Transcript
A (0:02)
You're listening to the Cyberwire Network powered by N2K. At Talas, they know cybersecurity can be tough and you can't protect everything. But with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Talas to protect what matters most applications, data and identity. That's Talas. T H A L E S learn more@talasgroup.com cyber a Chinese state sponsored group exploited enterprise devices in a global espionage effort. The UK government guarantees £1.5 billion financing to help Jaguar Land Rovers recovery efforts. A maximum severity flaw in Fortress Go Anywhere managed file transfer product is under active exploitation. The AI boom faces sustainability questions. Akira ransomware bypasses MFA on SonicWall devices. Dutch teens are arrested for allegedly spying for Russia. Luxury retailer Harrods confirms a data breach. An Interpol crackdown targets African cybercrime rings. We got our Monday business briefing. Brandon Karpf joins us to discuss the cybersecurity ecosystem in Japan. And cyber crooks offer a BBC journalist an early retirement package. It's Monday, September 29, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. Happy Monday. It's great to have you with us. A Chinese state sponsored group known as Red November has carried out a sweeping espionage campaign from June 2024 through July of this year. The hackers targeted defense contractors, government agencies and corporations worldwide, exploiting flaws in VPN appliances and firewalls faster than organizations could patch them. Researchers at recorded future documented breaches of at least two U.S. defense contractors, more than 30 Panamanian government agencies and firms across Europe, Asia and South America. Victims included aerospace manufacturers and law firms. Red November relied on publicly available tools like the Patagana Backdoor, Cobalt Strike and Sparkrat to maintain persistent access, sometimes for months at a time. The campaign highlights how quickly adversaries can weaponize newly disclosed vulnerabilities, underscoring the need for rapid patching and tighter monitoring of network infrastructure. The UK government will guarantee a 1.5 billion pounds loan for Jaguar Land Rover after a cyberattack forced the automaker to halt production at plants in the uk, Slovakia, Brazil and India. The attack disrupted supply chains, leaving some vendors unpaid and staff sent home. The five year loan, arranged through a commercial bank and backed by UK Export Finance, is intended to stabilize suppliers. Officials signaled that further government assistance for JLR and its network of 120,000 UK linked jobs remains possible. Hackers are actively exploiting a maximum severity flaw in Fortra's Go Anywhere managed file transfer product. The deserialization vulnerability, located in the license servlet, allows attackers to inject commands remotely without authentication. Security firm Watchtower Labs reports credible evidence of exploitation as early as September 10, eight days before Fortra publicly disclosed the flaw. Attackers leverage the bug to achieve remote command execution, create backdoor accounts and deploy secondary payloads, including a repurposed simple help binary for persistence. Researchers also observed privilege checking commands and attempts to enable lateral movement. Admins are urged to patch immediately, restrict Internet exposure of the admin console and review logs for suspicious entries. The current artificial intelligence boom may be unsustainable, according to new research from Deutsche bank and Bain & Company. Deutsche warned that AI related capital expenditure has become so large it is effectively keeping the US out of recession. Without tech spending, the bank said, the economy would be near contraction. Bain, meanwhile, projected an $800 billion shortfall in revenues needed to sustain AI's demand for computing by 2030. Even factoring in efficiency gains, this wave of spending has distorted financial markets, with half of the S&P 500's gains this year tied to tech stocks. Analysts noted that growth is being driven not by AI's output, but by building the infrastructure to power it. Some warn the market is dangerously concentrated in the magnificent seven tech giants. Still, Goldman Sachs offered a more optimistic view, predicting significant long term productivity gains once AI adoption matures. Akira ransomware operators are continuing to exploit SonicWall SSL VPN devices successfully logging into accounts even when one time password multi factor authentication is enabled. Researchers at Arctic Wolf say the activity links back to an improper access control flaw by patched in August 2024. However, attackers appear to be reusing credentials and possibly one time password seeds stolen before devices were updated. Google Threat Intelligence Group has observed similar behavior, assessing with high confidence that stolen OTP seeds are enabling renewed access to patched devices. Once inside, Akira, affiliates move quickly, scanning networks, enumerating active directory and targeting VEEAM servers to extract backup credentials. They also deploy bring your own vulnerable driver techniques to disable endpoint protection before encryption. Researchers stress that even fully patched systems remain at risk if credentials were compromised. SonicWall urges administrators to reset all VPN credentials and ensure devices are running the latest firmware. Dutch Police have arrested two 17 year old boys accused of spying for Russia using WI Fi sniffer devices near sensitive locations in the Hague, including Europol, Eurojust and the Canadian embassy according to De Telegraph. The teens were recruited via telegram and caught following a tip from the Dutch intelligence service aivda. Europol confirmed awareness of the case but said its systems remain uncompromised, citing robust security safeguards. Authorities believe the teens intercepted wireless traffic for reconnaissance, though the full extent of their activity is under investigation. One was reportedly arrested at home while doing homework with parents unaware of his espionage involvement. The suspects remain in custody for at least two weeks as charges proceed. The case highlights a troubling escalation in Russian recruitment of European youths for low level espionage and sabotage activities. Luxury retailer Harrods has confirmed that hackers contacted the company after stealing data tied to 430,000 customer records in a breach involving a third party provider. The stolen information includes names, contact details and loyalty card data, but no passwords, payment details or order histories. Harrod said it will not engage with the attackers and is focused on supporting affected customers while cooperating with authorities. The company emphasized that most shoppers are in store, limiting the breach's overall impact. Interpol announced that 260 people were arrested across several African countries in a coordinated crackdown on online fraud networks. Authorities identified more than 1400 victims who collectively lost 2.8 million doll through romance scams, sextortion and related schemes. Police dismantled scam infrastructure and seized over 1200 devices including SIM cards and USB drives. Ghana reported the most arrests, detaining 68 suspects and recovering $70,000 of $450,000 in losses. Senegalese police arrested 22 for impersonating celebrities to defraud victims, while the Cote d' lavore identified nearly 810 sextortion victims tied to 24 suspects. Angola detained eight linked to Cross border fraud cases. Interpol warned of a sharp rise in digital enabled crimes across Africa, stressing that online platforms have expanded opportunities for exploitation with both financial and psychological harm to victims. It's Monday, which means it's time for our weekly business briefing. The cybersecurity market saw a wave of acquisitions this past week. Cyberbit acquired Rangeforce to expand its Live Fire training catalog, While Halon bought Germany's 11th cybersecurity to strengthen its email threat intelligence offerings. Spreedly added fraud prevention firm Dodgeball. Spectratel picked up Mosaic Networks to boost secure networking and Echostor acquired Cyber north to extend MSSP services. Other deals included Unico buying Ownid for passwordless authentication, Digicert acquiring Valimail for Zero Trust Email and Blue Mantis acquiring Canadian MSB Coreo. On the funding side, terra Security raised $30 million to advance AI driven red teaming and GDPR compliance startup Kertos closed a $16.5 million round. Silent Push secured $10 million for global expansion. Unit 221B raised $5 million to enhance threat intelligence collaboration and Mycroft emerged from stealth with $3.5 million to accelerate compliance automation. Finally, Austin based Eve Security raised $3 million. 20 to develop its AI powered observability platform. If business news is your thing, be sure to check out our weekly Cyber Business Brief part of Cyberwire Pro. All the details on that are on our website, TheCyberWire.com coming up after the break, Brandon Karpf joins us to discuss the cybersecurity ecosystem in Japan. And cyber crooks offer a BBC journalist an early retirement package. Stay with us. Compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots and all those manual processes, you're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo that's V A n T a dot com Cyber Foreign adoption is exploding and security teams are under pressure to keep up. That's why the industry is coming together at the Data SEC AI Conference, the premier event for cybersecurity, data and AI leaders. Hosted by data security leader ciara. Built for the industry, by the industry, this two day conference is where real world insights and bold solutions take center stage. Data SEC AI25 is happening November 12th and 13th in Dallas. There's no cost to attend. Just bring your perspective and join the conversation. Register now at data sec ai2025.com cyberwire. And joining me once again is Brandon Karp. He's the leader of international public private partnerships at nt. Brandon, welcome back.