North Korea’s covert coders caught.

Dave Bittner

You're listening to the Cyberwire Network, powered by N2K risk and compliance shouldn't slow your business down. Hyperproof helps you automate controls, integrate real time risk workflows, and build a centralized system of trust so your teams can focus on growth, not spreadsheets. From faster audits to stronger stakeholder confidence, Hyperproof gives you the business advantage of Smarter compliance. Visit www.hyperproof.IO to see how leading teams are transforming their GRC programs. The Feds shut down a covert North Korean operation Google releases an emergency update to fix a new Chrome Zero Day A major US Trade show and event marketing firm suffers a data breach. Netscaler patches a pair of critical vulnerabilities. A sophisticated cyber attack targets the Hague. An Iran linked hacking group threatens to release emails allegedly stolen from aides to President Trump. A ransomware attack exposes sensitive data linked to multiple Swiss federal government agencies. The U.S. treasury Department faces scrutiny after a string of cyber attacks. The FBI's phone security tips draw fire from Senator Wyden. Tim Starks from Cyberscoop describes how ubiquitous surveillance turned deadly and AI proves its pen testing prowess. It's Tuesday, July 1st, 2025. I'm Dave Buettner and this is your Cyberwire Intel Brief. Thanks for joining us. It is great to have you with us today. It seems impossible that it is already July 1st, but here we are. The US Department of Justice announced enforcement actions targeting North Korea's covert IT operations that fund its nuclear program. Authorities arrested Zhengjing Danny Wang, a US citizen, for running a scheme from New Jersey that placed North Korean IT workers in US tech jobs, generating over $5 million. Eight others, six Chinese nationals and two Taiwanese citizens, were also indicted for wire fraud, money laundering, identity theft, hacking and sanctions violations. From 2021 through 2024, they impersonated over 80Americans to gain remote over 100 companies, causing $3 million in damages. They ran US laptop farms and shell companies to hide workers identities and stole sensitive data, including AI tech from a California defense firm. The FBI seized 137 laptops and raided 21 sites in 14 states linked to the scheme. Google released an emergency update to fix a new Chrome Zero Day vulnerability, marking the fourth such FL patched this year. The bug, a high severity type confusion issue in Chrome's V8 JavaScript engine, was already exploited in the wild. Discovered by Clement Leasing from Google's Threat Analysis Group, the flaw could let attackers execute arbitrary code on unpatched devices. Google pushed configuration changes on June 26 to mitigate risks and released updates for Windows, Mac and Linux the next day. While updates may take days to reach all users, they were immediately available when checked by bleeping computer. Google hasn't shared technical details yet to protect users until most are updated. Previous Chrome Zero days were patched in March, May and June. Nth Degree Investment Group, a major US Trade show and event marketing firm, reported a data breach compromising personal data of up to 39,000 people. The breach occurred between December 12th and 20th of last year, but wasn't discovered until March of this year. Exposed data include Social Security numbers, driver's licenses, financial details, health insurance data and medical records. Victims are mainly in Texas. The company, serving clients like Microsoft and Mercedes Benz, began notifying affected individuals in April and is offering 12 months of free credit monitoring for our audience. It's worth noting that Nth Degree is a provider for the RSAC trade show. Netscaler's cloud software group released updates to fix two vulnerabilities affecting NetScaler ADC and NetScaler Gateway when configured as a gateway or AAA virtual server. The first vulnerability is a memory overflow flaw that could cause denial of service and unintended control flow. The second results from insufficient input validation leading to memory overreads. The company confirmed active exploitation of the first vulnerability and urges immediate updates as no mitigations are available. The second vulnerability currently shows no exploitation evidence. The International Criminal Court was hit by a sophisticated cyber attack last week, the tribunal announced Monday. The incident has been contained and an impact analysis is underway, though the ICC did not disclose the motive or whether data was compromised. The attack comes as the Hague hosted a NATO summit with heightened security. The ICC, which investigates sensitive global cases, was also targeted in 2023 and has previously been a focus of espionage efforts. Business operations continue as mitigation steps are implemented. Iran linked hackers calling themselves Robert have threatened to release more emails allegedly stolen from President Trump's aides, including Susie Wiles, Roger Stone, attorney Lindsey Halligan and Stormy Daniels. The group claims to hold about 100 gigabytes of data and and is considering selling it, but hasn't shared details or contents. They previously leaked emails before the 2024 election revealing campaign and legal communications, though the leaks didn't alter Trump's victory. U.S. officials called the hack a calculated smear campaign and vowed prosecution. The group resurfaced after recent U.S. airstrikes on Iran's nuclear facilities, with analysts suggesting Iran seeks asymmetric retaliation without triggering direct military escalation. Tehran has denied cyber espionage US Cyber officials warn critical infrastructure operators remain potential Iranian targets amid ongoing Regional tensions Swift Health Promotion Foundation Radix has suffered a ransomware attack exposing sensitive data linked to multiple Swiss federal government offices. The Zurich based nonprofit, which runs health education programs and online counseling services, was attacked on June 16 by the sarcoma Ransomware Group when ransom demands failed. Sarcoma leaked 1.3 terabytes of data on June 29, including document scans, financial records, contracts and internal communications, the Swiss National Cybersecurity center confirmed investigations are underway, though attackers did not access Federal Administration systems directly. Radix is restoring data from backups and says there's no current evidence that partner organization's data was directly compromised. However, potentially affected individuals are advised to remain vigilant for phishing or credential theft attempts in the coming months. The US Treasury Department is under scrutiny after three major cyber attacks in five years exposed critical security gaps, Bloomberg reports. Recent breaches include Chinese hackers infiltrating Secretary Janet Yellen's computer and Russian hackers spying on staff emails during the 2020 SolarWinds attack in April, hackers accessed the Office of the Comptroller of the Currency's emails for a year and using a VPN without triggering alerts. Investigations show treasury repeatedly failed to implement basic safeguards like multi factor authentication and adequate log monitoring. Meanwhile, its cybersecurity leadership has been gutted by departures linked to Elon Musk's Department of Government Efficiency, leaving vital positions vacant. Financial institutions are alarmed, fearing their confidential data could be exposed due to Treasury's weak defenses. Despite a billion dollar annual cybersecurity budget, experts warn Treasury's fragmented oversight and depleted staff make it a prime target for foreign hackers, undermining trust in its ability to protect the financial sector. US Senator Ron Wyden criticized the FBI's recent guidance to Capitol Hill staff on mobile device security as overly simplistic. In a letter to Director Kash Patel, though, the FBI discussed basics like avoiding suspicious links, using private wi fi, disabling Bluetooth, updating software and regular reboots. Wyden said it failed to address zero click spyware threats used by foreign adversaries. He urged recommending advanced protections available on modern phones such as Apple's lockdown mode and Android's advanced protection mode, as well as privacy steps like ad blockers, disabling ad tracking and opting out of data brokers. Security experts echoed his call, recommending these features for high value targets to counter sophisticated mobile attacks. Coming up after the break, Tim Starks from cyberscoop describes ubiquitous surveillance turn deadly and AI proves its pen testing Prowess. Stay with us. And now a word from our sponsor, Cloudrange. At Cloudrange, they believe cybersecurity readiness starts with people, not just technology. That's why their proactive simulation based training helps security teams build confidence and skill from day one by turning potential into performance. They empower SOC and incident response teams to respond quickly, smartly and in sync with evolving threats. Learn how Cloudrange is helping organizations stay ahead of cyber risks@www.cloudrange.com.

Tim Starks

Foreign.

Dave Bittner

And now a word from our sponsor. Spy Cloud identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire joining me once again is Tim Starks. He is a senior reporter at cyberscoop. Tim, it's always great to have you back.

Tim Starks

Always, always.

Dave Bittner

So you posted a story here recently about this Justice Department watchdog report dealing with some Mexican cartels. This one has some really interesting elements here. Can you just give us an overview of the story here, Tim?

Tim Starks

Yeah, I was talking to my editor about this and we were of the mind that if somebody had told you a story like this, you'd be like, that sounds like a bad episode of ncis. Like what? That doesn't sound plausible. But here we have a rather extraordinary situation where the Department of Justice Inspector General said there was an instance in 2018 where someone from one of the cartels, the El Chapo Cartel, came to the FBI and said, hey, the cartel hired a hacker who offered this menu of services, including getting into phones. That hacker then on behalf of the cartel, broke into cameras in Mexico City. Broke. It started tracking people by their geolocation data, settled on one particular FBI official who was coming in and out of the embassy in Mexico City and finding out that they were having meetings with people who were either potential witnesses or actual witnesses or people who might be able to help the case against El Chapo in some way. And the FBI learned subsequently that some of those people had been intimidated and even killed.

Dave Bittner

Yeah, I mean, I think so. Often we're used to these stories ending in someone losing a lot of money or ransomware or Cryptojacking or something like that. But here we're talking about actual loss of life.

Tim Starks

It's extremely rare. And interestingly enough, the only other time I can think of that's confirmed that this has happened, that a hacker did something that caused someone's death, was actually also last week, it was. The NHS had put out a review of a cyber attack and how it affected blood test results in London and England and essentially said, you know, that the delayed blood test caused someone to die. There have been other times where we've seen a little bit of interaction between physical and cyber attacks, you know, where there's been some tangible harm done, but not much in the way of actual people being killed. So this is shocking. I'm so much used to writing about the economic loss and writing about espionage, and this is just very different. I've always wondered who, if we get to this point on cyber where, you know, you and I have covered this stuff for so long, it's a huge topic in the world. But I've always thought, you know, if you can show that people are dying because cyber attacks, I wonder if gather a new level of physical attention because, you know, even during the Ukraine war where there was some discussion of cyber attacks and enabling that war, you still couldn't point us to anything and say that person died because of that attack. So this convergence has always been really interesting to me and primarily theoretical. Now it's quite real.

Dave Bittner

It sounds like something out of a Mission Impossible movie or a Bond villain or something like that. What's the FBI's response been to this watchdog report? The report talks about failures in the FBI's red team, I believe.

Tim Starks

Yeah. So this was part of a broader report that was about the FBI struggling to deal with ubiquitous technical surveillance. That means everything from, like the cameras that we saw in this case or people's phones or financial records, essentially, there's so much surveillance in the world that other people can take advantage of, be they governments or be they people. Situations like this, the hackers that the Justice Department Inspector General has been saying, the FBI needs to get a hang of this. It's going to. It's really causing them some trouble. And this was a follow on review to an earlier review. The FBI had created this kind of Red team to look into this. And the Justice Department said, nope, you still haven't quite gotten it yet. So there were some recommendations. The FBI largely agreed with recommendations needed to do a bigger enterprise wide look at all of this, but also train agents more in terms of this actual story. They have not commented on it specifically and, and referred my questions to the Department of Justice, which did not answer at all.

Dave Bittner

Now, help me understand here, Tim. I mean, this report goes back several years, so is it fair to expect that methods have improved over time?

Tim Starks

Gosh, I hope not, but it certainly seems that that could be the case. Right. I mean, I. In terms of what hackers are capable of doing, I think some of the capabilities are similar, but in terms of how many avenues there are to get into these kinds of things, I mean, if you're imagining someone taking over the cameras in a city, there may be more vulnerabilities for them to exploit. Potentially there may be a broader catalog of ways they could do that. So potentially the ability of hackers to do this in situations where they haven't before might be different. Although, of course, you know, defenses have increased as well. So, you know, we think a lot about Internet of things, we think a lot about surveillance of phones, and in some ways there's been some, some advancement and some decline in the defenses there.

Dave Bittner

You mentioned earlier this notion of ubiquitous surveillance, which I think we all think about these days. Here's an example of how that's being used by the bad guys and again, ultimately leaving, leading to, of life.

Tim Starks

Yeah. And there's been some reporting as well on the difficulties for intelligence agencies to collect human intelligence anymore, meaning just the simple matter of meeting an apartment with somebody and hoping that you can convert them to spy for you and then stay in touch with you. So this is a, this is a broader phenomenon that ubiquitous technical surveillance as something that, that, that the bad guys, as you say, could use. This is just maybe the starkest example of a. Yeah.

Dave Bittner

What do you suppose could come out of a report like this?

Tim Starks

Yeah, I mean, I think the FBI seems to acknowledge that it needs to improve some things like the training to be aware of this, to do a broader enterprise wide. Look at this. I think, you know, if you say that the FBI didn't do well enough in its last update report on this, according to the Inspector general, that there's a chance that they also won't do well enough next time. But certainly the reminders are getting more prominent. And I think the, I think the fact that some of these examples, you know, there was a largely redacted document, but this one was notably not redacted. So I think there might be some additional pressure on the FBI to shape up on this once, once, you know, they realize the embarrassment of some of these kinds of things, that this could be more like bully pulpit, kind of pressure that once the public knows about it and knows what's, what's gone wrong because of it, perhaps the FBA will say, okay, now we need to be even more careful. We're not just answering to the inspector general of our department.

Dave Bittner

Yeah, no, really interesting reporting here again. Tim Starks is senior reporter at cyberscoop. Tim, thanks so much for joining us.

Tim Starks

Thank you, Dave.

Dave Bittner

And now a word from our sponsor, Cloudrange. At Cloudrange, they believe cybersecurity readiness starts with people, not just technology. That's why their proactive simulation based training helps security teams build confidence and skill from day one by turning potential into performance. They empower SOC and incident response teams to respond quickly, smartly, and in sync with evolving threats. Learn how Cloudrange is helping organizations stay ahead of cyber risks@www.cloudrange.com.

Tim Starks

This episode is brought to you by Polestar. There's only one true way to experience the all electric luxury SUV Polestar 3. And that's to take a test drive. It can go from 0 to 60 in as little as 4.8 seconds with the dynamic handling of a sports car. But to truly understand how it commands the road, you need to be behind the wheel. Up to 350 miles of range. The 3D surround sound system by Bowers and Wilkins. It's all something you have to experience to believe. So book your Test drive for Polestar 3 today@Polestar.com.

Dave Bittner

And finally, AI has officially joined the hacker leaderboard. And it's not just any leaderboard. Over on HackerOne, the top ranked Redteamer isn't a hoodie wearing human, but XBO, an AI chatbot that's been busy finding over 1000 vulnerabilities while probably chugging imaginary Mountain Dew. XBO outperformed 99 real hackers, identifying everything from SQL injections to a new Palo Alto VPN flaw affecting thousands of its creators proudly say it operates like a human pen tester, except it doesn't sleep, complain about Jira tickets, or ask for raises. Experts warn this is great news for attackers, but a migraine for defenders already struggling to patch known flaws, let alone AI discovered ones at machine speed as security leaders lament being outpaced. Expo's triumph proves defenders aren't just fighting humans behind keyboards anymore. They're battling bots that scan, exploit and adapt in real time. On the bright side, AI can't steal your lunch from the office fridge for now. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of this summer. There's a link in the show notes. Please do check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign hey, everybody. Dave here. I've talked about Delete Me before and I'm still using it because it still works. It's been a few months now, and I'm just as impressed today as I was when I signed up. DeleteMe keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Delete Me team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. DeleteMe also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal. 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.