Risky Bulletin: China breaches US National Guard

Summary7 min read

Host: Claire Aird
Release Date: July 16, 2025

Introduction

In this episode of Risky Bulletin, host Claire Aird delivers a comprehensive update on the latest developments in cybersecurity, ranging from state-sponsored attacks to significant corporate security breaches. Below is a detailed summary of the key topics discussed.

1. Chinese APT Salt Typhoon's Breach of US National Guard

Timestamp: [00:04]
The episode kicks off with a concerning revelation about the Chinese Advanced Persistent Threat (APT) group, Salt Typhoon, successfully breaching at least one U.S. state's National Guard systems. A Pentagon memo obtained by NBC News indicates that this breach persisted for nine months, highlighting the sophistication and persistence of the attack.

Claire Aird: "Chinese Apt Salt Typhoon has breached at least one US state's National Guard... the breach lasted for nine months" (00:04)

Additional Impact: Salt Typhoon has also targeted a dozen U.S. and Canadian telecommunications companies. The group is believed to be operated by China's Ministry of State Security, underscoring potential state-sponsored motives behind these cyber incursions.

2. Microsoft's Controversial Collaboration with Chinese Engineers

Timestamp: [00:04]
In a surprising move, Microsoft has been utilizing Chinese engineers to manage and troubleshoot certain U.S. Department of Defense systems. These engineers gain indirect access to sensitive U.S. government networks through a "digital escort" mechanism.

Claire Aird: "Microsoft is utilising Chinese engineers to manage and troubleshoot some US Defence Department systems... the scheme has been in place for nearly a decade" (00:04)

Issues Highlighted: An unnamed digital escort disclosed to ProPublica that these engineers often lack the technical expertise to fully comprehend the operations they oversee. Furthermore, both current and former U.S. government officials were reportedly unaware of this long-standing arrangement.

3. UK's Relocation of Afghans Following Data Leak

Timestamp: [00:04]
The British government has undertaken the relocation of thousands of Afghans to the UK in response to a significant data breach at the Ministry of Defence in 2023. This breach compromised the personal information of over 33,000 Afghan nationals who supported British troops during the Afghan war.

Claire Aird: "The UK government has spent over 2 billion pounds since the breach to relocate more than 20,000 affected individuals" (00:04)

Impact: The financial and logistical efforts reflect the gravity of the data leak and its repercussions on both the individuals affected and the UK's commitments to their security and well-being.

4. Ukrainian Hacktivists Strike Russian UAV Maker Gaskar

Timestamp: [00:04]
Two Ukrainian hacktivist groups, BO Team and the Ukrainian Cyber Alliance, have launched a coordinated attack against Russian UAV manufacturer Gaskar. The cyberattack resulted in the theft of 47 terabytes of technical data and the subsequent wiping of the company’s servers and backups.

Claire Aird: "They have stolen 47 terabytes of technical data before wiping servers and backups" (00:04)

Consequences: This breach has reportedly halted production at Gaskar's facilities, demonstrating the significant disruption that cyberattacks can inflict on critical defense industries.

5. Russia's Deployment of AI-Based Security Systems at Airports

Timestamp: [00:04]
In response to increasing security threats, the Russian government plans to implement an AI-based security system across its major airports. Developed by Entec Lab, a company already under EU and U.S. sanctions, this system aims to detect attempts to bypass security checks or access restricted areas.

Claire Aird: "The Russian government will deploy an AI based security system at its major airports... developed by IT company Entec Lab" (00:04)

Implications: The deployment of such advanced technology highlights Russia's emphasis on enhancing airport security, albeit through a firm with existing international sanctions.

6. Dragon Force Ransomware Group’s Assault on US and UK Retail Chains

Timestamp: [00:04]
The Dragon Force ransomware group has claimed responsibility for breaching the U.S. retail chain Belk, resulting in several days of system outages as the company worked to recover from the May hack. This group has also been linked to attacks on prominent UK retailers, including Co Op, Harrods, and Marks and Spencer.

Claire Aird: "The Dragon Force ransomware was also used in attacks against UK retail chains Co Op, Harrods and Marks and Spencer" (00:04)

Financial Impact: These coordinated attacks have not only disrupted business operations but have also raised concerns about the vulnerability of major retail infrastructures to ransomware threats.

7. Theft of Cryptocurrency from Arcadia Finance

Timestamp: [00:04]
Hackers affiliated with the Scattered Spider Group have illicitly obtained $3.5 million worth of cryptocurrency from the decentralized finance (DeFi) platform Arcadia Finance. Exploiting vulnerabilities in the platform's smart contracts, the attackers successfully diverted funds directly from customer wallets rather than accessing a shared pool.

Claire Aird: "Hackers have stolen $3.5 million worth of cryptocurrency assets from Defi platform Arcadia Finance" (00:04)

Security Concerns: This incident underscores the critical need for robust security measures in DeFi platforms to protect individual investors from sophisticated cyber threats.

8. Arrests Related to Ransomware and Phishing Campaigns

Timestamp: [00:04]

Disc Station Ransomware Gang Leader Arrested: A 44-year-old Romanian national has been apprehended in Italy for orchestrating cyberattacks against local companies. He is allegedly the leader of the Disc Station ransomware gang, which targeted Synology NAS devices.

Claire Aird: "A 44 year old Romanian has been arrested in Italy for cyber attacks against local companies" (00:04)

Phishing Campaign Targeting UK Tax Agency: Romanian and British authorities have detained 14 suspects involved in a phishing scheme aimed at the UK’s tax agency. The group exploited phishing techniques to gather UK citizens' data, subsequently filing fraudulent tax returns and amassing over £1 million in illicit refunds.

Claire Aird: "Romanian and British Authorities have detained 14 suspects over a phishing campaign targeting the UK tax agency" (00:04)

9. Legal Actions Against Bulgarian Cybersecurity Expert

Timestamp: [00:04]
Bulgarian cybersecurity expert Christian Boykoff received a suspended nine-month sentence for hacking the country's tax agency in 2019. While employed by the cybersecurity firm TAD Group at the time, Boykoff leaked a database containing personal details of over 5 million Bulgarians to reporters, leading to its dissemination on hacking forums.

Claire Aird: "Christian Boykoff hacked the agency in 2019... the data included the personal details of more than 5 million Bulgarians" (00:04)

10. Omani Police Detain Chinese Tourist for SMS Phishing

Timestamp: [00:04]
Authorities in Oman have detained a Chinese tourist suspected of conducting SMS phishing operations. The individual allegedly used an SMS blaster device in her vehicle to send fraudulent text messages impersonating a local bank, aiming to deceive recipients into divulging sensitive financial information.

Claire Aird: "The woman allegedly drove around Oman's capital city Muscat, with an SMS blaster inside her car... impersonating a local bank" (00:04)

11. UK Cybersecurity Agency's New Vulnerability Research Program

Timestamp: [00:04]
The UK’s cybersecurity agency has initiated a program to integrate external security experts into its vulnerability research team. These experts will assist in auditing and testing critical government and infrastructure systems for potential vulnerabilities. Interested researchers are encouraged to apply via email.

Claire Aird: "The UK cybersecurity agency has launched a program to bring external security experts into its vulnerability research team" (00:04)

12. Settlement with Maryland IT Provider for Fraudulent Practices

Timestamp: [00:04]
Maryland-based IT provider Hill Associates has agreed to pay $14.75 million to resolve claims that it falsified information to secure U.S. government contracts. Between 2018 and 2023, the company was accused of billing federal agencies for cybersecurity and IT services that its employees were reportedly unqualified to deliver.

Claire Aird: "A Maryland IT provider has agreed to pay $14.75 million to settle claims that it lied to obtain US government contracts" (00:04)

13. Security Vulnerability in Broadcom Altiris Endpoint Management Platform

Timestamp: [00:04]
A critical vulnerability has been identified in Broadcom’s Altiris endpoint management platform, which allows remote attackers to execute malicious .NET code without authentication. Discovered by cybersecurity firm LRQA during a penetration test, Broadcom released patches to address the issue last month.

Claire Aird: "A vulnerability in the Broadcom Altiris endpoint management platform can allow attackers to run malicious code" (00:04)

14. CrowdStrike Appoints Chief Resilience Officer Amidst Major Outage

Timestamp: [00:04]
In the wake of a significant outage last year that disrupted over 8.5 million customer systems, cybersecurity firm CrowdStrike is hiring a Chief Resilience Officer. This executive will focus on enhancing the company’s engineering practices and will report directly to CEO George Kurtz.

Claire Aird: "Security firm CrowdStrike plans to hire a chief resilience officer... after major outage" (00:04)

15. Microsoft Enhances Windows 11 Security Features

Timestamp: [00:04]
Microsoft has introduced a new security feature in Windows 11 aimed at mitigating file system redirection attacks. The Redirection Guard prevents privileged processes from following junction redirects created by non-admin accounts. Currently in testing within Windows 11 Insider builds, this feature is opt-in and must be enabled for each application running with elevated privileges. Microsoft has proactively enabled it for three sensitive Windows processes.

Claire Aird: "Microsoft has added a new security feature to Windows 11 that will mitigate file system redirection attacks" (00:04)

Conclusion

This episode of Risky Bulletin highlights the evolving landscape of cybersecurity threats, ranging from sophisticated state-sponsored attacks to significant vulnerabilities in major corporations' systems. The discussions emphasize the critical need for robust security measures, proactive vulnerability management, and international cooperation to combat the ever-present cyber threats.

For more detailed insights and updates, listen to the full episode of Risky Bulletin.

Loading summary

Transcript2 lines

[00:04]
A
Salt Typhoon breaches a US state's National Guard, Ukrainian hackers wipe the servers of a Russian drone maker, the UK relocates Afghans caught up in a data leak and Microsoft outsources some US government work to China. This is the Risky bulletin prepared by Catalyn Kimpanu and read by me, Claire aird. Today is the 16th of July and this podcast episode is brought to you by Xero Networks. In today's top story, Chinese Apt Salt Typhoon has breached at least one US state's National Guard. A Pentagon memo seen by NBC News suggested the 2024 breach lasted for nine months. Attacks on a dozen U.S. and Canadian telcos have been attributed to Salt Typhoon, which is believed to be operated by China's Ministry of State Security. In other news, Microsoft is utilising Chinese engineers to manage and troubleshoot some US Defence Department systems. The Chinese engineers are indirectly granted access to sensitive US government networks through a digital escort. The US based staff relay problems to engineers in China who provide commands and troubleshooting to fix issues. One unnamed escort told ProPublica they lack the technical expertise to understand what the Chinese engineers are doing. Both current and former government officials have said they were not not aware of the scheme, which has been in place for nearly a decade. The British government relocated thousands of Afghans to the UK following a 2023 data leak at the Ministry of Defence. The breach exposed the personal information of more than 33,000 Afghan nationals who helped British troops during the Afghan war. According to The Guardian, the UK government has spent over 2 billion pounds since the breach to relocate more than 20,000 affected individuals. Two Ukrainian hacktivist groups have wiped IT systems at Russian UAV maker Gaskar. The BO team and the Ukrainian Cyber alliance claim to have stolen 47 terabytes of technical data before wiping servers and backups. The stolen data includes details on Russian drones and Gascar employees. The attack allegedly halted production at the company's facilities. The Russian government will deploy an AI based security system at its major airports. It's being developed by IT company Entec Lab, which is already subject to sanctions by the EU and the us. This system will aim to detect when passengers attempt to bypass security checks or enter restricted areas. The Dragon Force ransomware group has taken credit for breaching US retail chain Belk. The company's systems were taken offline for several days while it recovered from following the hack in May. The Dragon Force ransomware was also used in attacks against UK retail chains Co Op, Harrods and Marks and Spencer. Those incidents have been linked to the Scattered Spider Group hackers have stolen $3.5 million worth of cryptocurrency assets from Defi platform Arcadia Finance. The attackers used an exploit in the company's smart contracts. The funds were stolen from customer wallets rather than a shared pool managed by the platform. A 44 year old Romanian has been arrested in Italy for cyber attacks against local companies. The man is allegedly the leader of the Disc Station ransomware gang. Several of his accomplices were raided last June in Bucharest, but no charges were announced. The Disc Station group was involved in ransomware attacks against Synology NAS devices. Romanian and British Authorities have detained 14 suspects over a phishing campaign targeting the UK tax agency. Thirteen were arrested in Romania and one in the UK. The group used techniques such as phishing to obtain UK citizens data. They used that data to file fraudulent tax returns with His Majesty's Revenue and Customs. The group allegedly collected more than £1 million in fraudulent tax refunds. A Bulgarian cybersecurity expert has received a suspended nine month sentence for hacking the country's tax agency. Christian Boykoff hacked the agency in 2019. He was employed by cybersecurity firm TAD Group at the time. Boykoff leaked the database to reporters and was arrested a week later. The data included the personal details of more than 5 million Bulgarians. It was later leaked on hacking forums. Omani police have detained a Chinese tourist accused of SMS phishing. The woman allegedly drove around Oman's capital city Muscat, with an SMS blaster inside her car. She allegedly sent text messages impersonating a local bank. The UK cybersecurity agency has launched a program to bring external security experts into its vulnerability research team. The experts will help audit and test critical and government infrastructure for vulnerabilities. Interested researchers are being encouraged to apply via email. A Maryland IT provider has agreed to pay $14.75 million to settle claims that it lied to obtain US government contracts. According to the Department of Justice, the company, Hill Associates provided services to government agencies between 2018 and 2023. It was accused of billing federal agencies for cyber security and IT services that its employees were not trained to provide. A vulnerability in the Broadcom Altiris endpoint management platform can allow attackers to run malicious code. It allows remote attackers to deserialise and run malicious.net code without authentication. The vulnerability was discovered by cybersecurity company LRQA during a pen. Broadcom released patches last month. Security firm CrowdStrike plans to hire a chief resilience officer. The role's purpose will be to improve the company's engineering practices. The new hire will report directly to CEO George Kurtz. Last year, CrowdStrike caused a major outage that took down more than 8.5 million customer systems. And finally, Microsoft has added a new security feature to Windows 11 that will mitigate file system redirection attacks. It prevents privileged processes from following junction redirects created by non admin accounts. The redirection guard feature is currently being tested in Windows 11 Insider builds. The feature is opt in and must be enabled for each app that runs with elevated privileges. Microsoft has already enabled it for three sensitive Windows processors, and that is all for this podcast edition. Today's show was brought to you by Zero Networks. Find them@zeronetworks.com thanks to your company.
[07:01]
B
Sam.