CyberWire Daily: White House Reboots Cybersecurity Priorities
Released on June 9, 2025

Host: Dave Bittner, CyberWire Network powered by N2K Networks

Executive Summary

In today's episode of CyberWire Daily, Dave Bittner delves into significant shifts in U.S. and European cybersecurity policies, examines ongoing investigations within the Pentagon, highlights emerging cyber threats from state actors, and discusses recent cybercriminal activities. The episode features an in-depth interview with Tim Starks from Cyberscoop, who provides insights into Sean Cairncross's journey toward confirmation as the next National Cyber Director and the surrounding political dynamics.

Key Topics Covered

1. White House Overhauls U.S. Cybersecurity Policy
2. European Union Updates Cybersecurity Blueprint
3. Pentagon’s Inspector General Investigates Defense Secretary Hegseth
4. Chinese Hackers Target U.S. Smartphones
5. Emergence of a New Mirai Botnet Variant
6. Compromise of Gluestack Packages on NPM
7. Exploitation of Fortigate Security Appliances by Attackers
8. Sentencing of Nigerian Cybercriminal Kingsley Ukelu Utulu
9. Interview with Tim Starks on National Cyber Director Confirmation

1. White House Overhauls U.S. Cybersecurity Policy

President Trump has issued a new executive order that significantly reshapes U.S. cybersecurity policy, replacing directives from former Presidents Obama and Biden announced on June 6. The key changes include:

• Narrowed Cyber Sanctions: The new order focuses cyber sanctions solely on foreign malicious actors, reversing broader authorities that previously raised concerns about potential domestic misuse.

• Scrapping Biden-Era Initiatives: Several initiatives from the Biden administration are eliminated, including:

  • Software Vendor Security Standards: Requirements for software vendors to meet federal security standards.
  • AI Research for Cyber Defense: Initiatives aimed at leveraging artificial intelligence for enhancing cyber defense mechanisms.
  • Post-Quantum Encryption Readiness: Efforts to prepare for encryption methods resistant to quantum computing threats.

• Removed Programs and Mandates:

  • IoT Security Labeling Program: This program is discontinued.
  • Supply Chain Restrictions: Eased regulations concerning supply chain security.
  • AI Security Rules: Revisions to rules governing artificial intelligence security.
  • Phishing-Resistant Authentication: Mandates for stronger authentication methods within federal agencies are removed.

• New Priorities: The administration emphasizes:

  • Secure Software Development: Enhancing practices to develop secure software.
  • Stronger Network Protections: Increasing the robustness of network defenses.
  • AI for Vulnerability Detection: Utilizing artificial intelligence primarily for identifying system vulnerabilities.

The White House justifies these changes as a move towards "more focused professional cybersecurity practices," eliminating what they consider "distracting issues" introduced by the previous administration.

2. European Union Updates Cybersecurity Blueprint

The EU has refreshed its cybersecurity blueprint to enhance coordination in responding to large-scale cyber attacks. Key aspects of the updated strategy include:

• Strengthened Military Ties: Enhanced collaboration with national militaries and NATO to address cyber threats.

• Clarified Crisis Response Roles: The blueprint defines the roles of various institutions during cyber crises across technical, operational, and political levels.

• NATO Contact Points and Joint Exercises: Plans to establish NATO contact points and initiate joint cyber exercises starting June 2026, involving private sector participants and countries like Ukraine and Moldova.

• Focus on Geopolitical Tensions: Addressing threats from geopolitical tensions and hybrid attacks that could destabilize the EU's security, economy, and society.

• Secure Communications Enhancement: The EU is urging the European Commission to propose solutions for crisis communication by the end of 2026 and encouraging governments to develop contingency plans for network disruptions.

3. Pentagon’s Inspector General Investigates Defense Secretary Hegseth

The Pentagon's Inspector General is probing whether Defense Secretary Pete Hegseth's aides were instructed to delete Signal messages that may contain sensitive information about U.S. airstrikes in Yemen. Key points include:

• Focus Period: The investigation centers on communications from March 15.

• Potential Compromises: Messages involving Hegseth's family and top officials, as well as inadvertent disclosures to journalists, are under scrutiny.

• Secretary Hegseth’s Response: He denies sharing classified data, attributing the messages to informal and unclassified communications.

• Criticism and Risks: Critics argue that such posts could endanger pilot safety and warrant disciplinary action if made by lower-ranking personnel.

• Additional Scrutiny: Hegseth is also examined for installing an unsecured internet line in his office amid the ongoing investigation.

• Next Steps: Hegseth is expected to face congressional testimony next week, and the investigation may release unclassified findings to the public.

4. Chinese Hackers Target U.S. Smartphones

A recent cyber attack has targeted smartphones of U.S. officials and professionals across politics, technology, and journalism sectors. Highlights include:

• Nature of the Attack: Zero-click hacks allowing access without user interaction.

• Attribution: Investigations by Iverify link the attacks to Chinese hackers.

• Targets: Devices belonging to Donald Trump's campaign and top aides were reportedly compromised.

• State-Sponsored Espionage: Experts believe these attacks are driven by state-sponsored espionage objectives.

• U.S. Response: Introduction of initiatives like a cyber trust mark for secure connected devices.

• Vulnerabilities: Emphasis on the need for users to maintain basic security precautions as misconfigurations and unsecured connections pose significant risks.

5. Emergence of a New Mirai Botnet Variant

Researchers have identified a new variant of the Mirai botnet exploiting vulnerabilities in TBK DVR models:

• Exploitation Method: Command injection flaws allow shell command execution via crafted POST requests.

• Active Exploitation: Kaspersky confirmed ongoing exploitation, with the botnet deploying ARM32 malware to connect infected DVRs to command and control servers.

• Impact: Approximately 50,000 DVRs remain exposed, primarily in China, India, and other countries.

• Challenges: Rebranding of devices under multiple names complicates patch management, and it's unclear if TBK Vision has issued patches.

6. Compromise of Gluestack Packages on NPM

A significant supply chain attack has compromised 17 popular Gluestack native Aria packages on NPM:

• Attack Timeline: Began on June 6.

• Malware Injection: Obfuscated remote access Trojan code inserted, enabling:

  • Shell Command Execution
  • File Uploads
  • Hijacking Python Paths

• Discovery and Attribution: Cybersecurity firm Akito linked the attack to the same group behind recent NPM compromises.

• Affected Packages: Spanning UI components used in React Native applications.

• Response: Gluestack revoked the compromised access token, deprecated the affected packages, and directed users to safe versions.

7. Exploitation of Fortigate Security Appliances by Attackers

A new wave of cyberattacks is leveraging vulnerabilities in Fortigate security appliances to deploy Keelin ransomware:

• Attack Strategy: Bypassing traditional perimeter defenses to gain privileged access within enterprise networks.

• Keelin Ransomware: Also known as Agenda Ransomware, it boasts:

  • Strong Encryption
  • Evasion Capabilities
  • Advanced Obfuscation Techniques

• Impact: Targets critical infrastructure, posing risks of operational disruption, regulatory penalties, and reputational damage.

• Recommendation: Organizations are urged to patch vulnerabilities promptly and bolster defenses against infrastructure-based ransomware attacks.

8. Sentencing of Nigerian Cybercriminal Kingsley Ukelu Utulu

A U.S. court has sentenced Nigerian national Kingsley Ukelu Utulu to over five years in prison for his involvement in a hacking and fraud scheme targeting U.S. tax preparation companies:

• Scheme Details:

  • Target: Personal data from tax firms in Texas and New York.
  • Fraudulent Activity: Filing tax returns to solicit $8.4 million, successfully obtaining $2.5 million.
  • Additional Fraud: $819,000 fraudulently claimed through the Small Business Administration's disaster loan program using stolen identities.

• Legal Outcome:

  • Extradition: Utulu was extradited from the UK.
  • Restitution: Must pay over $3.6 million in restitution and forfeit $290,000.

• Broader Implications: The case is linked to others facing similar charges, highlighting ongoing efforts by U.S. authorities to combat international cybercriminal networks exploiting financial and government systems.

In-Depth Interview: Tim Starks Discusses National Cyber Director Confirmation

Guest: Tim Starks, Senior Reporter at Cyberscoop
Timestamp: [15:15]

Dave Bittner welcomes back Tim Starks to discuss the confirmation journey of Sean Cairncross as the next National Cyber Director and the ensuing political dynamics.

Key Discussion Points:

1. Sean Cairncross's Confirmation Hearings:

   • Grilling on CISA Budget Cuts: Tim explains that Sean faced tough questions regarding proposed $495 million cuts to CISA:

     "He sidestepped the question... focusing instead on looking at the most efficient ways to conduct cyber defenses." [15:36]

   • Lack of Direct Responsibility: Although Cairncross is not directly responsible for CISA's budget, he possesses some influence through budget guidance authority with the Office of Management and Budget (OMB.

2. Cairncross's Cybersecurity Experience:

   • Management vs. Technical Expertise: Cairncross highlighted his extensive management experience, overseeing operations with thousands of personnel and billions in budgetary responsibilities.

     "I have management experience, running operations with thousands of people and billions of dollars." [17:10]

   • Handling Cyber Issues on the User End: While he claims to have dealt with cyber on the user end, critics remain unconvinced about the depth of his technical cybersecurity expertise.

   • Endorsements: Industry officials and past intelligence and cyber experts, primarily from GOP administrations, have endorsed Cairncross's suitability for the role.

3. Legislative Skepticism:

   • Democratic Concerns: Gary Peters, a top Democrat on the committee, remains non-committal, indicating uncertainty about voting intentions:

     "You'll find out when I vote." [19:17]

   • Impact of Political Dynamics: The confirmation outcome may largely depend on Republican support in the Senate, regardless of Democratic reservations.

4. Additional Scoop on CISA’s Mobile App Security Program:

   • Republican Pushback: Representative Andrew Garbarino expressed concerns about the termination of CISA's mobile app vetting program, emphasizing its importance in federal agency app security.

     "This program is used to help agencies... test out apps that they either create or third party apps." [20:26]

   • Underlying Budget Cuts: Tim suggests that the criticism may mask broader intentions to reduce government size:

     "They might be looking for a reason to cut the size of government overall." [25:31]

5. Future Implications:

   • Potential Outcomes: The investigation into CISA's budget cuts and the ongoing political discourse may influence Cairncross's confirmation process.

   • Government Size Debate: The discussions reflect a deeper debate on the role and size of government in cybersecurity management.

Tim Starks's Insights:

• On Cairncross’s Performance:

  "He came off as a serious guy. It seemed like he'd done his homework." [17:39]

• On CISA’s Challenges:

  "CISA has too much going on on its plate... Maybe they gave short shrift to the telecom sector at a time when they shouldn't have." [23:45]

• On Political Motives:

  "This could be an excuse to cut down the size of government." [26:13]

Conclusion of Interview:

Tim emphasizes the complexity of the confirmation process, noting that while Cairncross presented himself well, underlying political motivations and organizational budget cuts pose significant challenges. The interplay between managing government size and maintaining robust cybersecurity measures remains a contentious issue.

Final Thoughts

Today's episode highlights a pivotal shift in U.S. cybersecurity policy under the new executive order, the EU's strategic enhancements to its cyber defense mechanisms, and the intricate political landscape surrounding the appointment of the National Cyber Director. Additionally, emerging threats from botnets and state-sponsored hacks underscore the evolving nature of cyber threats globally. The insights from Tim Starks provide a nuanced understanding of the political and administrative hurdles in shaping national cybersecurity leadership.

Stay Informed: For a comprehensive overview of today's cybersecurity news and in-depth analyses, subscribe to CyberWire Daily and follow us on your preferred podcast platform.