CyberWire Daily – "When the Map Lies at Sea"

Date: March 3, 2026
Host: Dave Bittner (N2K Networks)
Special Guest: Evan Gordonker (Unit 42, Palo Alto Networks)

Episode Overview

This episode of CyberWire Daily delivers the latest on high-impact cybersecurity incidents and trends, focusing on the sudden rise in GPS jamming in the Strait of Hormuz, the use of AI by Iranian and North Korean threat actors, significant breaches and vulnerabilities affecting global organizations, and a deep dive into North Korea’s billion-dollar hiring scams using AI.
Main Theme: The convergence of geopolitical conflict, state-sponsored cyber operations, and the evolution of technology-driven threats, with a special focus on the risks posed by AI-powered deception and supply chain vulnerabilities.

Key Discussion Points

1. Maritime Risk: GPS Jamming in the Strait of Hormuz

[02:31–05:00]

Shipping nearly stalled in the strategic Strait of Hormuz after US and Israeli strikes on Iran (Feb 28), with widespread disruption of GPS and Automatic Identification Systems (AIS).
Over 1,100 vessels experienced electronic interference; many falsely appeared inland or at sensitive facilities.
"Maritime authorities have labeled the threat critical, warning that degraded positioning data increases the risk of collisions, groundings or oil spills." (A, 03:17)
Windward identified 21 new AIS jamming clusters, primarily due to signal jamming, not spoofing.
Takeaway: Navigation data attacks compound conflict-related dangers, risking regional supply chains and maritime safety.

2. Regional Escalation: Drone Strikes Disrupt AWS

[05:01–06:30]

Amazon confirms drone strikes damaged three AWS data centers (UAE, Bahrain), disrupting Middle East cloud services.
Two UAE facilities directly hit; adjacent infrastructure in Bahrain affected.
"Three availability zones remain significantly impaired or affected by localized power issues." (A, 06:00)
Customers are urged to invoke disaster recovery and shift workloads.

3. Iranian Threat Actor Uses AI Against Iraqi Officials

[06:31–08:05]

Zscaler Threat Labs reports an Iranian group ("Dust Specter") targeted Iraqi officials via AI-assisted malware and fake Ministry of Foreign Affairs communications.
"Researchers identified previously undocumented malware including Split Drop, Twin Task, twintalk and a Net remote access Trojan called ghostform." (A, 07:27)
Use of generative AI indicated by emoji/unicode patterns and advanced payload tactics.

4. Activist Data Leak: Department of Homeland Security Contracts

[08:06–09:25]

"Department of Peace" activists, via DDoS Secrets, leaked thousands of DHS/ICE contract records—exposing over 6,000 companies and major contractors (Raytheon, Palantir, Microsoft, etc.).
"The group said it acted in response to the killings of two protesters and to expose companies supporting DHS operations, including immigration enforcement and deportations." (A, 09:11)

5. Ransomware at the University of Hawaii Cancer Center

[09:26–10:12]

Ransomware exposed personal and health data of 1.2 million individuals.
University paid for decryption and destruction of stolen data.
"Clinical operations and student records were not impacted." (A, 09:55)

6. Security Updates and Vulnerabilities

[10:13–11:44]

Google Android: Patched 129 vulnerabilities, including a zero-day in Qualcomm graphics; patch delays possible for non-Pixel users.
Google Chrome: Bug in Gemini Live AI panel allowed malicious extensions to gain elevated privileges. "Because Gemini live is tightly integrated with Chrome ... a compromised panel could grant extensions access beyond their intended permissions." (A, 11:28)
Scope MS.Agent: Open-source AI framework flaw allows remote system compromise.

7. Third-Party Breach Statistics

[11:45–12:50]

Black Kite's report: 433 million individuals affected in 2025; supply chain attack blast radius growing.
"Traditional third party risk management is failing to keep pace with evolving threats." (A, 12:39)

Threat Vector Segment: North Korea’s Billion-Dollar Hiring Scam

[14:23–22:24]
Host: David Moulton
Guest: Evan Gordonker, Director of AI Security & DPRK Operations, Unit 42

a. The Scale of DPRK’s Hiring Scam (14:23–16:06)

North Korea operates a "billion dollar hiring scam," placing thousands of IT workers in legitimate remote jobs globally, funneling 80% of wages to the regime.
Use of AI-generated headshots, deepfakes, and real-time voice/accent manipulation in interviews.
"This isn't theoretical. Evan's team has caught North Korean operators juggling three or four jobs simultaneously." (C, 14:46)

b. The “Human Threat” and Coercion (16:06–17:09)

Gordonker: The human side is critical; North Koreans identified as skilled pass rigorous screening, are coerced into IT roles, ultimately victimizing both themselves and the organizations.
Notable Quote: "There's just this chain of victims that follow straight from the top of the North Korean regime, and then just victim, victim, victim, victim." (B, 16:34)

c. Evolution of Methods: Increased AI Reliance (17:09–18:39)

North Korean ops have become "mechanized," specializing in interviews, accomplice management, and technical tasks.
Generative AI central to operations: writing emails/code, crafting deepfakes—"using it to change their accents...in real time." (B, 17:58)
Notable Quote: "I expect this to continue in perpetuity. It's not a vulnerability that is going away, and it's a huge place where money is being made for the regime." (B, 18:30)

d. Moving Beyond Remote: Exploiting Contracts and Offices (18:39–20:25)

North Koreans now exploit hybrid and in-person hiring models, leveraging local accomplices for office verification and remote access.
Notable Quote: "We've seen them expand out of just remote jobs…maybe seven out of those 10 people could well be North Koreans. We have seen real instances of that exact count." (B, 19:19)
Tactics include paying locals to pass office verifications and enabling further remote access for illicit actions.

e. Future Threat Evolution and Defense (20:25–22:24)

Anticipated trends: Higher volume, broader job types, increasing sophistication.
Need for industry-wide collaboration and info sharing—"build the muscle" for network indicator sharing to slow volume and exposure.
HR systems and hiring models are fundamentally vulnerable as AI advances.

Notable Quotes & Memorable Moments

“Shipping through the Strait of Hormuz has nearly stalled...as military attacks and widespread GPS and automatic identification systems...raise safety risks.” (A, 02:39)
"Thousands of North Korean Workers are landing legitimate remote jobs...funneling 80% of their wages directly back to the regime to fund weapons programs." — David Moulton (C, 14:41)
“The regime is stacking up all of these victims, and yet the program is so successful that...it’s still just as successful as ever.” — Evan Gordonker (B, 16:57)
"Generative AI is being used...to write their emails, to write their code...to do deep fakes – real time video deep fakes, real time audio deep fakes." — Evan Gordonker (B, 17:54)
"Our hiring model is in some ways just fundamentally vulnerable." — Evan Gordonker (B, 22:09)

Useful Timestamps

Maritime GPS Jamming: 02:31–05:00
Regional Cloud Disruption: 05:01–06:30
Iranian AI Malware Campaign: 06:31–08:05
DHS Data Leak: 08:06–09:25
University of Hawaii Breach: 09:26–10:12
Android/Chrome Vulnerabilities: 10:13–11:44
Scope Ms.Agent AI Framework Vulnerability: 12:50
Threat Vector Segment (North Korea hiring scam): 14:23–22:24
TPMS Tracking Research: 23:55–end

Tone & Style

The episode maintains an urgent, fact-packed, and professional tone, blending clear explanations of technical issues with insight into their broader impacts.
Quotes from the interview preserve the conversational yet expert-driven nature of the discussion.

For a deeper dive into North Korea’s hiring scam and how AI is revolutionizing threat actor tactics, listen to the full Threat Vector episode (“The Billion Dollar Hiring Scam Funding North Korea”) in your podcast feed.

CyberWire Daily – "When the Map Lies at Sea"

Date: March 3, 2026
Host: Dave Bittner (N2K Networks)
Special Guest: Evan Gordonker (Unit 42, Palo Alto Networks)

Episode Overview

Key Discussion Points

1. Maritime Risk: GPS Jamming in the Strait of Hormuz

[02:31–05:00]

Shipping nearly stalled in the strategic Strait of Hormuz after US and Israeli strikes on Iran (Feb 28), with widespread disruption of GPS and Automatic Identification Systems (AIS).
Over 1,100 vessels experienced electronic interference; many falsely appeared inland or at sensitive facilities.
"Maritime authorities have labeled the threat critical, warning that degraded positioning data increases the risk of collisions, groundings or oil spills." (A, 03:17)
Windward identified 21 new AIS jamming clusters, primarily due to signal jamming, not spoofing.
Takeaway: Navigation data attacks compound conflict-related dangers, risking regional supply chains and maritime safety.

2. Regional Escalation: Drone Strikes Disrupt AWS

[05:01–06:30]

Amazon confirms drone strikes damaged three AWS data centers (UAE, Bahrain), disrupting Middle East cloud services.
Two UAE facilities directly hit; adjacent infrastructure in Bahrain affected.
"Three availability zones remain significantly impaired or affected by localized power issues." (A, 06:00)
Customers are urged to invoke disaster recovery and shift workloads.

3. Iranian Threat Actor Uses AI Against Iraqi Officials

[06:31–08:05]

Zscaler Threat Labs reports an Iranian group ("Dust Specter") targeted Iraqi officials via AI-assisted malware and fake Ministry of Foreign Affairs communications.
"Researchers identified previously undocumented malware including Split Drop, Twin Task, twintalk and a Net remote access Trojan called ghostform." (A, 07:27)
Use of generative AI indicated by emoji/unicode patterns and advanced payload tactics.

4. Activist Data Leak: Department of Homeland Security Contracts

[08:06–09:25]

"Department of Peace" activists, via DDoS Secrets, leaked thousands of DHS/ICE contract records—exposing over 6,000 companies and major contractors (Raytheon, Palantir, Microsoft, etc.).
"The group said it acted in response to the killings of two protesters and to expose companies supporting DHS operations, including immigration enforcement and deportations." (A, 09:11)

5. Ransomware at the University of Hawaii Cancer Center

[09:26–10:12]

Ransomware exposed personal and health data of 1.2 million individuals.
University paid for decryption and destruction of stolen data.
"Clinical operations and student records were not impacted." (A, 09:55)

6. Security Updates and Vulnerabilities

[10:13–11:44]

Google Android: Patched 129 vulnerabilities, including a zero-day in Qualcomm graphics; patch delays possible for non-Pixel users.
Google Chrome: Bug in Gemini Live AI panel allowed malicious extensions to gain elevated privileges. "Because Gemini live is tightly integrated with Chrome ... a compromised panel could grant extensions access beyond their intended permissions." (A, 11:28)
Scope MS.Agent: Open-source AI framework flaw allows remote system compromise.

7. Third-Party Breach Statistics

[11:45–12:50]

Black Kite's report: 433 million individuals affected in 2025; supply chain attack blast radius growing.
"Traditional third party risk management is failing to keep pace with evolving threats." (A, 12:39)

Threat Vector Segment: North Korea’s Billion-Dollar Hiring Scam

[14:23–22:24]
Host: David Moulton
Guest: Evan Gordonker, Director of AI Security & DPRK Operations, Unit 42

a. The Scale of DPRK’s Hiring Scam (14:23–16:06)

North Korea operates a "billion dollar hiring scam," placing thousands of IT workers in legitimate remote jobs globally, funneling 80% of wages to the regime.
Use of AI-generated headshots, deepfakes, and real-time voice/accent manipulation in interviews.
"This isn't theoretical. Evan's team has caught North Korean operators juggling three or four jobs simultaneously." (C, 14:46)

b. The “Human Threat” and Coercion (16:06–17:09)

Gordonker: The human side is critical; North Koreans identified as skilled pass rigorous screening, are coerced into IT roles, ultimately victimizing both themselves and the organizations.
Notable Quote: "There's just this chain of victims that follow straight from the top of the North Korean regime, and then just victim, victim, victim, victim." (B, 16:34)

c. Evolution of Methods: Increased AI Reliance (17:09–18:39)

North Korean ops have become "mechanized," specializing in interviews, accomplice management, and technical tasks.
Generative AI central to operations: writing emails/code, crafting deepfakes—"using it to change their accents...in real time." (B, 17:58)
Notable Quote: "I expect this to continue in perpetuity. It's not a vulnerability that is going away, and it's a huge place where money is being made for the regime." (B, 18:30)

d. Moving Beyond Remote: Exploiting Contracts and Offices (18:39–20:25)

North Koreans now exploit hybrid and in-person hiring models, leveraging local accomplices for office verification and remote access.
Notable Quote: "We've seen them expand out of just remote jobs…maybe seven out of those 10 people could well be North Koreans. We have seen real instances of that exact count." (B, 19:19)
Tactics include paying locals to pass office verifications and enabling further remote access for illicit actions.

e. Future Threat Evolution and Defense (20:25–22:24)

Anticipated trends: Higher volume, broader job types, increasing sophistication.
Need for industry-wide collaboration and info sharing—"build the muscle" for network indicator sharing to slow volume and exposure.
HR systems and hiring models are fundamentally vulnerable as AI advances.

Notable Quotes & Memorable Moments

“Shipping through the Strait of Hormuz has nearly stalled...as military attacks and widespread GPS and automatic identification systems...raise safety risks.” (A, 02:39)
"Thousands of North Korean Workers are landing legitimate remote jobs...funneling 80% of their wages directly back to the regime to fund weapons programs." — David Moulton (C, 14:41)
“The regime is stacking up all of these victims, and yet the program is so successful that...it’s still just as successful as ever.” — Evan Gordonker (B, 16:57)
"Generative AI is being used...to write their emails, to write their code...to do deep fakes – real time video deep fakes, real time audio deep fakes." — Evan Gordonker (B, 17:54)
"Our hiring model is in some ways just fundamentally vulnerable." — Evan Gordonker (B, 22:09)

Useful Timestamps

Maritime GPS Jamming: 02:31–05:00
Regional Cloud Disruption: 05:01–06:30
Iranian AI Malware Campaign: 06:31–08:05
DHS Data Leak: 08:06–09:25
University of Hawaii Breach: 09:26–10:12
Android/Chrome Vulnerabilities: 10:13–11:44
Scope Ms.Agent AI Framework Vulnerability: 12:50
Threat Vector Segment (North Korea hiring scam): 14:23–22:24
TPMS Tracking Research: 23:55–end

Tone & Style

The episode maintains an urgent, fact-packed, and professional tone, blending clear explanations of technical issues with insight into their broader impacts.
Quotes from the interview preserve the conversational yet expert-driven nature of the discussion.

When the map lies at sea.

Powered by Wave AI

Summary

CyberWire Daily – "When the Map Lies at Sea"

Episode Overview

Key Discussion Points

1. Maritime Risk: GPS Jamming in the Strait of Hormuz

2. Regional Escalation: Drone Strikes Disrupt AWS

3. Iranian Threat Actor Uses AI Against Iraqi Officials

4. Activist Data Leak: Department of Homeland Security Contracts

5. Ransomware at the University of Hawaii Cancer Center

6. Security Updates and Vulnerabilities

7. Third-Party Breach Statistics

Threat Vector Segment: North Korea’s Billion-Dollar Hiring Scam

a. The Scale of DPRK’s Hiring Scam (14:23–16:06)

b. The “Human Threat” and Coercion (16:06–17:09)

c. Evolution of Methods: Increased AI Reliance (17:09–18:39)

d. Moving Beyond Remote: Exploiting Contracts and Offices (18:39–20:25)

e. Future Threat Evolution and Defense (20:25–22:24)

Notable Quotes & Memorable Moments

Other Key Stories

Useful Timestamps

Tone & Style

Summary

CyberWire Daily – "When the Map Lies at Sea"

Episode Overview

Key Discussion Points

1. Maritime Risk: GPS Jamming in the Strait of Hormuz

2. Regional Escalation: Drone Strikes Disrupt AWS

3. Iranian Threat Actor Uses AI Against Iraqi Officials

4. Activist Data Leak: Department of Homeland Security Contracts

5. Ransomware at the University of Hawaii Cancer Center

6. Security Updates and Vulnerabilities

7. Third-Party Breach Statistics

Threat Vector Segment: North Korea’s Billion-Dollar Hiring Scam

a. The Scale of DPRK’s Hiring Scam (14:23–16:06)

b. The “Human Threat” and Coercion (16:06–17:09)

c. Evolution of Methods: Increased AI Reliance (17:09–18:39)

d. Moving Beyond Remote: Exploiting Contracts and Offices (18:39–20:25)

e. Future Threat Evolution and Defense (20:25–22:24)

Notable Quotes & Memorable Moments

Other Key Stories

Useful Timestamps

Tone & Style