The parallel war online.

CyberWire Daily – March 2, 2026
Episode Title: The Parallel War Online

Episode Overview

This episode of CyberWire Daily explores the intensifying intersection of geopolitical conflict and cyberwarfare, specifically focusing on the US and Israel’s coordinated attacks against Iran and the subsequent online retaliation. The episode also delves into major cybersecurity news: high-profile intrusions across multiple nations, sweeping new legislation, advances in attacker tools, key agency shake-ups, and trends in healthcare cybersecurity. Interviews feature industry voices unpacking the human dimension of cyber defense and discussing the turmoil and leadership changes at the US Cybersecurity and Infrastructure Security Agency (CISA).

Key Discussion Points & Insights

1. The Parallel Cyberwar: US, Israel, and Iran ([00:48])

After coordinated US and Israeli airstrikes on February 28 killed Iranian Supreme Leader Ali Khamenei, Iran retaliated kinetically and in cyberspace.
US-Israeli cyber operations disrupted Iranian media, government services, IRGC comms, and possibly energy and aviation systems.
Iran and aligned groups ramped up cyberattacks on Israeli critical infrastructure, regional fuel systems, and US/Israeli logistics providers.
Experts caution that "cyber operations are now tightly integrated with kinetic conflict, raising risks for critical infrastructure across the region and in Western nations."
Reports highlight a "nationwide Internet blackout" in Iran, cause undetermined—external attack or internal censorship.
Security analysts warn that denial-of-service and reconnaissance attacks may precede more destructive malware or ransomware waves.
Memorable quote ([01:58], Host Dave Bittner):
“Cyber operations are now tightly integrated with kinetic conflict, raising risks for critical infrastructure across the region and in Western nations.”

2. Regional Escalation: Pakistani News Hijack & Retaliation ([04:30])

On March 1, hackers hijacked satellite broadcasts of major Pakistani news channels, displaying anti-military messaging during peak viewing hours.
Geo News battled hacking attempts for nearly 24 hours prior.
Retaliatory cyberattacks reportedly targeted Indian media, with investigations ongoing.

3. US Federal Ban on Anthropic AI Technologies ([05:32])

President Trump ordered all US federal agencies to stop using Anthropic AI, citing supply chain risk and national security concerns.
The Defense Secretary’s rare supply chain risk designation is normally leveled at foreign adversaries.
Anthropic is challenging the order in court, calling it “unprecedented and legally unsound.”
Central issue: the Pentagon wanted “broad, unrestricted access” to Anthropic’s models; Anthropic refused use for "fully autonomous weapons or mass domestic surveillance."
The ban disrupts operations at NSA and CIA, which rely on Anthropic’s Claude system.

4. OpenAI’s New Pentagon Partnership ([07:00])

In response to the Anthropic ban, the DoD entered an agreement to use OpenAI models on classified networks.
OpenAI CEO Sam Altman stated prohibitions on "domestic mass surveillance" and mandated "human responsibility in the use of force."
Deployment timelines for OpenAI in military systems remain unclear.

5. US Healthcare Cybersecurity Legislation ([07:55])

The Healthcare Cybersecurity and Resiliency Act advanced in the Senate (22–1 committee vote).
The bill aims to codify cybersecurity best practices: multi-factor authentication, encryption, regular audits, and penetration testing.
Special focus on rural practices and under-resourced providers; grants and training included.
Uncertainty remains about its prospects in Congress.

6. Threat Intelligence: Notable Tools and Campaigns

"Steelite" RAT Streamlines Double Extortion ([09:12])

Researchers discovered "Steelite," a sophisticated browser-based RAT for Windows 10/11, sold as "fully undetectable."
Combines remote code execution, ransomware, credential/cookie theft, keylogging, remote desktop, and crypto clipping.
"Lowers the barrier" for double extortion attacks by integrating exfiltration and encryption.

CISA Updates on Ivanti Zero-Day, “Resurge” Implant ([10:35])

Zero-day in Ivanti Connect Secure devices exploited by China-linked actors (UNC5221) since Dec 2024.
"Resurge": 32-bit Linux implant using specially crafted TLS connections, log tampering, and boot persistence to evade detection.
CISA urges orgs to check for new IOCs and update defenses.

North Korean APT37 Targeting Air-Gapped Systems ([11:54])

Zscaler tracked new APT37 campaign using LNK files, PowerShell scripts, and payload “Restleaf.”
The “Snake Dropper” installer subverts Ruby runtimes; secondary malware (“Thumbs bd” and “Virus Task”) uses USB drives for command-and-control and spreading.
Android surveillance component (“Footwine”) seen in toolkit; emphasizes risks of physical media and endpoint security even in isolated networks.

7. Business & Investment Trends ([13:30])

Major funding and M&A in threat exposure, compliance, and MSSP sectors:
- Astellia (Israel) raises $35M Series A.
- Copla (Lithuania) secures €6M for EU expansion.
- SolidRange (Saudi) raises $2.4M for GRC automation.
- Hardshell (US, VA) lands $1.1M pre-seed for AI assurance.
Key acquisitions: Arctic Wolf buys Sevco Security; Booz Allen Hamilton acquires Defi Security; Valiant Solutions buys Abile Group.

Cybersecurity in Healthcare: Interview Highlights

Segment: Afternoon Cyber Tea with Ann Johnson & Rob Suarez, CISO, CareFirst Blue Cross Blue Shield ([16:12])

Human Impact and Team Purpose

Rob Suarez ([16:46]):
“A purpose driven team always outperforms... CareFirst emphasizes a human impact of cybersecurity and connecting technical tasks to patient safety and community health. As leaders, we... create a culture around a mission at CareFirst that's making healthcare affordable and accessible to everyone.”
Cyber attacks on healthcare directly divert funds from essential services—“those dollars spent on recovering systems can go towards achieving better health outcomes for patients.”

Translating Cyber Risk for Stakeholders

Ann Johnson ([19:01]):
"CISOs... are influencing your clinicians, doctors and nurses that just want to deliver care. You're having to influence policymakers... convince patients to trust you. How do you translate cyber risk into language that inspires action and confidence rather than making people fearful?”
Rob Suarez ([19:44]):
“We need to reframe risk as a shared opportunity for resilience using plain language and relatable analogies instead of fear-based messaging.”
- Show progress, not just exposure, in dashboards/metrics.
- Emphasizes transparency: “You can't protect what you don't know.”
Ann Johnson ([20:27]):
“They are concerned about what they can’t see... the rogue tenants... now they're concerned about rogue AI.”
Suarez advocates for evolving CISO role ([21:23]):
“The future of the CISO should be measured on trust, outcomes, and resilience, not just compliance. The role must expand beyond technology to influence culture, ethics, and innovation... empowerment comes from board-level visibility and authority to shape enterprise risk postures holistically.”

CISA in Crisis: Tim Starks (CyberScoop) Interview ([23:01])

Leadership Shakeup

Dr. Gautamakawa ousted as (Acting) Director of CISA; Nick Anderson (former Executive Director of Cybersecurity at CISA) promoted to acting director.
Tim Starks ([23:55]):
- Gautamakawa: good technical background but “a lot of policy stuff... maybe he wasn’t equipped to do.”
  - Notable phrase from insiders: “amateur hour” ([24:24])
- Nick Anderson has technical and policy credibility, seen as “a sharp operator” and trusted by staff and industry partners.

CISA’s Challenges

Agency has lost a third of its personnel, including deep subject-matter experts ([26:44]).
Loss of “capabilities... international relations, election security, industry coordination.”
Starks: “I literally got to the point in a call with one industry person, I'm like, what is CISA bringing to the table right now?... it's hard to think of anything good to say right now.” ([27:02])

Political Headwinds

Trump administration’s longstanding animosity toward CISA:
- “That shadow just looms over the agency almost like an albatross around their neck...” ([30:05])
- 2020 election security ‘fact checking’ exacerbated tensions with the White House.
- "[CISA's] leadership... for the most part, steered clear of anything that could have ticked off Donald Trump... It's hard to see Trump suddenly deciding he likes this agency. He's been mad at them for five years.” ([31:28])

Outlook and Optimism

Nick Anderson's appointment brings hope for stability and mission focus ([32:10]).
Rebuilding talent and trust in agency remains a central challenge amid external skepticism (“Time will tell…” [33:29]).

Notable Quotes & Memorable Moments

Dave Bittner ([01:58]):
"Cyber operations are now tightly integrated with kinetic conflict, raising risks for critical infrastructure across the region and in Western nations."
Rob Suarez ([16:46]):
“A purpose driven team always outperforms… CareFirst emphasizes a human impact of cybersecurity and connecting technical tasks to patient safety and community health.”
Rob Suarez ([19:44]):
“We need to reframe risk as a shared opportunity for resilience using plain language and relatable analogies instead of fear-based messaging.”
Tim Starks ([24:24]):
“One phrase that somebody used to describe his [Gautamakawa’s] leadership to me was ‘amateur hour.’”
Tim Starks ([30:05]):
“That shadow just looms over the agency almost like an albatross around their neck that they just can't get out of the way.”
Tim Starks ([27:02]):
"I'm like, what is CISA bringing to the table right now? And that person just said... it's hard to think of anything good to say right now."

Timestamps for Key Segments

Parallel War: Iran/US/Israel cyber escalation: [00:48]
Pakistani media cyberattack: [04:30]
Trump’s ban on Anthropic AI: [05:32]
OpenAI–Pentagon collaboration: [07:00]
US Healthcare Cybersecurity legislation: [07:55]
"Steelite" RAT report: [09:12]
CISA on Ivanti zero-day: [10:35]
North Korean APT37 air-gap campaign: [11:54]
Cybersecurity investment/M&A news: [13:30]
Interview – Rob Suarez on healthcare & human element: [16:12–22:35]
Tim Starks on CISA leadership crisis: [23:01–33:42]

Tone & Style

The episode maintains CyberWire's signature balance: matter-of-fact industry analysis, candid expert perspectives, and a dash of conversational realism. Quotes from interviews capture a blend of urgency, candor, and future-forward optimism amid institutional and geopolitical uncertainty.

Summary Takeaway

This episode underscores how today's cyber threats mirror—and magnify—the volatility of real-world geopolitics and institutional fragility. From the battlefields of the Middle East to the boardrooms and hospitals of America, the war online is relentless and evolving. As human trust, civic resilience, and technical agility become paramount, roles from CISOs to agency leaders are all being redefined by these overlapping crises.

CyberWire Daily – March 2, 2026
Episode Title: The Parallel War Online

Episode Overview

Key Discussion Points & Insights

1. The Parallel Cyberwar: US, Israel, and Iran ([00:48])

After coordinated US and Israeli airstrikes on February 28 killed Iranian Supreme Leader Ali Khamenei, Iran retaliated kinetically and in cyberspace.
US-Israeli cyber operations disrupted Iranian media, government services, IRGC comms, and possibly energy and aviation systems.
Iran and aligned groups ramped up cyberattacks on Israeli critical infrastructure, regional fuel systems, and US/Israeli logistics providers.
Experts caution that "cyber operations are now tightly integrated with kinetic conflict, raising risks for critical infrastructure across the region and in Western nations."
Reports highlight a "nationwide Internet blackout" in Iran, cause undetermined—external attack or internal censorship.
Security analysts warn that denial-of-service and reconnaissance attacks may precede more destructive malware or ransomware waves.
Memorable quote ([01:58], Host Dave Bittner):
“Cyber operations are now tightly integrated with kinetic conflict, raising risks for critical infrastructure across the region and in Western nations.”

2. Regional Escalation: Pakistani News Hijack & Retaliation ([04:30])

On March 1, hackers hijacked satellite broadcasts of major Pakistani news channels, displaying anti-military messaging during peak viewing hours.
Geo News battled hacking attempts for nearly 24 hours prior.
Retaliatory cyberattacks reportedly targeted Indian media, with investigations ongoing.

3. US Federal Ban on Anthropic AI Technologies ([05:32])

President Trump ordered all US federal agencies to stop using Anthropic AI, citing supply chain risk and national security concerns.
The Defense Secretary’s rare supply chain risk designation is normally leveled at foreign adversaries.
Anthropic is challenging the order in court, calling it “unprecedented and legally unsound.”
Central issue: the Pentagon wanted “broad, unrestricted access” to Anthropic’s models; Anthropic refused use for "fully autonomous weapons or mass domestic surveillance."
The ban disrupts operations at NSA and CIA, which rely on Anthropic’s Claude system.

4. OpenAI’s New Pentagon Partnership ([07:00])

In response to the Anthropic ban, the DoD entered an agreement to use OpenAI models on classified networks.
OpenAI CEO Sam Altman stated prohibitions on "domestic mass surveillance" and mandated "human responsibility in the use of force."
Deployment timelines for OpenAI in military systems remain unclear.

5. US Healthcare Cybersecurity Legislation ([07:55])

The Healthcare Cybersecurity and Resiliency Act advanced in the Senate (22–1 committee vote).
The bill aims to codify cybersecurity best practices: multi-factor authentication, encryption, regular audits, and penetration testing.
Special focus on rural practices and under-resourced providers; grants and training included.
Uncertainty remains about its prospects in Congress.

6. Threat Intelligence: Notable Tools and Campaigns

"Steelite" RAT Streamlines Double Extortion ([09:12])

Researchers discovered "Steelite," a sophisticated browser-based RAT for Windows 10/11, sold as "fully undetectable."
Combines remote code execution, ransomware, credential/cookie theft, keylogging, remote desktop, and crypto clipping.
"Lowers the barrier" for double extortion attacks by integrating exfiltration and encryption.

CISA Updates on Ivanti Zero-Day, “Resurge” Implant ([10:35])

Zero-day in Ivanti Connect Secure devices exploited by China-linked actors (UNC5221) since Dec 2024.
"Resurge": 32-bit Linux implant using specially crafted TLS connections, log tampering, and boot persistence to evade detection.
CISA urges orgs to check for new IOCs and update defenses.

North Korean APT37 Targeting Air-Gapped Systems ([11:54])

Zscaler tracked new APT37 campaign using LNK files, PowerShell scripts, and payload “Restleaf.”
The “Snake Dropper” installer subverts Ruby runtimes; secondary malware (“Thumbs bd” and “Virus Task”) uses USB drives for command-and-control and spreading.
Android surveillance component (“Footwine”) seen in toolkit; emphasizes risks of physical media and endpoint security even in isolated networks.

7. Business & Investment Trends ([13:30])

Major funding and M&A in threat exposure, compliance, and MSSP sectors:
- Astellia (Israel) raises $35M Series A.
- Copla (Lithuania) secures €6M for EU expansion.
- SolidRange (Saudi) raises $2.4M for GRC automation.
- Hardshell (US, VA) lands $1.1M pre-seed for AI assurance.
Key acquisitions: Arctic Wolf buys Sevco Security; Booz Allen Hamilton acquires Defi Security; Valiant Solutions buys Abile Group.

Cybersecurity in Healthcare: Interview Highlights

Segment: Afternoon Cyber Tea with Ann Johnson & Rob Suarez, CISO, CareFirst Blue Cross Blue Shield ([16:12])

Human Impact and Team Purpose

Rob Suarez ([16:46]):
“A purpose driven team always outperforms... CareFirst emphasizes a human impact of cybersecurity and connecting technical tasks to patient safety and community health. As leaders, we... create a culture around a mission at CareFirst that's making healthcare affordable and accessible to everyone.”
Cyber attacks on healthcare directly divert funds from essential services—“those dollars spent on recovering systems can go towards achieving better health outcomes for patients.”

Translating Cyber Risk for Stakeholders

Ann Johnson ([19:01]):
"CISOs... are influencing your clinicians, doctors and nurses that just want to deliver care. You're having to influence policymakers... convince patients to trust you. How do you translate cyber risk into language that inspires action and confidence rather than making people fearful?”
Rob Suarez ([19:44]):
“We need to reframe risk as a shared opportunity for resilience using plain language and relatable analogies instead of fear-based messaging.”
- Show progress, not just exposure, in dashboards/metrics.
- Emphasizes transparency: “You can't protect what you don't know.”
Ann Johnson ([20:27]):
“They are concerned about what they can’t see... the rogue tenants... now they're concerned about rogue AI.”
Suarez advocates for evolving CISO role ([21:23]):
“The future of the CISO should be measured on trust, outcomes, and resilience, not just compliance. The role must expand beyond technology to influence culture, ethics, and innovation... empowerment comes from board-level visibility and authority to shape enterprise risk postures holistically.”

CISA in Crisis: Tim Starks (CyberScoop) Interview ([23:01])

Leadership Shakeup

Dr. Gautamakawa ousted as (Acting) Director of CISA; Nick Anderson (former Executive Director of Cybersecurity at CISA) promoted to acting director.
Tim Starks ([23:55]):
- Gautamakawa: good technical background but “a lot of policy stuff... maybe he wasn’t equipped to do.”
  - Notable phrase from insiders: “amateur hour” ([24:24])
- Nick Anderson has technical and policy credibility, seen as “a sharp operator” and trusted by staff and industry partners.

CISA’s Challenges

Agency has lost a third of its personnel, including deep subject-matter experts ([26:44]).
Loss of “capabilities... international relations, election security, industry coordination.”
Starks: “I literally got to the point in a call with one industry person, I'm like, what is CISA bringing to the table right now?... it's hard to think of anything good to say right now.” ([27:02])

Political Headwinds

Trump administration’s longstanding animosity toward CISA:
- “That shadow just looms over the agency almost like an albatross around their neck...” ([30:05])
- 2020 election security ‘fact checking’ exacerbated tensions with the White House.
- "[CISA's] leadership... for the most part, steered clear of anything that could have ticked off Donald Trump... It's hard to see Trump suddenly deciding he likes this agency. He's been mad at them for five years.” ([31:28])

Outlook and Optimism

Nick Anderson's appointment brings hope for stability and mission focus ([32:10]).
Rebuilding talent and trust in agency remains a central challenge amid external skepticism (“Time will tell…” [33:29]).

Notable Quotes & Memorable Moments

Dave Bittner ([01:58]):
"Cyber operations are now tightly integrated with kinetic conflict, raising risks for critical infrastructure across the region and in Western nations."
Rob Suarez ([16:46]):
“A purpose driven team always outperforms… CareFirst emphasizes a human impact of cybersecurity and connecting technical tasks to patient safety and community health.”
Rob Suarez ([19:44]):
“We need to reframe risk as a shared opportunity for resilience using plain language and relatable analogies instead of fear-based messaging.”
Tim Starks ([24:24]):
“One phrase that somebody used to describe his [Gautamakawa’s] leadership to me was ‘amateur hour.’”
Tim Starks ([30:05]):
“That shadow just looms over the agency almost like an albatross around their neck that they just can't get out of the way.”
Tim Starks ([27:02]):
"I'm like, what is CISA bringing to the table right now? And that person just said... it's hard to think of anything good to say right now."

Timestamps for Key Segments

Parallel War: Iran/US/Israel cyber escalation: [00:48]
Pakistani media cyberattack: [04:30]
Trump’s ban on Anthropic AI: [05:32]
OpenAI–Pentagon collaboration: [07:00]
US Healthcare Cybersecurity legislation: [07:55]
"Steelite" RAT report: [09:12]
CISA on Ivanti zero-day: [10:35]
North Korean APT37 air-gap campaign: [11:54]
Cybersecurity investment/M&A news: [13:30]
Interview – Rob Suarez on healthcare & human element: [16:12–22:35]
Tim Starks on CISA leadership crisis: [23:01–33:42]

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Episode Overview

Key Discussion Points & Insights

1. The Parallel Cyberwar: US, Israel, and Iran ([00:48])

2. Regional Escalation: Pakistani News Hijack & Retaliation ([04:30])

3. US Federal Ban on Anthropic AI Technologies ([05:32])

4. OpenAI’s New Pentagon Partnership ([07:00])

5. US Healthcare Cybersecurity Legislation ([07:55])

6. Threat Intelligence: Notable Tools and Campaigns

"Steelite" RAT Streamlines Double Extortion ([09:12])

CISA Updates on Ivanti Zero-Day, “Resurge” Implant ([10:35])

North Korean APT37 Targeting Air-Gapped Systems ([11:54])

7. Business & Investment Trends ([13:30])

Cybersecurity in Healthcare: Interview Highlights

Human Impact and Team Purpose

Translating Cyber Risk for Stakeholders

CISA in Crisis: Tim Starks (CyberScoop) Interview ([23:01])

Leadership Shakeup

CISA’s Challenges

Political Headwinds

Outlook and Optimism

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Tone & Style

Summary Takeaway

Summary

Episode Overview

Key Discussion Points & Insights

1. The Parallel Cyberwar: US, Israel, and Iran ([00:48])

2. Regional Escalation: Pakistani News Hijack & Retaliation ([04:30])

3. US Federal Ban on Anthropic AI Technologies ([05:32])

4. OpenAI’s New Pentagon Partnership ([07:00])

5. US Healthcare Cybersecurity Legislation ([07:55])

6. Threat Intelligence: Notable Tools and Campaigns

"Steelite" RAT Streamlines Double Extortion ([09:12])

CISA Updates on Ivanti Zero-Day, “Resurge” Implant ([10:35])

North Korean APT37 Targeting Air-Gapped Systems ([11:54])

7. Business & Investment Trends ([13:30])

Cybersecurity in Healthcare: Interview Highlights

Human Impact and Team Purpose

Translating Cyber Risk for Stakeholders

CISA in Crisis: Tim Starks (CyberScoop) Interview ([23:01])

Leadership Shakeup

CISA’s Challenges

Political Headwinds

Outlook and Optimism

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Tone & Style

Summary Takeaway