systems, and mission control.
- Cyber ranges are used to rehearse defending legacy and modern space assets, reflecting on their real-world longevity and upgrade difficulties.
- Quote:
"We build an infrastructure containing then a satellite, ground control station, mission control station, and also different other technologies when they make it relevant for the specific use case."
— Christina Amri [16:30]
The Skills Gap: Space Meets Cyber
- Big shortfall in specialists who understand both IT security and space operations.
- Training is “never about pass and fail, it’s about improving and learning.” [20:50]
- Problem: Satellites can’t simply be recalled for updates—cybersecurity must be planned from the ground up.
- Quote:
"There are millions of unfulfilled job places because there's just lack of suitable potential employees ... The gap there is also quite big [in space]."
— Christina Amri [17:27]
Why Tallinn, Estonia?
- Estonia’s 2007 cyberattack history fostered a vibrant ecosystem centered around collaborative cyber defense, research, and innovation.
- Birthplace of NATO CCDCOE and several private sector cyber range providers.
- Quote:
“If your Internet bank does not respond anymore, then you feel it and it starts really having influence on your daily life. ... This was 2007 and from this attack and the large scale attack we learned ... that we have to put more emphasis on the cyber.”
— Christina Amri [23:08]
Lessons for Space Companies
- Ongoing legacy system risks, new commercial satellites with higher digitalization.
- Space industry is at a tipping point: broad understanding and urgent need for integrated cyber-defense.
- Quote:
“It's not only about the real astronauts who go up there, it's about our own lives here on planet Earth.”
— Christina Amri [26:17]
Final Story: Iranian Hackers Go Retro
[28:00]
- Security researchers report Iran’s MuddyWater deployed malware disguised as the classic Snake video game.
- Snake’s trademark “lag” leveraged to evade antivirus detection.
- Infections deliver memory-resident backdoors and credential-stealing tools to targets in Israel and Egypt.
- Notable Quote:
"Eset found muddy water ... using Snake's signature lag as a feature, inserting execution delays to dodge antivirus tools that dislike anything too quick on the trigger."
— Dave Bittner [28:11]
Timestamps for Major Segments
- [03:05] DOJ Myanmar scam center takedown
- [04:04] Mixpanel–OpenAI data breach
- [05:05] Executive phishing campaign details
- [06:07] Senate bill for cybersecurity grants
- [07:15] University Oracle EBS breach
- [07:58] GPS jamming at Indian airports
- [09:01] Kaiser Permanente lawsuit settlement
- [09:44] FTC orders cloud provider data deletion
- [10:50] International guidance on spyware
- [15:03] CyberXR, NATO, and ESA cyber ranges interview
- [28:00] Iranian hackers with "Snake" malware
Memorable Quotes
-
"Victims were tricked into depositing funds after scammers showed fabricated investment returns and fake account deposits."
— Host [03:18] -
“We build an infrastructure containing then a satellite, ground control station, mission control station, and also different other technologies...”
— Christina Amri [16:30] -
“It's never about pass and fail, it's about improving and learning.”
— Christina Amri [20:50] -
“It's not only about the real astronauts who go up there, it's about our own lives here on planet Earth.”
— Christina Amri [26:17] -
"Eset found muddy water ... using Snake's signature lag as a feature, inserting execution delays to dodge antivirus tools that dislike anything too quick on the trigger."
— Dave Bittner [28:11]
Tone & Takeaways
The episode strikes a balance between urgent, up-to-the-minute threat reporting and deeper explorations—particularly the interview which grounds big themes (like the intersection of space and cybersecurity) in real-world training and preparedness. Christina Amri’s remarks underscore the global cyber skills gap and the unseen, everyday dependence on space infrastructure.
For Further Listening/Reading
For full stories and expert insights, the episode suggests reviewing the CyberWire daily briefing at thecyberwire.com. Stay tuned for deeper NATO Cyber Coalition 2025 coverage in future episodes.