A

You're listening to the Cyberwire Network powered by N2K.

B

Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effort, transform complexity into simplicity and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire.

The DOJ shuts down another scam center in Myanmar. OpenAI confirms a mixpanel data breach A new phishing campaign targets company executives A bipartisan bill looks to preserve the state and local cybersecurity grant program. Universities suffer Oracle EBS data breaches India reports GPS jamming at eight major airports. Kaiser Permanente settles a class action suit over tracking pixels. The FTC plans to require a cloud provider to delete unnecessary student data. An international initiative is developing guidance for commercial spyware. Our N2K producer Liz Stokes speaks with Christina Amri, Director of Special Programs for Cyber Exertechnologies about the cyber ranges for NATO and ESA and Iranian hackers Give Malware a retro reboot.

It's Wednesday, December 3rd, 2025. I'm Dave Buettner and this is your Cyberwire Intel Brief.

A

Foreign.

B

Thanks for joining us here today. It's great as always to have you with us. The Department of Justice has seized a fraudulent website that was used by a Myanmar based scam center to steal thousands of dollars from multiple victims. According to an affidavit, the domain spoofed legitimate trading platform Tickmill and and was traced by the Scam Center Strike Force to the Tai Chang scam compound in Myanmar, which authorities raided three weeks ago. Victims were tricked into depositing funds after scammers showed fabricated investment returns and fake account deposits. The FBI says several victims sent cryptocurrency to the site in the past month. The domain also pushed fraudulent mobile apps that have since been removed by Google and Apple, while US Officials have placed a law enforcement notice on the site as part of broader efforts targeting Southeast Asian scam compounds.

Analytics firm Mixpanel quietly disclosed a security incident in a brief Thanksgiving Eve blog post that offered almost no specifics. CEO Jen Taylor said only that something occurred on November 8th and that it affected some customers. She did not respond to follow up questions. OpenAI, however, confirmed two days later that customer data was stolen since it uses Mixpanel to analyze developer facing website traffic. Exposed information included names, emails, approximate locations from IP addresses and device details. OpenAI said regular ChatGPT users were not affected and ended its use of Mixpanel. The incident highlights how analytics companies collect extensive user data and have become valuable targets. Mixpanel has not explained the breach's cause or scope, leaving open how many people may have been affected.

A new phishing campaign is targeting company executives with a coordinated attack that steals credentials and installs malware identified by trustwave Mail Marshal researchers. The executive award scam begins with a phishing email posing as a Cartier recognition notice. Victims receive a password protected zip file containing a personalized lure that leads to a fake webmail login page where stolen credentials are sent to a telegram channel. A second stage uses a deceptive click fix technique delivered through a malicious SVG file that displays a fake Chrome error and urges users to run a PowerShell fix. This executes a multi stage chain that installs the Stellarium infostealer, which can harvest browser data, wallets and system information. Researchers have linked the infrastructure to a specific IP address and two telegram bots used for exfiltration.

A bipartisan group of senators has introduced legislation to reauthorize the state and local cybersecurity Grant program, which has supplied $1 billion over four years to help state, local and tribal governments defend against cyber attacks. The State and Local Cybersecurity Grant Program Reauthorization act, led by Senators Maggie Hassan and John Coren, is intended to ensure continued support for ongoing cybersecurity projects. Hassan said the program helps protect essential services such as schools, utilities and emergency response systems. Cornyn noted that Texas had received nearly $40 million and said communities need sustained resources as digital threats grow. Hassan has also backed efforts to create state level cybersecurity coordinator roles. Last month's temporary funding bill included short term extensions of this grant program and the Cybersecurity Information sharing Act of 2015, giving lawmakers more time to pursue long term reauthorizations.

The University of Pennsylvania is notifying individuals of a data breach involving its Oracle EBS system, which supports supplier payments and other business functions. Nearly 1500 Maine residents were affected, though the total number remains undisclosed. The University of Phoenix also reported an Oracle related intrusion discovered after it appeared on the Clop Leak site. Exposed data includes names, contact details, dates of birth, Social Security numbers and bank account information. The broader Oracle EBS campaign has impacted more than 100 organizations, including multiple universities and major companies.

India's civil aviation minister has reported GPS spoofing and jamming at eight major airports, noting recent incidents in Delhi and ongoing activity since 2023 in Kolkata, Amritsar, Mumbai, Hyderabad, Bangalore and Chennai. GPS interference can overwhelm or mimic satellite signals, preventing pilots from relying on navigation systems. A 2025 jamming incident forced pilots carrying European Commission President Ursula von der Leyen to switch to manual navigation, though the minister offered no attribution for India's events and said no harm occurred. The Airports Authority of India has asked the wireless monitoring organization to identify the source of interference. The minister adds that the Airports Authority of India is deploying advanced cybersecurity measures and continually upgrading protections as aviation cyber threats evolve.

Kaiser Permanente has agreed to pay up to $47.5 million to settle consolidated class action claims over its use of tracking codes on websites, patient portals and mobile apps, which allegedly shared patient data with third parties such as Google, Microsoft and X Twitter. Kaiser reported the incidents in April 2024 as a HIPAA breach affecting 13.4 million people, the year's second largest healthcare data breach. The settlement covers members in nine states and D.C. with pro rata payments for approved claimants. Kaiser denies wrongdoing and says it has removed the tracking tools.

The Federal Trade Commission plans to require Illuminate education to delete unnecessary student data and strengthen its security as part of a proposed settlement over a 2021 incident that exposed information on about 10 million. The move follows a separate $5.1 million settlement with California, Connecticut and New York. Elluminate, a cloud provider for K12 schools, collected extensive academic and demographic data but, according to the ftc, lacked access controls, monitoring, patching and encryption. A hacker used credentials from a former employee to access databases hosted by a third party cloud provider and exfiltrated student records, health information and other personal details. The FTC says the company ignored prior warnings and misrepresented its security practices and waited two years to notify schools. The order will require security improvements, data deletion and accurate future disclosures.

An international initiative is developing guidelines for commercial spyware and related cyber intrusion providers to curb irresponsible behavior. The Pall Mall process, launched in 2024 by the UK and France, now includes 27 governments and major tech companies like Google, Microsoft, Apple and Meta. Its second phase seeks input from the offensive cyber industry to define responsible conduct for private sector firms. The UK's National Cybersecurity Centre says commercial cyber intrusion capabilities including exploit development, malware creation, C2 services and hacking as a service can support law enforcement and national security, but pose risks without safeguards. The effort aims to set expectations across the broader ecosystem of developers, brokers and operators, while addressing misuse as demand for zero day exploits grows. The consultation closes December 22nd.

Coming up after the break, our N2K producer Liz Stokes speaks with Christina Omri, Director of Special Programs for Cyber Exertechnologies, about cyber ranges for NATO and ESA and Iranian hackers. Give malware a retro reboot Stay with us.

What's your 2am Security worry? Is it do I have the right controls in place? Maybe? Are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questions. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows, using AI to streamline evidence collection, flag risks and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber.

AI is transforming every industry, but it's also creating new risks that traditional frameworks can't keep up with. Assessments today are fragmented, overlapping and often specific to industries, geographies or regulations. That's why Black kite created the BKGA3AI assessment framework to give cybersecurity and risk teams a unified, evolving standard for measuring AI risk across their own organizations and their vendors. AI use it's global, research driven, built to evolve with the threat landscape and free to use because Black Kite is committed to strengthening the entire cybersecurity community. Learn more@blackkite.com.

We are pleased to share that our N2K colleagues, Liz Stokes and Maria Vermazes were in Tallinn, Estonia this week for the NATO Cyber Coalition 2025 Cyber Range Exercise. Their visit marks the CyberWire as the only United States podcasters invited to attend. We'll be sharing interviews and insights from the event starting today with our producer Liz Stokes. Conversation with Christina Amri, Director of special programs for CyberXR technologies.

A

CyberXR is Estonian based or headquartered company, but we do operate globally. So There are approximately 55 countries in which we have conducted different cybersecurity related projects or sold our technology. So we are a cybersecurity company. Company on the preparedness side of cyber security.

C

And you guys provide cyber ranges for NATO and esa. What do those entail exactly?

A

Yes, Cyber range technology comes historically from military, from the need to train and exercise also on the digital battlefield, use the tools they would be using in the actual operations. But to do it in a simulated environment so that the real systems do not get harmed.

C

And how do you research for cyber instances in space?

A

So space is interesting domain. How did we get into the space project wars through the military. At some point military started asking besides the other domain also for the elements from the space. Because as also the current conflicts around the world and war has shown that the space based assets are crucial for the information.

C

Yeah, yeah, exactly. Can you go a little bit further into like that? Like how do you guys defend against those types of things?

A

So first of all, it usually goes and how we do it, we bring the technologies to the cyber range, so to the simulation environment where we build up an infrastructure or digital twins of different technologies. And this is what we do also in the space domain. So we build it in. We build. Build an infrastructure containing then a satellite, ground control station, mission control station, and also different other technologies when they make it relevant for the specific use case.

C

Do you have any examples of problems solved using the cyberspace range?

A

The first aim of our solution is to improve the capabilities and skills in cybersecurity. Because first of all, in general in cybersecurity, there's a great lack of cybersecurity specialists around the world. There are millions of unfulfilled job places because there's just lack of suitable.

Potential employees then. And when we even look at closer to the space segment, the gap there is also quite big. So we have space engineers, we have IT people, we have cybersecurity specialists. But how to combine those skills so that the cybersecurity specialists that come out of the universities would have understanding of space engineering, or vice versa, that the space engineers would already get from the beginning the basics, key elements of cybersecurity. And maybe this is one of the specifics of space industry, is that the systems will be up there and running for quite a long time on the orbit. Once you finish them, you cannot take them down and relaunch it usually. So it has to be Taken into account when engineering, but also designing the systems.

C

What do you want space companies to know about space and cybersecurity? Like what are you trying to explain to them?

A

So we are a bit in a situation when everyone knows that they should pay attention on cybersecurity, but quite often there are so many other things to worry about and at the same time maybe also a bit of lack of knowledge what and how should we do it? So. So there's a bit of an elephant in the room. We know that there are a lot of legacy systems in the space industry. There have not been that many attacks that have been spoken openly about. There are a few. But it is a bit like a situation where the understanding and the perception can change very easily when something big happens. What we nowadays do not think, and probably you don't think that you rely every day in your work on space systems, but we both do when using the basic satellite information for the gps but also for the weather forecast to see if it's snowy the next day or not. So this information we get through space, so it's not about only for the space industry, but it's part of the.

Way we live nowadays. Right, Right.

C

And I see there are a ton of televisions to our left here. Would you mind telling our audience what's going on on these televisions? Explain them a little bit more.

A

Yes. So the TV's here present different wheels from the cyber range. So cyber range is a platform for the hands on learning cyber skills. We build up the virtual environments, let's say digital twins, networks, everything. And the aim of the trainees there, be it a team based exercise or individual based exercise, is to go and see, depending of the scope of course, where are the vulnerabilities, what can I do to repair it, and so on and so forth. So this is one part of it that it's about the skills development and hence we can also take out the analytics. Where are they good at? What are the areas of improvement? What we say is it's never about pass and fail, it's about improving and learning. And this is also what we do. We can on the cyber range, we can clone the systems. So if we do and run a big military exercise, we clone the systems, the game nets for each team so that they would each get their playing field and get the learning experience. We can also do of course the shared targets if it's desired. But to have in mind this learning.

Learning, then it's best if everyone gets the same.

Game net and has their then tasks and Defense actions to be taken there.

C

Walk me through that process. What's that like?

A

So if we talk about the exercise and let's say it's a team based exercise, then usually we prepare on the cyber range. Those gamelets we make sure with the customer, what are the necessary infrastructure components? Are there any of the security monitoring systems, internal networks? What are the other special systems that we connect to? If we talk about the space, then is there a, let's say a flat set, any of the mission control, ground control segments that need to be as part of the game net and then once we have it ready, those are real virtual machines. So when the participant actually when the exercise starts, they log in and everything looks as it's.

So we do not compete with the ones who provide the cybersecurity.

Training on paper based and theoretical materials. So we are really hands on.

C

What made you think that Talin was one of the best places to start this company, to build up from here? I mean you think of space and you think of cyber and I think most people don't come to Estonia to think of that. So what made this place the best for you guys?

A

Well, Tallinn has a bit of history with Cyber. From the 2007, the cyber attacks against Estonia, so against the governmental institutions, but not only also commercials. So it started with attacks against the President's website. Okay. If you're a citizen of Estonia and the website of the President does not function, you can still continue your everyday life probably. But if your Internet bank does not respond anymore, then you feel it and it starts really having influence on your daily life. So this was 2007 and from this attack and the large scale attack we learned it even more clear that we have to put more emphasis on the cyber. And out of this experience many good initiatives and things have grown out, like the NATO ccdoe Intellin providing the collaborative platform for the NATO and then other countries who have joined the CCDOE for those cybersecurity exercises and trainings and hence also.

The private sector and cybersecurity companies started growing. They started growing already before, but this definitely was another push towards it. So. And this is also where our company is a bit rooted in. So in this need after a collaborative training platform, I spoke about the training of people and upskilling them. And so. But this type of platforms can also be used for the technology testings. So our core technology team has actually a background in NATO ccdoe and hand telling is a good and very untypical place for the cyber range is because you can find different institutions and companies providing the cyber range solutions here. That's awesome. Well, that's amazing.

C

Is there anything that you want to kind of talk to my audience about and like explain a little bit further? Is there anything that I missed?

A

Well, it's a long topic and especially with a space maybe angle, is that there's a lot to do and.

We have noticed that there's a growing interest and understanding a bit, but there's still quite the understanding of the vulnerabilities. Also at the same time, when we still have this legacy systems, as I mentioned before, there still are newer solutions coming up. Also there are more commercial satellites up there with their commercial tasks, so that the level of digitalization also is higher there. And when we base our business models on those satellites, the information and the exchange of information, it just becomes part of our everyday living here. At least this is one of the sites we want to explain and make more understandable to everyone. So it's not only about the real astronauts who go up there, it's about our own lies here on the planet Earth.

B

We will have much more reporting from our N2K colleagues, Liz Stokes and Maria Vermazes and their trip to Tallinn, Estonia for the NATO Cyber Coalition 2025 Cyber Range Exercise. Coming soon. Stay tuned.

D

This episode is brought to you by indeed. You're ready to move your business forward, but first you need to find the right team. Start your search with Indeed sponsored jobs. It can help you reach qualified candidates fast, ensuring your listing is the first one they see. According to Indeed data, sponsored jobs are 90% more likely to report a hire than non sponsored jobs. See the results for yourself. Get a $75 sponsored job credit at Indeed.com podcast. Terms and conditions apply.

B

Limu, Limu and Doug. Here we have the Limu Emu in its natural habitat, helping people customize their car insurance and save hundreds with Liberty Mutual. Fascinating. It's accompanied by his natural ally, Doug. Uh, Limu is that guy with the binoculars watching us cut the camera. They see us. Only pay for what you need@libertymutual.com Liberty Liberty Liberty Liberty Savings Fairy, underwritten by Liberty Mutual Insurance Company and affiliates excludes Massachusetts.

And finally, security researchers say Iranian nation state hackers have taken creative inspiration from a simpler era, disguising malware as the classic Snake game. Eset found muddy water. The group tied by US Intelligence to Iran's Ministry of Intelligence and Security using Snake's signature lag as a feature, inserting execution delays to dodge antivirus tools that dislike anything too quick on the trigger. The Group targeted telecom, government and energy organizations in Israel and Egypt, leaning as always on phishing emails that deliver remote monitoring tools through free file sharing services. Their Snake themed fooder loader deployed a new backdoor dubbed Muddy Viper, which lives only in memory and settles in through startup folders or scheduled tasks. Additional credential stealers and a reverse Sox 5 tunnel rounded out the toolkit, suggesting growing sophistication, if not quite matur.

And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.