Dave Bittner

You're listening to the CyberWire network. Powered by N2K.

Narrator/Host

The DMV has established itself as a top tier player in the global cyber industry. DMV Rising is the premier event for cyber leaders and innovators to engage in meaningful discussions and celebrate the innovation happening in and around the Washington, D.C. area. Join us on Thursday, September 18th to connect with the leading minds shaping our field and experience firsthand why the Washington D.C. region is the beating heart of cyber innovation. Visit DMVRising.com to secure your spot. Risk and compliance shouldn't slow your business down. Hyperproof helps you automate controls, integrate real time risk workflows and build a centralized system of trust so your teams can focus on growth, not spreadsheets. From faster audits to stronger stakeholder confidence, Hyperproof gives you the business advantage of Smarter compliance. Visit www.hyperproofio to see how leading teams are transforming their GRC programs. The FBI shares revelations on Salt Typhoon's reach Former NSA and FBI directors sound alarms on infrastructure cybersecurity gaps. Google is launching a new Cyber Disruption unit. A new report highlights cyber risks to the maritime industry. A Pennsylvania health care provider suffers a data breach affecting over 600,000 individual Citrix patches, a critical vulnerability under active exploitation. The US Sanctions a North Korea linked fraud network Ransomware is rapidly evolving with generative AI. Our guest is Brandon Karpf speaking with T Minus host Maria Vermazes, connecting three seemingly disparate stories. And who needs a tutor when you've got root access?

Brandon Karp

Foreign.

Narrator/Host

August 28, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. Great to have you with us. The Wall Street Journal reports that the China linked cyber campaign known as Salt Typhoon reached far beyond US telecom carriers, hitting more than 80 countries and compromising sensitive data on a scale investigators hadn't grasped until recently, FBI Cyber chief Brett Leatherman told the Journal. The intrusion gave Chinese intelligence access to more than 1 million call records as well as systems used by law enforcement for court approved wiretaps, a development that he called among the most consequential breaches in U.S. history. The operation also swept up private calls and texts from over 100Americans and allowed potential tracking of citizens movements worldwide. U.S. officials say the campaign, active since at least 2019, was more sweeping and indiscriminate than typical espionage operations. While Beijing denies involvement, the FBI has issued new technical details to companies and allies aimed at spotting Salt Typhoon's lingering presence in networks. The nsa, along with US and foreign partners, has issued a joint cybersecurity advisory warning that Chinese state sponsored hackers are targeting telecommunications, government, transportation, lodging and military networks worldwide. The advisory ties the activity overlapping with reporting on groups like Salt Typhoon to several China based firms providing services to the Ministry of State Security and the People's Liberation Army. The report, titled Countering Chinese State Sponsored Compromise of Networks Worldwide Defeat Global Espionage Systems, details the hackers tactics, techniques and procedures including methods for exploitation, persistence, data collection and exfiltration. It also lists exploited vulnerabilities and indicators of compromise. The Global Cyber Innovation Summit recently hosted an exclusive security briefing at One World Trade center on national security threats to US Critical infrastructure. The invitation only event gathered executives from former national security leaders, technologists and policy experts for a discussion on rising cyber risks and defense strategies. Bob Ackerman, GCIS founder, opened the event, followed by McKinsey's Ida Christensen, who highlighted a projected $31.1 billion global risk from OT breaches in the coming year. A panel featuring former NSA Director General Paul Nakasone, former FBI Director Christopher Wray, AEP CEO Bill Fuhrman and Dragos CEO Robert M. Lee explored how threat actors increasingly target industrial systems through IT to OT pivots. Keynote speaker Thomas Fanning stressed the need for collaboration across it, OT and executive leadership. Speakers underscored that cyberattacks on infrastructure risk not just data, but public safety. Google is launching a new cyber disruption unit aimed at proactively interfering with malicious online operations, a move that comes as US Policymakers and industry leaders debate the future of offensive cyber strategies. Sandra Joyce, vice president of Google Threat Intelligence Group, said the effort will focus on legal and ethical disruption and invited partners to join. The initiative reflects a broader conversation about the balance between active defense tactics such as honeypots and more aggressive measures like hacking back, which remain legally restricted. At a cybersecurity policy conference, former officials and industry leaders debated whether the private sector should play a larger role in offensive cyber operations. While legislation to authorize private companies remains stalled, some argue U.S. deterrence requires more direct action. Experts cautioned that any shift must ensure measurable impact while avoiding uncontrolled escalation. The maritime industry, which underpins 80% of global trade, is modernizing with automation, remote monitoring and advanced energy systems. But those innovations are opening new cyber risks. A new report from HelpNet Security says ships and ports now face threats ranging from ransomware to espionage, with vulnerabilities in operational technology, navigation systems and software supply chains. Incidents such as the 2017 NotPetya attack on Maersk, which shut down 76 terminals and recent ransomware hits on ports in Europe highlight the stakes. State actors from Russia, Iran and China are also accused of targeting maritime infrastructure, while interference with satellite navigation and AI powered cyber attacks present growing dangers, with only 17% of shipyards reporting in house. Cybersecurity expertise, expert stress workforce training, continuous risk assessments and stronger industry collaboration to build resilience across the global maritime sector. Healthcare Services Group, a Pennsylvania based healthcare support services provider, has disclosed a data breach affecting over 624,000 individuals nationwide. Attackers gained unauthorized access between September 27 and October 7 of 2024, stealing sensitive data including names, Social Security numbers, driver's licenses, state IDs, financial details and account credentials. HSGI reported the breach to the SEC in October of 2024, later confirming stolen data in June of this year. Notifications began Aug. 25 with victims offered 12 to 24 months of credit monitoring and identity theft protection. A Citrix vulnerability is being actively exploited, leaving more than 28,000 NetScaler, ADC and Gateway instances exposed worldwide, according to CISA and Citrix. The flaw patched yesterday allows remote code execution and was abused as a zero day. Most vulnerable systems are in the us, Germany and the uk. Citrix urges immediate upgrades as no mitigations exist. Two other high severity flaws were also disclosed. CISA has added the vulnerability to its known Exploited Vulnerabilities catalog, requiring federal patching by August 28th. The US treasury has sanctioned a North Korean linked fraud network that placed hackers in U.S. companies by posing as job seekers. Once hired, the operatives stole data, extorted employers and funneled wages to Pyongyang, generating at least $1 million for the regime. The treasury says North Korea launders stolen funds, often via cryptocurrency, to support its nuclear program. Companies are now legally barred from engaging with the sanctioned parties. New research shows ransomware is rapidly evolving with generative AI, lowering barriers for cybercriminals and making attacks more effective. Anthropic reports that hackers are using its AI models, including CLAUDE and Claude Code, to write malware, craft extortion notes and run ransomware as a service schemes. One group, GTG5004, used Claude to develop ransomware sold for between $400 and $1,200 despite lacking technical expertise. Separately, ESET identified PromptLock, the first proof of concept AI powered ransomware. While not yet deployed, it demonstrates how attackers can exploit AI to automate intrusions. Experts warn that AI assisted ransomware is still emerging, but the trend points to faster, more sophisticated attacks with global implications. Coming up after the break Brandon Karp speaks with T Minus host Maria Ramazes about three seemingly disparate stories and who needs a tutor when you've got root access? Stay with us. Compliance regulations, third party risk, and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots, and all those manual processes, you're right. GRC can be so much easier, and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo. That's V A n t a dot com Cyber.

Brandon Karp

Abercrombie is an official fashion partner of the NFL, and I'm CeeDee Lamb, wide receiver for the Dallas Cowboys. You know I'm here for Abercrombie's Cowboys gear. That's not a question, but I need a whole wardrobe to go with it. No shade to the guys, but I'm used to having the best tunnel fits. This season, Abercrombie has me covered. Shop NFL by Abercrombie in the App Online and is store.

Narrator/Host

Brandon Karp is friend of the show, founder of the T Minus Space Daily Podcast, and a cyber security expert. He recently sat down with T Minus host Maria Vermazes to connect the dots and stump the host for this month's Space and Cybersecurity segment.

Brandon Karp

I'm gonna try to convince you and all of your listeners that these three seemingly unrelated articles having to do with the space industry from the last 10 days will represent a massive shift of wealth from Singapore to Greenland in the next 10 years.

Dave Bittner

Okay listeners, I just want you to know that is also all I know. I know nothing behind the scenes here. So what articles are we talking about? Brandon, let's Talk.

Brandon Karp

All right, cool. So I'll start with the headlines from these articles. Voyager Technologies makes investment into AI software company Latent AI ksat, which is Kongsberg Satellite Services, plans to take its ground network to space with hypersatellites in Leo. Elyria reports milestones with tight beam laser communications.

Dave Bittner

Okay, so Voyager Tech investment in Latent AI KSAT plans ground network with hypersatellites in Leo and Elyria's milestones with tight beam laser comms. Okay, I'm stumped. Aside from these are all headlines I know that we have covered on T minus Space Daily, I have absolutely no idea what else would be the common thread here. So regale me Brandon, because I'm so.

Brandon Karp

What is the common thread between these three things which are seemingly unrelated and all from the last 10 days? Yes, and my argument is that these developments, which are really just representative of a number of developments over the last few years, represents meaningful steps towards moving core Internet backbone traffic from terrestrial fiber lines to space based architectures.

Dave Bittner

Introduce me to where and how Singapore and Greenland come into play here on that thesis.

Brandon Karp

We'll get there. Let's start with the technology developments themselves in my mind, right? This idea of shifting core Internet backbone traffic from terrestrial fiber lines to space based architectures really requires developments in three core technology areas, right? The first being orbital data centers. Right, Data centers in space being able to process data in situ in low Earth orbit. Second is actually moving meaningful software technologies and that's going to come with investments in edge AI, because edge AI is really just driving increased compute power. With that increased compute power investment which we're trying to send to low Earth orbit, which we've seen with this Voyager Technologies investment is going to have to come developments in mostly like heat transfer technologies and power generation technologies, because both Those systems, the GPUs, the CPUs, generate tremendous amounts of heat and require tremendous amounts of power. And so Voyager's investments in these types of companies, and there's a number of others as well, will drive rapid changes and investment in creation of heat transfer technologies and power generation technologies in space. Now, the third area that is required to move meaningful amounts of Internet traffic from terrestrial systems to space systems is high speed optical laser communications. That is the most critical enabling technology.

Dave Bittner

Okay, I'm starting to see this thread up here and I'm just thinking, okay, I can think of recent missions for a lot of these. Like there's a mission going to the ISS just recently about orbital data centers, which I was really amped about.

Brandon Karp

So, and I'm glad you brought up the ISS testbed as well, because that's a partnership between Axiom Space and Red Hat, Red Hat being the massive Linux foundation organization. And I didn't choose that one because that was originally announced a few months ago. And I wanted to pick things that were just announced in the last 10 days. But you're right, that is going up like this week or something like that.

Dave Bittner

As of the time of this recording.

Brandon Karp

And that test case is orbital data centers being tested. It's a partnership between Axiom and Red Hat and being tested on the iss. And so that's already going to introduce new power generation systems, heat transfer systems, et cetera, for processing data in situ in space.

Dave Bittner

All right, so we're talking about, we have in place in movement the required technologies for the core Internet backbone traffic to go from terrestrial to space based. I'm working backwards obviously. That will represent a whole bunch of interesting cybersecurity challenges, I would imagine, but I'm sure you'll get to that at some point. Most definitely. So can I ask about the Singapore Greenland thing yet? Are we still not there yet?

Brandon Karp

Because we're still not there yet. We're going to get there. Oftentimes when folks talk about moving Internet core backbone Internet traffic from terrestrial fiber lines to space, people bring up the issue of throughput. We just can't push enough data to make it worthwhile to shift transmissions from the core undersea fiber lines. And that's massive, massive, massive, massive, massive undersea fiber lines. We're talking about terabits per second. Terabits and terabits per second over those massive fiber lines to a space based architecture. However, developments in processing in space as well as laser communications, which Illyria is investing in, is getting us actually quite close to terabit per second transmissions. And just this year a group out of China successfully demonstrated 400 gigabits per second. And Illyria has plans and designs of getting up to 1 terabyte of data per second across a single optical link. And so Elyria's recent milestones just from the other week demonstrated that they're making meaningful steps. And just in the last six, seven years, we've had a thousand x increase in the amount of data we can push over optical links. That type of acceleration is going to get us to meaningful terabits per second across optical links within the next few years. That is going to represent enough throughput to start shifting Internet traffic from terrestrial fiber cables to space based architectures and.

Dave Bittner

Then also edge AI coming into play here where especially for space based applications, where, you know, you don't have to necessarily use all that throughput because a lot of the processing is done on edge. That's not going to necessarily be relevant for all applications, certainly. But when we're talking about things that are requiring tons and tons of compute, if you can do it in space, instead of being like shipping the data back and forth over and over, that's a big efficiency, right?

Brandon Karp

Exactly. Big efficiencies gains more flexibility. Right. You're no longer requiring to send data through these terrestrial systems. You're no longer worried about the fiber lines getting cut by anchor chains of illicit fishing vessels. It's also more flexible in terms of failover and shifting aggregate capacity onto different links. And more importantly, on top of all of that, when you think about these constellations of thousands of satellites, you'll have access to more than one optical link. You could have access to to numerous terabit optical lengths at a single time if you have ready access to a meaningful ground station for that type of communication.

Dave Bittner

Okay, you know, a question I want to ask now. Are we there yet?

Brandon Karp

Okay, I think we're close enough. I think we're there. Singapore is just an illustrative example of areas of centralized communications around the world. There are many of these. Djibouti is one of them. Egypt is another. The US west coast, even Brazil has some centralized areas where it was convenient to drive all of the fiber lines to one centralized processing region. These actually typically mirrored traditional maritime shipping lanes. Basically, what is the fastest way to get from point A to point B across the ocean? Well, that's where we also ended up laying fiber lines. We don't need those maritime shipping lanes anymore for space based architectures. And so where can you get the most efficient communications from space to ground? Where is the least amount of interference? Where is the least expensive real estate for ground stations for these optical links in these proliferated low earth satellite architectures? More polar regions, not the equatorial regions. And so I think that what we're going to see as these technologies develop, and as you see Kongsberg investing in these optical ground stations and actually deploying ground station type services in space as well, is an increase in investment in physical real estate in the polar region. So anyone with Arctic or Antarctic access, so that could be Chile, that could be Norway. I used Greenland because I thought it was funny to compare Greenland to Singapore. But as investment shifts, you're going to see more and more technology companies, communications companies, et cetera, starting to invest in those regions as they can start getting core Internet access through polar based ground stations.

Dave Bittner

Hmm. So fascinating geopolitical implications of this, certainly, that I know we've been seeing in the news in the last year.

Brandon Karp

Most certainly. And a lot of folks maybe were laughing at the Trump administration for their potentially interest in taking over Greenland, but there actually might be some strategic reasons for Western nations to build closer relationships with those regions of the world.

Dave Bittner

Yeah, that kind of is starting to make a little sense now. We've barely touched on the cybersecurity implications of all this, which I'm sure could take another hour if we wanted to get into that. Certainly if you can do it in like three minutes, if that's even possible. What are we looking at for maybe a thesis on what this could mean for cybersecurity implications?

Brandon Karp

Yeah, there are a few. And first I'll just talk about infrastructure. Right. When you have a ground station, you don't want to transmit data over a long distance. So those regions will probably also see an increased investment in data centers and terrestrial systems like that, in Internet service providers and telecom providers being in those regions. As that architecture continues to grow, That'll of course shift investment out of the traditional regions of centralization for those things such as Singapore. That'll create some economic stress, of course, not necessarily directly related to cybersecurity. However, it is relevant. But what I will say though is that the use of optical transmissions introduces a number of great security features. It is a tight beam type of communication, so it is much more difficult to snoop and spoof a laser based communication. So in terms of the transport architecture itself, there's more security just by the nature of using an optical link. Optical links can process faster, so more heavy forms of encryption and cryptography can be used. So that could increase the security posture as well. There's also ways of multiplexing signals across an optical link that could make your signal much more difficult to detect and intercept as well. However, I would also say though, some of these regions that we're talking about, the Norways of the world, the Greenlands of the world, et cetera, are going to need, if my thesis comes to pass in the next 10 years, are going to need more investment in security of their digital ecosystem. You don't typically hear about those nations when it comes to cybersecurity, when it comes to having folks on the ground and security services and security forces in those regions actually defending that infrastructure, that critical infrastructure. And so it would be great to see those nations ahead of time starting to work with the us, with the uk, et cetera, on critical infrastructure protection. And how we can secure the physical assets for the digital ecosystem.

Dave Bittner

Oh, there's so blue teamers. There's a bunch of job openings coming in some countries that you may not have expected in the future, so I really enjoyed this version of Stump the Host. You took me on a journey and I appreciate that very much. Honestly, it's a really fascinating idea. I think you are onto something legitimately. So thanks for. Thanks for this really great idea. I appreciate it.

Brandon Karp

Yeah, it was absolutely my pleasure.

Narrator/Host

Maria that was Brandon Karp speaking with T Minus host Maria Vermazes. Be sure to check out the T Minus Space Daily wherever you get your favorite podcasts. You hear from us here at the Cyberwire Daily every single day now. We'd love to hear from you. Your voice can help shape the future of N2K networks. Tell us what matters most to you by completing our annual audience survey. Your insights help us grow to better meet your needs. There's a link to the survey in our show Notes. We're collecting your comments through August 31st. Thanks.

Brandon Karp

This episode is brought to you by Indeed. When your computer breaks, you don't wait for it to magically start working again. You fixed the problem, so why wait to hire the people your company desperately needs? Use Indeed sponsored jobs to hire top talent fast and even better, you only pay for results. There's no need to wait. Speed up your hiring with a $75 sponsored job credit@ Indeed.com podcast. Terms and conditions apply.

Dave Bittner

Running a business comes with a lot of what ifs, but luckily there's a simple answer to them. Shopify. It's the commerce platform behind millions of businesses including Thrive Cosmetics and Momofuku, and it'll help you with everything you need, from website design and marketing to boosting sales and expanding operations. Shopify can get the job done and make your dream a reality. Turn those what ifs into Sign up for your $1 per month trial@shopify.com specialoffer.

Narrator/Host

And finally, Spanish police say they've nabbed a 21 year old Seville University student who allegedly decided the best way to boost his grades wasn't through studying, but through hacking the region's education system. Investigators claim he broke into the school system's platform, quietly upgrading his own marks and in a rare act of academic generosity, adjusting classmates scores too. Authorities say he also breached the email accounts of at least 13 professors across six universities, including those preparing next year's entrance exams. His career as an unofficial registrar unraveled when staff noticed irregularities. Police seized computer gear and a notebook detailing his handiwork. The student now faces charges of computer intrusion, identity theft and document forgery. His exams, however, remain permanently failed. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual survey to learn more about our listeners. We're collecting your insights through the end of August, so there's only a few more days left to fill out the survey. Please take a moment and do so. There's a link in the show. Notes N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Paul Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.