Transcript
Dave Bittner (0:02)
You're listening to the Cyberwire Network, powered by N2K risk and compliance shouldn't slow your business down. Hyperproof helps you automate controls, integrate real time risk workflows, and build a centralized system of trust so your teams can focus on growth, not spreadsheets. From faster audits to stronger stakeholder confidence, Hyperproof gives you the business advantage of Smarter compliance. Visit www.hyperproof.IO to see how leading teams are transforming their GRC programs. The Feds shut down a covert North Korean operation Google releases an emergency update to fix a new Chrome Zero Day A major US Trade show and event marketing firm suffers a data breach. Netscaler patches a pair of critical vulnerabilities. A sophisticated cyber attack targets the Hague. An Iran linked hacking group threatens to release emails allegedly stolen from aides to President Trump. A ransomware attack exposes sensitive data linked to multiple Swiss federal government agencies. The U.S. treasury Department faces scrutiny after a string of cyber attacks. The FBI's phone security tips draw fire from Senator Wyden. Tim Starks from Cyberscoop describes how ubiquitous surveillance turned deadly and AI proves its pen testing prowess. It's Tuesday, July 1st, 2025. I'm Dave Buettner and this is your Cyberwire Intel Brief. Thanks for joining us. It is great to have you with us today. It seems impossible that it is already July 1st, but here we are. The US Department of Justice announced enforcement actions targeting North Korea's covert IT operations that fund its nuclear program. Authorities arrested Zhengjing Danny Wang, a US citizen, for running a scheme from New Jersey that placed North Korean IT workers in US tech jobs, generating over $5 million. Eight others, six Chinese nationals and two Taiwanese citizens, were also indicted for wire fraud, money laundering, identity theft, hacking and sanctions violations. From 2021 through 2024, they impersonated over 80Americans to gain remote over 100 companies, causing $3 million in damages. They ran US laptop farms and shell companies to hide workers identities and stole sensitive data, including AI tech from a California defense firm. The FBI seized 137 laptops and raided 21 sites in 14 states linked to the scheme. Google released an emergency update to fix a new Chrome Zero Day vulnerability, marking the fourth such FL patched this year. The bug, a high severity type confusion issue in Chrome's V8 JavaScript engine, was already exploited in the wild. Discovered by Clement Leasing from Google's Threat Analysis Group, the flaw could let attackers execute arbitrary code on unpatched devices. Google pushed configuration changes on June 26 to mitigate risks and released updates for Windows, Mac and Linux the next day. While updates may take days to reach all users, they were immediately available when checked by bleeping computer. Google hasn't shared technical details yet to protect users until most are updated. Previous Chrome Zero days were patched in March, May and June. Nth Degree Investment Group, a major US Trade show and event marketing firm, reported a data breach compromising personal data of up to 39,000 people. The breach occurred between December 12th and 20th of last year, but wasn't discovered until March of this year. Exposed data include Social Security numbers, driver's licenses, financial details, health insurance data and medical records. Victims are mainly in Texas. The company, serving clients like Microsoft and Mercedes Benz, began notifying affected individuals in April and is offering 12 months of free credit monitoring for our audience. It's worth noting that Nth Degree is a provider for the RSAC trade show. Netscaler's cloud software group released updates to fix two vulnerabilities affecting NetScaler ADC and NetScaler Gateway when configured as a gateway or AAA virtual server. The first vulnerability is a memory overflow flaw that could cause denial of service and unintended control flow. The second results from insufficient input validation leading to memory overreads. The company confirmed active exploitation of the first vulnerability and urges immediate updates as no mitigations are available. The second vulnerability currently shows no exploitation evidence. The International Criminal Court was hit by a sophisticated cyber attack last week, the tribunal announced Monday. The incident has been contained and an impact analysis is underway, though the ICC did not disclose the motive or whether data was compromised. The attack comes as the Hague hosted a NATO summit with heightened security. The ICC, which investigates sensitive global cases, was also targeted in 2023 and has previously been a focus of espionage efforts. Business operations continue as mitigation steps are implemented. Iran linked hackers calling themselves Robert have threatened to release more emails allegedly stolen from President Trump's aides, including Susie Wiles, Roger Stone, attorney Lindsey Halligan and Stormy Daniels. The group claims to hold about 100 gigabytes of data and and is considering selling it, but hasn't shared details or contents. They previously leaked emails before the 2024 election revealing campaign and legal communications, though the leaks didn't alter Trump's victory. U.S. officials called the hack a calculated smear campaign and vowed prosecution. The group resurfaced after recent U.S. airstrikes on Iran's nuclear facilities, with analysts suggesting Iran seeks asymmetric retaliation without triggering direct military escalation. Tehran has denied cyber espionage US Cyber officials warn critical infrastructure operators remain potential Iranian targets amid ongoing Regional tensions Swift Health Promotion Foundation Radix has suffered a ransomware attack exposing sensitive data linked to multiple Swiss federal government offices. The Zurich based nonprofit, which runs health education programs and online counseling services, was attacked on June 16 by the sarcoma Ransomware Group when ransom demands failed. Sarcoma leaked 1.3 terabytes of data on June 29, including document scans, financial records, contracts and internal communications, the Swiss National Cybersecurity center confirmed investigations are underway, though attackers did not access Federal Administration systems directly. Radix is restoring data from backups and says there's no current evidence that partner organization's data was directly compromised. However, potentially affected individuals are advised to remain vigilant for phishing or credential theft attempts in the coming months. The US Treasury Department is under scrutiny after three major cyber attacks in five years exposed critical security gaps, Bloomberg reports. Recent breaches include Chinese hackers infiltrating Secretary Janet Yellen's computer and Russian hackers spying on staff emails during the 2020 SolarWinds attack in April, hackers accessed the Office of the Comptroller of the Currency's emails for a year and using a VPN without triggering alerts. Investigations show treasury repeatedly failed to implement basic safeguards like multi factor authentication and adequate log monitoring. Meanwhile, its cybersecurity leadership has been gutted by departures linked to Elon Musk's Department of Government Efficiency, leaving vital positions vacant. Financial institutions are alarmed, fearing their confidential data could be exposed due to Treasury's weak defenses. Despite a billion dollar annual cybersecurity budget, experts warn Treasury's fragmented oversight and depleted staff make it a prime target for foreign hackers, undermining trust in its ability to protect the financial sector. US Senator Ron Wyden criticized the FBI's recent guidance to Capitol Hill staff on mobile device security as overly simplistic. In a letter to Director Kash Patel, though, the FBI discussed basics like avoiding suspicious links, using private wi fi, disabling Bluetooth, updating software and regular reboots. Wyden said it failed to address zero click spyware threats used by foreign adversaries. He urged recommending advanced protections available on modern phones such as Apple's lockdown mode and Android's advanced protection mode, as well as privacy steps like ad blockers, disabling ad tracking and opting out of data brokers. Security experts echoed his call, recommending these features for high value targets to counter sophisticated mobile attacks. Coming up after the break, Tim Starks from cyberscoop describes ubiquitous surveillance turn deadly and AI proves its pen testing Prowess. Stay with us. And now a word from our sponsor, Cloudrange. At Cloudrange, they believe cybersecurity readiness starts with people, not just technology. That's why their proactive simulation based training helps security teams build confidence and skill from day one by turning potential into performance. They empower SOC and incident response teams to respond quickly, smartly and in sync with evolving threats. Learn how Cloudrange is helping organizations stay ahead of cyber risks@www.cloudrange.com.